| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank Trojaner fordert 20 TANs anWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.12.2014, 14:01
| #1 | |
| |  Deutsche Bank Trojaner fordert 20 TANs an Ich weiß, das Thema wurde hier schon öfter behandelt, ich konnte aber leider aus den anderen Threats keinen geeigneten Lösungsweg für mich ableiten und hoffe jemand von euch hat Zeit und Muße mir zu helfen. Vor kurzem kam beim Einloggen in das Deutsche Bank Portal direkt nach dem Login ein modales Popup das mich auffordert 20 TANs einzugeben. Dies habe ich nicht gemacht, mich mit meiner Bank verständigt und die PN erstmal sperren lassen und eine neue angefordert. In der Zwischenzeit habe ich mit MBAM, JRT, AdwCleaner und FRST alles gescannt und bereinigen lassen was gefunden wurde. Zusätzlich habe ich noch den AV-Scanner gewechselt, ist jetzt Panda Cloud Antivirus. Dieser hatte tatsächlich noch mal was gefunden und gelöscht. Als die neue PIN kam habe ich noch mal alle Tools durchlaufen lassen und es wurden keine bösen Sachen mehr gefunden. Als ich mich bei der DB eingeloggt habe kam dann aber doch wieder die Abfrage nach den TANs. Ich würde mich extrem freuen, wenn jemand von euch eine Idee hat was ich noch machen kann. Viele Grüße, Jan P.S.: Ich poste mal das MBAM-Log, welches die diversen Funde des ersten Scans zeigt. Ein aktueller Scan hat - wie gesagt - nichts zu Tage gefördert, deshalb lasse ich das Log dazu erstmal weg. Zitat:
|
|
11.12.2014, 14:23
| #2 |
| /// the machine /// TB-Ausbilder    |  Deutsche Bank Trojaner fordert 20 TANs an hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.12.2014, 14:29
| #3 |
| | Deutsche Bank Trojaner fordert 20 TANs an Hi,
__________________vielen Dank schon mal für die schnelle Reaktion  ))frst.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014
Ran by Monika (administrator) on MONIKA-PC on 11-12-2014 14:24:39
Running from C:\Users\Monika\Downloads
Loaded Profile: Monika (Available profiles: Monika)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Run: [monthly_reset_date] => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\windows_re.exe [392192 2013-09-08] ()
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-11] (Google Inc.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\MountPoints2: {b75edc14-c5f9-11df-a7c2-806e6f6e6963} - E:\START-BRIDGE-CD.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE409
SearchScopes: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE409
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\4br2ipug.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-04-23] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-11-06] (NewTech Infosystems, Inc.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 reverse_charge_vat; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\skydrive.exe [202752 2011-11-20] (Company 'gora-sah') [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 string; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\beneficiary_inn.exe [181248 2014-10-13] (Company 'gora-sah') [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 to_do; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\estimate_at_completion.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-11-24] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-11-24] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S1 iukcnvyo; \??\C:\Windows\system32\drivers\iukcnvyo.sys [X]
S1 meoswwaw; \??\C:\Windows\system32\drivers\meoswwaw.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 14:24 - 2014-12-11 14:24 - 00000000 ____D () C:\Users\Monika\Downloads\FRST-OlderVersion
2014-12-11 13:40 - 2014-12-11 13:42 - 00000000 ____D () C:\Users\Monika\Documents\_av
2014-12-11 12:43 - 2014-12-11 12:43 - 00059888 _____ () C:\Users\Monika\Downloads\Extras.Txt
2014-12-11 12:42 - 2014-12-11 12:42 - 00090812 _____ () C:\Users\Monika\Downloads\OTL.Txt
2014-12-11 12:31 - 2014-12-11 12:31 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Downloads\OTL.exe
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Panda Security
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Program Files\Panda Security
2014-12-09 12:15 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-12-09 12:14 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-09 12:12 - 2014-12-09 12:12 - 01329312 _____ () C:\Users\Monika\Downloads\PANDAFREEAV.exe
2014-12-08 18:56 - 2014-12-08 18:56 - 00000000 ____D () C:\Program Files\ESET
2014-12-08 18:55 - 2014-12-08 18:56 - 02347384 _____ (ESET) C:\Users\Monika\Downloads\esetsmartinstaller_deu.exe
2014-12-08 18:33 - 2014-12-08 18:35 - 00000000 ____D () C:\AdwCleaner
2014-12-08 18:33 - 2014-12-08 18:33 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 18:30 - 2014-12-08 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 18:29 - 2014-12-08 18:29 - 01707646 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-12-08 18:26 - 2014-12-08 18:26 - 00004861 _____ () C:\Users\Monika\Documents\mbam-08122014.txt
2014-12-08 18:12 - 2014-12-08 19:40 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Trash-remember
2014-12-08 17:53 - 2014-12-08 17:53 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-02 21:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Establishment_fire
2014-12-02 13:47 - 2014-12-02 13:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Blue-lock
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Lunchstay
2014-12-01 15:51 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Street-detailed
2014-12-01 12:41 - 2014-12-01 12:41 - 00002017 _____ () C:\Users\Monika\Documents\mbam-01122014.txt
2014-11-28 13:56 - 2014-12-02 18:38 - 00000018 _____ () C:\Windows\䌯尺䐀尺䔀尺
2014-11-27 12:24 - 2014-12-01 17:34 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Nlgvztmh
2014-11-27 11:55 - 2014-11-27 12:24 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Tsagmkr
2014-11-24 22:18 - 2014-11-24 22:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-24 22:17 - 2014-11-24 22:17 - 00004414 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-24 22:17 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-24 22:17 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-24 22:17 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-24 22:17 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-24 21:25 - 2014-12-11 14:25 - 00021792 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-11-24 21:21 - 2014-11-24 21:21 - 00001600 _____ () C:\EamClean.log
2014-11-24 20:32 - 2014-11-24 20:32 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Opera Software
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Local\Opera Software
2014-11-24 20:29 - 2014-12-11 14:24 - 00000000 ____D () C:\FRST
2014-11-24 20:27 - 2014-12-11 14:24 - 01111040 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-11-24 20:27 - 2014-11-24 21:35 - 00000000 ____D () C:\EEK
2014-11-24 19:59 - 2014-11-24 19:59 - 00000049 _____ () C:\Users\Monika\Documents\mbam-241114.txt
2014-11-24 19:47 - 2014-12-11 13:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 19:47 - 2014-12-08 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-12-08 17:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-11-24 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 19:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 19:39 - 2014-11-24 19:39 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-11-22 11:54 - 2014-11-24 20:46 - 00000018 _____ () C:\Windows\C˜užS
2014-11-19 09:48 - 2014-11-22 12:11 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Loader32
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 13:05 - 2014-11-18 08:39 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Java
2014-11-16 14:34 - 2014-11-16 14:34 - 00000000 ____D () C:\Users\Monika\Downloads\Samsung_ChannelListPCEditor_1.10
2014-11-15 14:20 - 2014-11-15 14:51 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Brgicqxlq
2014-11-15 11:17 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Java-out
2014-11-14 20:09 - 2014-11-19 10:30 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Avira64
2014-11-14 13:34 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Loader32-out
2014-11-14 09:23 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Run
2014-11-14 08:51 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Run-out
2014-11-14 08:50 - 2014-11-18 08:38 - 00000011 _____ () C:\Windows\ZL
2014-11-13 11:45 - 2014-11-15 14:20 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Qmuysugkp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 14:17 - 2012-07-16 08:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 14:00 - 2010-12-08 15:58 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 13:24 - 2010-09-22 04:33 - 01226328 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 12:32 - 2011-03-03 18:20 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-12-11 12:28 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 12:28 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 12:21 - 2012-07-13 11:36 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Spamihilator
2014-12-11 12:20 - 2010-12-08 15:58 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 12:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 12:20 - 2009-07-14 05:39 - 00093113 _____ () C:\Windows\setupact.log
2014-12-11 09:17 - 2012-07-16 08:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 09:17 - 2012-07-16 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:54 - 2012-02-14 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 13:56 - 2013-07-11 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 13:47 - 2012-04-10 21:08 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:20 - 2009-07-14 05:33 - 00370200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 12:15 - 2010-12-08 21:42 - 00089528 _____ () C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 12:14 - 2013-09-17 11:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-08 18:38 - 2010-09-22 04:30 - 00078914 _____ () C:\Windows\PFRO.log
2014-12-02 18:35 - 2012-04-28 11:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-01 17:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2014-11-28 14:23 - 2014-04-25 10:46 - 00000000 ____D () C:\Windows\Offline Address Books
2014-11-27 10:41 - 2014-10-19 12:07 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\System
2014-11-27 10:39 - 2014-10-20 18:05 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Win
2014-11-26 21:03 - 2011-03-03 18:22 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 22:18 - 2014-01-14 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 22:17 - 2011-06-19 11:04 - 00000000 ____D () C:\Program Files\Java
2014-11-24 20:39 - 2010-12-08 21:43 - 00001413 _____ () C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ___RD () C:\Program Files\Skype
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ____D () C:\ProgramData\Skype
2014-11-24 20:00 - 2014-10-13 10:10 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Wqytx
2014-11-24 20:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\SchCache
2014-11-24 19:40 - 2014-09-04 17:54 - 00000000 ____D () C:\ProgramData\xgepa
2014-11-24 14:04 - 2010-12-08 16:08 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-16 14:41 - 2010-05-11 05:29 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:00 - 2014-10-28 09:57 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Firefox32
2014-11-13 15:06 - 2014-10-18 23:01 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Update
2014-11-11 13:28 - 2014-10-31 14:03 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Adtrtjmkd
Some content of TEMP:
====================
C:\Users\Monika\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Monika\AppData\Local\Temp\Quarantine.exe
C:\Users\Monika\AppData\Local\Temp\sqlite3.dll
C:\Users\Monika\AppData\Local\Temp\{69520FAB-EA87-4483-8737-34F42E35FFC0}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-11 09:10
==================== End Of Log ============================
und die addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2014
Ran by Monika at 2014-12-11 14:25:20
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - Liteon)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0203.2010 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Backup Manager Advance (Version: 2.0.1.60 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
eBay Worldwide (HKLM\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Erfolgreich Reizen (HKLM\...\Erfolgreich Reizen) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grundtechniken des Alleinspiels (HKLM\...\Grundtechniken des Alleinspiels_is1) (Version: - )
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.75 - InterVideo Inc.) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 4.0.8 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\MyFreeCodec) (Version: - )
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spamihilator 1.5.0 (32-Bit) (HKLM\...\{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}) (Version: 1.5.0 - Michel Krämer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-463495802-3663640653-2969567870-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-463495802-3663640653-2969567870-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-463495802-3663640653-2969567870-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
20-11-2014 14:06:31 Windows Update
24-11-2014 07:42:29 Windows Update
24-11-2014 19:33:44 Revo Uninstaller's restore point - Ask Shopping Toolbar
24-11-2014 19:36:38 Revo Uninstaller's restore point - Ask Shopping Toolbar
24-11-2014 19:38:16 Revo Uninstaller's restore point - Google+ Auto Backup
24-11-2014 19:39:19 Revo Uninstaller's restore point - Opera Stable 26.0.1656.24
24-11-2014 21:16:21 Installed Java 7 Update 71
27-11-2014 09:44:23 Windows Update
30-11-2014 19:23:04 Windows Update
08-12-2014 17:01:35 Windows Update
10-12-2014 12:45:17 Windows Update
10-12-2014 20:47:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D2E3423-6499-45B7-B7C7-E7453E084BAF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {249C0AC4-B749-4F15-AA5D-50EB2F5E8EF3} - \{F990E36A-3509-48BD-A0AC-60B9A2D18885} No Task File <==== ATTENTION
Task: {31E83D29-E4F7-4F5C-9928-71A39628182E} - System32\Tasks\{650F3580-5514-4B8B-90A7-B891D234228E} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {32ADEA1F-EB0C-446B-B6DC-16F8E9217207} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {693A6BAF-05AF-420A-9AE7-6062F4F4CC9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {AE7DAAFC-60B2-4CEB-915C-20BDB850651B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-08-26 08:47 - 2013-08-26 08:47 - 01902592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\3c8c76a28c3b633e49ea9810ee3980f3\Kies.UI.ni.dll
2013-08-26 08:47 - 2013-08-26 08:47 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e97a40f17def386f5b5ea1d696bc7b19\Kies.MVVM.ni.dll
2013-08-26 08:47 - 2013-08-26 08:47 - 00188416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7e7d735afac254a62ad7ece44afea98c\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00366592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\d0e659fc0bcf3268411d4fda4563e2d3\DevicePhoto.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00300544 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\f35619320de705124c918055c94a97a2\DeviceVideo.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00616448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\e9bd84c5084f801ce7beec9094895755\DevicePodcast.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\fba11f594048dfcb347e0f716019286f\DummyStorePlugin.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 17281024 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ed89e37e0f0d4641b68c24b53bb72a72\Kies.Theme.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00581632 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f2688370e8d6866ea717cac42dc7662\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-08-26 08:47 - 2013-08-26 08:47 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\216a42533b0c2cffb4bcfefc20893e54\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00998912 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\8c788eba8c342bd4c56f6f2a9199d33a\DeviceCommonLib.ni.dll
2013-08-26 08:48 - 2013-08-26 08:48 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
2014-02-18 11:48 - 2014-02-18 11:48 - 00060416 _____ () C:\Program Files\Spamihilator\zlib1.dll
2014-02-18 11:48 - 2014-02-18 11:48 - 00279040 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2013-01-10 12:44 - 2013-01-10 12:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-05-11 05:42 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-02 13:47 - 2014-12-02 13:47 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avira64-process => C:\Users\Monika\AppData\Local\Avira64\avira64-process.exe
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: ehpzjsuj => C:\Users\Monika\AppData\Local\Qqebdjkdo\jlvmmnjsuj.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Monika\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: javasecure => C:\Users\Monika\AppData\Local\Java\javasecure.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: loader32option => C:\Users\Monika\AppData\Local\Loader32\loader32option.exe
MSCONFIG\startupreg: run-rundll64 => C:\Users\Monika\AppData\Roaming\Run\run-rundll64.exe
MSCONFIG\startupreg: runoutput32 => C:\Users\Monika\AppData\Local\Run\runoutput32.exe
MSCONFIG\startupreg: runsecure => C:\Users\Monika\AppData\Local\Run\runsecure.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: system32timer64 => C:\Users\Monika\AppData\Roaming\System32\system32timer64.exe
MSCONFIG\startupreg: systemrundll => C:\Users\Monika\AppData\Roaming\System\systemrundll.exe
MSCONFIG\startupreg: update-memory64 => C:\Users\Monika\AppData\Local\Temp\Update\update-memory64.exe
MSCONFIG\startupreg: winnetware => C:\Users\Monika\AppData\Roaming\Win\winnetware.exe
MSCONFIG\startupreg: wkislhan => C:\Users\Monika\AppData\Local\Temp\Syxg\oyqslhan.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-463495802-3663640653-2969567870-500 - Administrator - Disabled)
Gast (S-1-5-21-463495802-3663640653-2969567870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-463495802-3663640653-2969567870-1002 - Limited - Enabled)
Monika (S-1-5-21-463495802-3663640653-2969567870-1000 - Administrator - Enabled) => C:\Users\Monika
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2014 09:16:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/11/2014 09:11:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/11/2014 08:52:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7113.5000, Zeitstempel: 0x527d636c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (12/10/2014 09:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7113.5000, Zeitstempel: 0x527d636c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x1c50
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (12/08/2014 09:33:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 11.0.9.29, Zeitstempel: 0x5412b4b3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17206, Zeitstempel: 0x50e65f4f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000b06d
ID des fehlerhaften Prozesses: 0x15f0
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3
Error: (12/08/2014 09:09:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00046194
ID des fehlerhaften Prozesses: 0x804
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (12/08/2014 06:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02240218
ID des fehlerhaften Prozesses: 0x148
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (12/11/2014 00:21:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "contact_list" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2014 00:21:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "service_order_line" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2014 00:21:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/11/2014 08:48:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "contact_list" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2014 08:48:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "region" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2014 08:48:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/10/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "contact_list" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/10/2014 09:41:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (12/10/2014 01:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/10/2014 01:44:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.
Microsoft Office Sessions:
=========================
Error: (12/11/2014 09:16:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\gt-i8160p\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\gt-i8160p\Microsoft.VC90.CRT.MANIFEST11
Error: (12/11/2014 09:11:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (12/11/2014 08:52:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7113.5000527d636cunknown0.0.0.000000000c0000005000000018b001d015175a81d68aC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEunknown9e637e7c-810a-11e4-9910-88ae1d9e5e7b
Error: (12/10/2014 09:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7113.5000527d636cunknown0.0.0.000000000c0000005000000011c5001d014b9e684ed14C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEunknown2e495593-80ad-11e4-8b4c-88ae1d9e5e7b
Error: (12/08/2014 09:33:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe11.0.9.295412b4b3KERNELBASE.dll6.1.7600.1720650e65f4fc00000050000b06d15f001d013263d3d1b52C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exeC:\Windows\system32\KERNELBASE.dll7bd08bad-7f19-11e4-87a6-88ae1d9e5e7b
Error: (12/08/2014 09:09:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ntdll.dll6.1.7600.169154ec49cafc00000050004619480401d01316c283e55eC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll269874b0-7f16-11e4-87a6-88ae1d9e5e7b
Error: (12/08/2014 06:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3unknown0.0.0.000000000c00000050224021814801d0130ff05a60d1C:\Windows\Explorer.EXEunknown416ec38d-7f03-11e4-8c11-88ae1d9e5e7b
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 1782.71 MB
Available physical RAM: 772.72 MB
Total Pagefile: 3565.42 MB
Available Pagefile: 1808.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1861.88 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:138.95 GB) (Free:94.06 GB) NTFS
Drive d: (DATA) (Fixed) (Total:139.04 GB) (Free:138.83 GB) NTFS
Drive e: (EIN2009) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 299F7FD8)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=139 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Jan |
|
12.12.2014, 10:13
| #4 |
| /// the machine /// TB-Ausbilder | Deutsche Bank Trojaner fordert 20 TANs an hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.12.2014, 11:40
| #5 |
| | Deutsche Bank Trojaner fordert 20 TANs an Hier kommt die combofix.log: Code:
ATTFilter ComboFix 14-12-10.03 - Monika 12.12.2014 11:21:58.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1783.848 [GMT 1:00]
ausgeführt von:: c:\users\Monika\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\windows_re.exe
c:\users\Monika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80140443-8EF5-490B-8862-B7BCFE5FC7FD}.xps
c:\users\Monika\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEE5C29A-524B-4DBF-BE85-22077CBC6566}.xps
c:\users\Monika\AppData\Roaming\system32
c:\users\Monika\AppData\Roaming\win
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_handle
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-12 bis 2014-12-12 ))))))))))))))))))))))))))))))
.
.
2014-12-10 20:46 . 2014-11-17 01:08 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96A796EF-AC3A-4C89-A0F0-FC5EDA05C396}\mpengine.dll
2014-12-09 11:15 . 2014-03-25 13:15 48736 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-12-09 11:15 . 2014-12-09 11:15 -------- d-----w- c:\users\Monika\AppData\Roaming\Panda Security
2014-12-09 11:15 . 2014-12-09 11:15 -------- d-----w- c:\program files\Panda Security
2014-12-09 11:14 . 2014-12-09 11:15 -------- d-----w- c:\programdata\Panda Security
2014-12-08 17:56 . 2014-12-08 17:56 -------- d-----w- c:\program files\ESET
2014-12-08 17:33 . 2014-12-08 17:35 -------- d-----w- C:\AdwCleaner
2014-12-08 17:30 . 2014-12-08 17:30 -------- d-----w- c:\windows\ERUNT
2014-12-08 17:12 . 2014-12-08 18:40 -------- d--h--w- c:\users\Monika\AppData\Roaming\Trash-remember
2014-12-02 20:14 . 2014-12-08 17:35 -------- d--h--w- c:\users\Monika\AppData\Local\Establishment_fire
2014-12-02 08:14 . 2014-12-08 17:35 -------- d--h--w- c:\users\Monika\AppData\Roaming\Blue-lock
2014-12-02 08:14 . 2014-12-08 17:35 -------- d--h--w- c:\users\Monika\AppData\Local\Lunchstay
2014-12-01 14:51 . 2014-12-08 17:35 -------- d--h--w- c:\users\Monika\AppData\Roaming\Street-detailed
2014-11-27 11:24 . 2014-12-01 16:34 -------- d--h--w- c:\users\Monika\AppData\Roaming\Nlgvztmh
2014-11-27 10:55 . 2014-11-27 11:24 -------- d--h--w- c:\users\Monika\AppData\Roaming\Tsagmkr
2014-11-25 12:59 . 2014-11-25 12:59 18638520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 21:18 . 2014-11-24 21:18 -------- d-----w- c:\program files\Common Files\Java
2014-11-24 21:17 . 2014-09-26 17:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-24 19:32 . 2014-11-24 19:32 -------- d-----w- c:\program files\VS Revo Group
2014-11-24 19:31 . 2014-11-24 19:39 -------- d-----w- c:\users\Monika\AppData\Roaming\Opera Software
2014-11-24 19:31 . 2014-11-24 19:39 -------- d-----w- c:\users\Monika\AppData\Local\Opera Software
2014-11-24 19:29 . 2014-12-11 13:26 -------- d-----w- C:\FRST
2014-11-24 19:27 . 2014-11-24 20:35 -------- d-----w- C:\EEK
2014-11-24 18:47 . 2014-12-11 12:25 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-24 18:46 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-24 18:46 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-24 18:46 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-24 18:46 . 2014-12-08 16:53 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-11-24 18:46 . 2014-11-24 18:46 -------- d-----w- c:\programdata\Malwarebytes
2014-11-24 18:39 . 2014-11-24 18:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-11-19 08:48 . 2014-11-22 11:11 -------- d--h--w- c:\users\Monika\AppData\Roaming\Loader32
2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-17 12:05 . 2014-11-18 07:39 -------- d--h--w- c:\users\Monika\AppData\Roaming\Java
2014-11-15 13:20 . 2014-11-15 13:51 -------- d--h--w- c:\users\Monika\AppData\Roaming\Brgicqxlq
2014-11-15 10:17 . 2014-11-28 13:21 -------- d--h--w- c:\users\Monika\AppData\Local\Java-out
2014-11-14 19:09 . 2014-11-19 09:30 -------- d--h--w- c:\users\Monika\AppData\Roaming\Avira64
2014-11-14 12:34 . 2014-11-28 13:21 -------- d--h--w- c:\users\Monika\AppData\Local\Loader32-out
2014-11-14 08:23 . 2014-11-28 13:21 -------- d--h--w- c:\users\Monika\AppData\Roaming\Run
2014-11-14 07:51 . 2014-11-28 13:21 -------- d--h--w- c:\users\Monika\AppData\Local\Run-out
2014-11-13 10:45 . 2014-11-15 13:20 -------- d--h--w- c:\users\Monika\AppData\Roaming\Qmuysugkp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 08:17 . 2012-07-16 07:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 08:17 . 2012-07-16 07:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-24 13:04 . 2010-12-08 15:08 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-06 02:30 . 2014-12-10 12:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-10-13 20:04 . 2014-10-13 20:04 100112 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2014-10-13 20:04 . 2014-10-13 20:04 105232 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2014-10-13 20:04 . 2014-10-13 20:04 139536 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2014-10-02 14:16 . 2014-10-02 14:16 124688 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2014-10-02 14:16 . 2014-10-02 14:16 113936 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2014-10-02 14:16 . 2014-10-02 14:16 168208 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2014-09-15 00:42 . 2014-10-15 11:50 2377216 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 169496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-29 8493600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 715296]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"PSUAMain"="c:\program files\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-10-16 37624]
.
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2014-2-18 2024960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-5-11 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-09-12 09:43 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2010-03-08 23:56 260608 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-11 04:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R1 iukcnvyo;iukcnvyo;c:\windows\system32\drivers\iukcnvyo.sys [x]
R1 meoswwaw;meoswwaw;c:\windows\system32\drivers\meoswwaw.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R2 string;contact_list;c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\beneficiary_inn.exe [2014-10-13 181248]
R2 to_do;code_of_conduct;c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\estimate_at_completion.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2014-11-23 50200]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-22 189784]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-26 1343400]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\BIN\a2ddax86.sys [2014-11-23 22056]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2014-06-04 88992]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2014-06-18 166816]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2014-06-04 110624]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2014-06-04 125216]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2014-01-16 40192]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2014-06-04 96160]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2014-06-04 61984]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2014-06-04 121888]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2014-06-04 288032]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2014-06-04 208800]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2014-06-04 109856]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2014-06-04 244000]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2014-06-04 96928]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2014-10-02 168208]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 735776]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Security Protection\PSANHost.exe [2014-10-13 142072]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-09 66808]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2014-10-13 139536]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2014-10-13 105232]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2014-10-02 113936]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2014-10-02 124688]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2014-10-13 100112]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Security Protection\PSUAService.exe [2014-10-16 38136]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2014-03-25 48736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 20:00 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 08:17]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 08:49]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 08:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\4br2ipug.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-monthly_reset_date - c:\program files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\windows_re.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-avira64-process - c:\users\Monika\AppData\Local\Avira64\avira64-process.exe
MSConfigStartUp-ehpzjsuj - c:\users\Monika\AppData\Local\Qqebdjkdo\jlvmmnjsuj.exe
MSConfigStartUp-Google+ Auto Backup - c:\users\Monika\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
MSConfigStartUp-javasecure - c:\users\Monika\AppData\Local\Java\javasecure.exe
MSConfigStartUp-loader32option - c:\users\Monika\AppData\Local\Loader32\loader32option.exe
MSConfigStartUp-run-rundll64 - c:\users\Monika\AppData\Roaming\Run\run-rundll64.exe
MSConfigStartUp-runoutput32 - c:\users\Monika\AppData\Local\Run\runoutput32.exe
MSConfigStartUp-runsecure - c:\users\Monika\AppData\Local\Run\runsecure.exe
MSConfigStartUp-system32timer64 - c:\users\Monika\AppData\Roaming\System32\system32timer64.exe
MSConfigStartUp-systemrundll - c:\users\Monika\AppData\Roaming\System\systemrundll.exe
MSConfigStartUp-update-memory64 - c:\users\Monika\AppData\Local\Temp\Update\update-memory64.exe
MSConfigStartUp-winnetware - c:\users\Monika\AppData\Roaming\Win\winnetware.exe
MSConfigStartUp-wkislhan - c:\users\Monika\AppData\Local\Temp\Syxg\oyqslhan.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-12 11:36:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-12 10:36
.
Vor Suchlauf: 12 Verzeichnis(se), 101.600.092.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 101.975.093.248 Bytes frei
.
- - End Of File - - 67E4F4EE5BE236CBA39715031F8ACA8A
A36C5E4F47E84449FF07ED3517B43A31
Jan |
|
13.12.2014, 08:13
| #6 |
| /// the machine /// TB-Ausbilder | Deutsche Bank Trojaner fordert 20 TANs an Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Deutsche Bank Trojaner fordert 20 TANs an |
|
13.12.2014, 13:25
| #7 |
| | Deutsche Bank Trojaner fordert 20 TANs an Hier kommen die Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.12.2014 Suchlauf-Zeit: 12:51:00 Logdatei: mbam-131214.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.13.03 Rootkit Datenbank: v2014.12.08.03 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Monika Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313399 Verstrichene Zeit: 9 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 13/12/2014 um 13:06:26
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.2 [Live]
# Betriebssystem : Windows 7 Professional (32 bits)
# Benutzername : Monika - MONIKA-PC
# Gestartet von : C:\Users\Monika\Downloads\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
-\\ Mozilla Firefox v34.0 (x86 de)
-\\ Google Chrome v39.0.2171.71
*************************
AdwCleaner[R0].txt - [2870 octets] - [08/12/2014 18:33:11]
AdwCleaner[R1].txt - [1394 octets] - [13/12/2014 13:04:36]
AdwCleaner[S0].txt - [2949 octets] - [08/12/2014 18:35:10]
AdwCleaner[S1].txt - [1315 octets] - [13/12/2014 13:06:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1375 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x86
Ran by Monika on 13.12.2014 at 13:09:10,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2014 at 13:11:39,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Monika (administrator) on MONIKA-PC on 13-12-2014 13:15:06
Running from C:\Users\Monika\Downloads
Loaded Profile: Monika (Available profiles: Monika)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Acer Incoporated) C:\Program Files\Acer\Acer VCM\VC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-11] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE409
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\4br2ipug.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-04-23] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-11-06] (NewTech Infosystems, Inc.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 string; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\beneficiary_inn.exe [181248 2014-10-13] (Company 'gora-sah') [File not signed]
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 to_do; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\estimate_at_completion.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-11-24] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-11-24] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S3 catchme; \??\C:\Users\Monika\AppData\Local\Temp\catchme.sys [X]
S1 iukcnvyo; \??\C:\Windows\system32\drivers\iukcnvyo.sys [X]
S1 meoswwaw; \??\C:\Windows\system32\drivers\meoswwaw.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-13 13:14 - 2014-12-13 13:14 - 00000626 _____ () C:\Users\Monika\Documents\JRT-131214.txt
2014-12-13 13:11 - 2014-12-13 13:11 - 00000626 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-12-13 13:04 - 2014-12-13 13:04 - 02166272 _____ () C:\Users\Monika\Downloads\AdwCleaner_4.105.exe
2014-12-13 13:01 - 2014-12-13 13:01 - 00001195 _____ () C:\Users\Monika\Documents\mbam-131214.txt
2014-12-12 11:36 - 2014-12-12 11:36 - 00019085 _____ () C:\ComboFix.txt
2014-12-12 11:19 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 11:19 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 11:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 11:18 - 2014-12-12 11:36 - 00000000 ____D () C:\Qoobox
2014-12-12 11:17 - 2014-12-12 11:35 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 11:15 - 2014-12-12 11:15 - 05600944 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2014-12-11 14:25 - 2014-12-11 14:26 - 00029725 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-12-11 14:24 - 2014-12-13 13:15 - 00000000 ____D () C:\Users\Monika\Downloads\FRST-OlderVersion
2014-12-11 13:40 - 2014-12-11 13:42 - 00000000 ____D () C:\Users\Monika\Documents\_av
2014-12-11 12:43 - 2014-12-11 12:43 - 00059888 _____ () C:\Users\Monika\Downloads\Extras.Txt
2014-12-11 12:42 - 2014-12-11 12:42 - 00090812 _____ () C:\Users\Monika\Downloads\OTL.Txt
2014-12-11 12:31 - 2014-12-11 12:31 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Downloads\OTL.exe
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Panda Security
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Program Files\Panda Security
2014-12-09 12:15 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-12-09 12:14 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-09 12:12 - 2014-12-09 12:12 - 01329312 _____ () C:\Users\Monika\Downloads\PANDAFREEAV.exe
2014-12-08 18:56 - 2014-12-08 18:56 - 00000000 ____D () C:\Program Files\ESET
2014-12-08 18:55 - 2014-12-08 18:56 - 02347384 _____ (ESET) C:\Users\Monika\Downloads\esetsmartinstaller_deu.exe
2014-12-08 18:33 - 2014-12-13 13:06 - 00000000 ____D () C:\AdwCleaner
2014-12-08 18:33 - 2014-12-08 18:33 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 18:30 - 2014-12-08 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 18:29 - 2014-12-08 18:29 - 01707646 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-12-08 18:26 - 2014-12-08 18:26 - 00004861 _____ () C:\Users\Monika\Documents\mbam-08122014.txt
2014-12-08 18:12 - 2014-12-08 19:40 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Trash-remember
2014-12-08 17:53 - 2014-12-08 17:53 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-02 21:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Establishment_fire
2014-12-02 13:47 - 2014-12-02 13:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Blue-lock
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Lunchstay
2014-12-01 15:51 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Street-detailed
2014-12-01 12:41 - 2014-12-01 12:41 - 00002017 _____ () C:\Users\Monika\Documents\mbam-01122014.txt
2014-11-28 13:56 - 2014-12-02 18:38 - 00000018 _____ () C:\Windows\䌯尺䐀尺䔀尺
2014-11-27 12:24 - 2014-12-01 17:34 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Nlgvztmh
2014-11-27 11:55 - 2014-11-27 12:24 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Tsagmkr
2014-11-24 22:18 - 2014-11-24 22:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-24 22:17 - 2014-11-24 22:17 - 00004414 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-24 22:17 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-24 22:17 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-24 22:17 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-24 22:17 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-24 21:25 - 2014-12-13 13:15 - 00017717 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-11-24 21:21 - 2014-11-24 21:21 - 00001600 _____ () C:\EamClean.log
2014-11-24 20:32 - 2014-11-24 20:32 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Opera Software
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Local\Opera Software
2014-11-24 20:29 - 2014-12-13 13:15 - 00000000 ____D () C:\FRST
2014-11-24 20:27 - 2014-12-13 13:15 - 01111552 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-11-24 20:27 - 2014-11-24 21:35 - 00000000 ____D () C:\EEK
2014-11-24 19:59 - 2014-11-24 19:59 - 00000049 _____ () C:\Users\Monika\Documents\mbam-241114.txt
2014-11-24 19:47 - 2014-12-13 12:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 19:47 - 2014-12-08 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-12-08 17:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-11-24 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 19:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 19:39 - 2014-11-24 19:39 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-11-22 11:54 - 2014-11-24 20:46 - 00000018 _____ () C:\Windows\C˜užS
2014-11-19 09:48 - 2014-11-22 12:11 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Loader32
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 13:05 - 2014-11-18 08:39 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Java
2014-11-16 14:34 - 2014-11-16 14:34 - 00000000 ____D () C:\Users\Monika\Downloads\Samsung_ChannelListPCEditor_1.10
2014-11-15 14:20 - 2014-11-15 14:51 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Brgicqxlq
2014-11-15 11:17 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Java-out
2014-11-14 20:09 - 2014-11-19 10:30 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Avira64
2014-11-14 13:34 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Loader32-out
2014-11-14 09:23 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Run
2014-11-14 08:51 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Run-out
2014-11-14 08:50 - 2014-11-18 08:38 - 00000011 _____ () C:\Windows\ZL
2014-11-13 11:45 - 2014-11-15 14:20 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Qmuysugkp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-13 13:15 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 13:15 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 13:08 - 2011-03-03 18:20 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-12-13 13:07 - 2012-07-13 11:36 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Spamihilator
2014-12-13 13:07 - 2010-12-08 15:58 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 13:07 - 2010-09-22 04:30 - 00080342 _____ () C:\Windows\PFRO.log
2014-12-13 13:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 13:07 - 2009-07-14 05:39 - 00093281 _____ () C:\Windows\setupact.log
2014-12-13 13:06 - 2010-09-22 04:33 - 01276399 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 13:00 - 2010-12-08 15:58 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 12:39 - 2012-07-16 08:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-12 11:36 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-12 11:36 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-12 11:32 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 11:30 - 2009-07-14 03:03 - 48758784 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-11 09:17 - 2012-07-16 08:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 09:17 - 2012-07-16 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:54 - 2012-02-14 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 13:56 - 2013-07-11 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 13:47 - 2012-04-10 21:08 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:20 - 2009-07-14 05:33 - 00370200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 12:15 - 2010-12-08 21:42 - 00089528 _____ () C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 12:14 - 2013-09-17 11:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-02 18:35 - 2012-04-28 11:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-01 17:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2014-11-28 14:23 - 2014-04-25 10:46 - 00000000 ____D () C:\Windows\Offline Address Books
2014-11-27 10:41 - 2014-10-19 12:07 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\System
2014-11-26 21:03 - 2011-03-03 18:22 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 22:18 - 2014-01-14 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 22:17 - 2011-06-19 11:04 - 00000000 ____D () C:\Program Files\Java
2014-11-24 20:39 - 2010-12-08 21:43 - 00001413 _____ () C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ___RD () C:\Program Files\Skype
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ____D () C:\ProgramData\Skype
2014-11-24 20:00 - 2014-10-13 10:10 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Wqytx
2014-11-24 20:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\SchCache
2014-11-24 19:40 - 2014-09-04 17:54 - 00000000 ____D () C:\ProgramData\xgepa
2014-11-24 14:04 - 2010-12-08 16:08 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-16 14:41 - 2010-05-11 05:29 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:00 - 2014-10-28 09:57 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Firefox32
2014-11-13 15:06 - 2014-10-18 23:01 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Update
Some content of TEMP:
====================
C:\Users\Monika\AppData\Local\temp\Quarantine.exe
C:\Users\Monika\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-11 09:10
==================== End Of Log ============================
Dank und Gruß, Jan |
|
14.12.2014, 11:21
| #8 |
| /// the machine /// TB-Ausbilder | Deutsche Bank Trojaner fordert 20 TANs anESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2014, 14:06
| #9 |
| | Deutsche Bank Trojaner fordert 20 TANs an Hi Schrauber, ich bin unsicher, da immer wieder Funde vorkommen (ESET hat wieder 13 Sachen gefunden). Wie ist deine Einschätzung? System sauber oder bleibt doch nur die Neu-Installation? Gruß, Jan ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23d0bd00eae487489afd11da8e93b36a
# engine=21455
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-08 06:40:58
# local_time=2014-12-08 07:40:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5951981 59373774 0 0
# scanned=149429
# found=13
# cleaned=13
# scan_time=2328
sh=D6F94B1871530A6EF98497D271361846FAF3BBAD ft=1 fh=d2bcd4d29b8ee665 vn="Variante von Win32/Kryptik.CNRL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$RGHQ6T6"
sh=85B164347FCE41DAD11F6EF68F60D2408EB5DDD4 ft=1 fh=1861a042f386dfd9 vn="Variante von Win32/Kryptik.CNRL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$RYB3SDR"
sh=CFD98C4B8C24341E2B29F973D01135FEE1D573D6 ft=1 fh=525f28b570d9bab5 vn="Win32/Trustezeb.K Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$RUUK47K\band-egg.exe"
sh=45D63339263FA91E626D85B1DB0C7D40D99A20B5 ft=1 fh=4c1af4408ed602d1 vn="Variante von Win32/Kryptik.CRWB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer ePower Management\fi\administrator_account\desktop.exe"
sh=D56127EF6C93EFED4A0F298E96A74F25256B0A3D ft=1 fh=81beb9f8ed866919 vn="Variante von Win32/Kryptik.CRHV Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\nl\element\on_hold.exe"
sh=2AA1A3307070C89683492E5F3738240AB57E03B0 ft=1 fh=33147ff9aa816ed8 vn="Variante von Win32/Kryptik.CRON Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\business_phone.exe"
sh=0A847D5BC09509A15941BD4D56B5C1D63DE72DC6 ft=1 fh=6bcc92833ff32ea9 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\geolocation.exe"
sh=08E2BDD9B6F94CD9591C96C2E88F34DAB3077D41 ft=1 fh=009e301b0a7b97cf vn="Variante von Win32/Kryptik.CRON Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\troubleshooting.exe"
sh=EB7033A495885DFA5ED2CA38D90CE7C35D15E8D1 ft=1 fh=3fbd4a795058499c vn="Win32/Trustezeb.K Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\AppData\Roaming\Trash-remember\trash_discount.exe"
sh=6E1FD8CD4EDCE2D6889452819D0BF392A93AE632 ft=1 fh=4cc50958737d5dd3 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\Downloads\Babylon10_setup.exe"
sh=1FE1496E763596D444EF52A3CB633C3314185A86 ft=1 fh=71669897efeb0377 vn="Variante von Win32/InstallCore.QF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\Downloads\revosetup_CB-DL-Manager.exe"
sh=9BA02098E10F0B9B23834A6126D4463334D6D3E7 ft=1 fh=8a5a2b6abdfed75b vn="Variante von Win32/Kryptik.CRWB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\tap_and_send\history.exe"
sh=2BE57F9F4C71B04B5AD92573A980AAAD44209D8C ft=1 fh=b682c37eb5ce9df9 vn="Variante von Win32/Kryptik.CRON Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\estimate_at_completion.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23d0bd00eae487489afd11da8e93b36a
# engine=21458
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-08 08:11:07
# local_time=2014-12-08 09:11:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5957390 59379183 0 0
# scanned=149430
# found=10
# cleaned=10
# scan_time=4173
sh=33B39340FB687CEBFA08947192B54B0CFDBF429E ft=1 fh=830eb50ef64849a4 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$R4ZD725.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$R5D07LU.dll"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$R9HNKPZ.tmp"
sh=657B2D7CB4638B23FE1A74614AEC70CF96EF430A ft=1 fh=a64ebc25a0216a8b vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$RS0OK7C.exe"
sh=AADF0D01571CDF323227B5C5880B76F5AD026A35 ft=1 fh=c356f278a69be97c vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-463495802-3663640653-2969567870-1000\$RU38AL3.exe"
sh=37381F388BAE1EDBAC14E32FF3277F224AF74188 ft=1 fh=bc860133a238d9e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\Downloads\avira_free_antivirus_de(1).exe"
sh=08BF6F871199BCDB95F0361EC920DF406BD3597A ft=1 fh=c0776f02905eb6da vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\Downloads\avira_free_antivirus_de(2).exe"
sh=37381F388BAE1EDBAC14E32FF3277F224AF74188 ft=1 fh=bc860133a238d9e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Monika\Downloads\avira_free_antivirus_de.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RL4I994L\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\AskSLib.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23d0bd00eae487489afd11da8e93b36a
# engine=21545
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-14 12:39:20
# local_time=2014-12-14 01:39:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 280244 204756734 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 92824 170191951 0 0
# scanned=121366
# found=13
# cleaned=13
# scan_time=3242
sh=0DB9E3B6EFC4DCEC0ACC873B180120A0FE8565CC ft=1 fh=d0ad3bfaa4c5777c vn="Variante von Win32/Kryptik.CSUZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\document_service\precision_touchpad.exe"
sh=BC158E7A956FF746FDF7EA98EF7125E7FFC28E7F ft=1 fh=a05dc9e200a78c78 vn="Variante von Win32/Kryptik.CSRH Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\document_service\purchase_at_download.exe"
sh=057D361F360DFE747633F9E7B6CDDE8E23723387 ft=1 fh=f8965e369b95a254 vn="Variante von Win32/Kryptik.CSLY Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\document_service\sign_in_information.exe"
sh=0DB9E3B6EFC4DCEC0ACC873B180120A0FE8565CC ft=1 fh=d0ad3bfaa4c5777c vn="Variante von Win32/Kryptik.CSUZ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\document_service\top_result.exe"
sh=B7575D6FD6BF2CA025FDD1A18D59197CA6BC74FE ft=1 fh=37df7eee943b35a1 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\extract.exe"
sh=B7575D6FD6BF2CA025FDD1A18D59197CA6BC74FE ft=1 fh=37df7eee943b35a1 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\recycle_bin.exe"
sh=9D98D33C35349A6346E43C9608C1D43D10A03208 ft=1 fh=60ae35a33b43be24 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\all_rights_reserved_.exe"
sh=9D98D33C35349A6346E43C9608C1D43D10A03208 ft=1 fh=60ae35a33b43be24 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\everyone.exe"
sh=7F548C8CDAFEC968FE651D83E93201DC004A271B ft=1 fh=468d05d8208f606a vn="Variante von Win32/Kryptik.CSOA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\shared_notes\windows_store_app.exe"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=D6D3D0D4D0968998832FA1CC5391953DF582E70E ft=1 fh=72ba5cd1b9bfdb90 vn="Variante von Win32/Kryptik.CSRW Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files\Acer\Acer eRecovery Management\NotificationCenter\el\latest_version\windows_re.exe.vir"
sh=F2151CFA82BA2CDC320922D7410CDAA359B4F6F9 ft=1 fh=1749a9ce6c719aa4 vn="Variante von Win32/Kryptik.CSOA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\beneficiary_inn.exe"
sh=B3D7575EEFAD30D84D84E8370872DBB5721D5DAF ft=1 fh=62eaaa51e454b7dc vn="Variante von Win32/Kryptik.CSUE Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\contact_list.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.91
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Panda Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 6 Update 26
Java 7 Update 71
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.246
Adobe Reader XI
Mozilla Firefox (34.0)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Monika (administrator) on MONIKA-PC on 14-12-2014 13:50:45
Running from C:\Users\Monika\Downloads
Loaded Profile: Monika (Available profiles: Monika)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incoporated) C:\Program Files\Acer\Acer VCM\VC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Monika\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-11] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_5740&r=27051210l315l04e4z235x5712m600
HKU\S-1-5-21-463495802-3663640653-2969567870-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE409
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-463495802-3663640653-2969567870-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\4br2ipug.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-04-23] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-11-06] (NewTech Infosystems, Inc.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 string; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\beneficiary_inn.exe [X]
S2 to_do; C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\postmaster\estimate_at_completion.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-11-24] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-11-24] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S3 catchme; \??\C:\Users\Monika\AppData\Local\Temp\catchme.sys [X]
S1 iukcnvyo; \??\C:\Windows\system32\drivers\iukcnvyo.sys [X]
S1 meoswwaw; \??\C:\Windows\system32\drivers\meoswwaw.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 13:42 - 2014-12-14 13:42 - 00852490 _____ () C:\Users\Monika\Desktop\SecurityCheck.exe
2014-12-13 13:14 - 2014-12-13 13:14 - 00000626 _____ () C:\Users\Monika\Documents\JRT-131214.txt
2014-12-13 13:11 - 2014-12-13 13:11 - 00000626 _____ () C:\Users\Monika\Desktop\JRT.txt
2014-12-13 13:04 - 2014-12-13 13:04 - 02166272 _____ () C:\Users\Monika\Downloads\AdwCleaner_4.105.exe
2014-12-13 13:01 - 2014-12-13 13:01 - 00001195 _____ () C:\Users\Monika\Documents\mbam-131214.txt
2014-12-12 11:36 - 2014-12-12 11:36 - 00019085 _____ () C:\ComboFix.txt
2014-12-12 11:19 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 11:19 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 11:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 11:19 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 11:18 - 2014-12-12 11:36 - 00000000 ____D () C:\Qoobox
2014-12-12 11:17 - 2014-12-12 11:35 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 11:15 - 2014-12-12 11:15 - 05600944 ____R (Swearware) C:\Users\Monika\Desktop\ComboFix.exe
2014-12-11 14:25 - 2014-12-11 14:26 - 00029725 _____ () C:\Users\Monika\Downloads\Addition.txt
2014-12-11 14:24 - 2014-12-13 13:15 - 00000000 ____D () C:\Users\Monika\Downloads\FRST-OlderVersion
2014-12-11 13:40 - 2014-12-11 13:42 - 00000000 ____D () C:\Users\Monika\Documents\_av
2014-12-11 12:43 - 2014-12-11 12:43 - 00059888 _____ () C:\Users\Monika\Downloads\Extras.Txt
2014-12-11 12:42 - 2014-12-11 12:42 - 00090812 _____ () C:\Users\Monika\Downloads\OTL.Txt
2014-12-11 12:31 - 2014-12-11 12:31 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Downloads\OTL.exe
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Panda Security
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-12-09 12:15 - 2014-12-09 12:15 - 00000000 ____D () C:\Program Files\Panda Security
2014-12-09 12:15 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-12-09 12:14 - 2014-12-09 12:15 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-09 12:12 - 2014-12-09 12:12 - 01329312 _____ () C:\Users\Monika\Downloads\PANDAFREEAV.exe
2014-12-08 18:56 - 2014-12-08 18:56 - 00000000 ____D () C:\Program Files\ESET
2014-12-08 18:55 - 2014-12-08 18:56 - 02347384 _____ (ESET) C:\Users\Monika\Downloads\esetsmartinstaller_deu.exe
2014-12-08 18:33 - 2014-12-13 13:06 - 00000000 ____D () C:\AdwCleaner
2014-12-08 18:33 - 2014-12-08 18:33 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 18:30 - 2014-12-08 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 18:29 - 2014-12-08 18:29 - 01707646 _____ (Thisisu) C:\Users\Monika\Downloads\JRT.exe
2014-12-08 18:26 - 2014-12-08 18:26 - 00004861 _____ () C:\Users\Monika\Documents\mbam-08122014.txt
2014-12-08 18:12 - 2014-12-08 19:40 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Trash-remember
2014-12-08 17:53 - 2014-12-08 17:53 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-02 21:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Establishment_fire
2014-12-02 13:47 - 2014-12-02 13:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Blue-lock
2014-12-02 09:14 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Lunchstay
2014-12-01 15:51 - 2014-12-08 18:35 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Street-detailed
2014-12-01 12:41 - 2014-12-01 12:41 - 00002017 _____ () C:\Users\Monika\Documents\mbam-01122014.txt
2014-11-28 13:56 - 2014-12-02 18:38 - 00000018 _____ () C:\Windows\䌯尺䐀尺䔀尺
2014-11-27 12:24 - 2014-12-01 17:34 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Nlgvztmh
2014-11-27 11:55 - 2014-11-27 12:24 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Tsagmkr
2014-11-24 22:18 - 2014-11-24 22:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-24 22:17 - 2014-11-24 22:17 - 00004414 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-24 22:17 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-24 22:17 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-24 22:17 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-24 22:17 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-24 21:25 - 2014-12-14 13:50 - 00018249 _____ () C:\Users\Monika\Downloads\FRST.txt
2014-11-24 21:21 - 2014-11-24 21:21 - 00001600 _____ () C:\EamClean.log
2014-11-24 20:32 - 2014-11-24 20:32 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Opera Software
2014-11-24 20:31 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Monika\AppData\Local\Opera Software
2014-11-24 20:29 - 2014-12-14 13:50 - 00000000 ____D () C:\FRST
2014-11-24 20:27 - 2014-12-13 13:15 - 01111552 _____ (Farbar) C:\Users\Monika\Downloads\FRST.exe
2014-11-24 20:27 - 2014-11-24 21:35 - 00000000 ____D () C:\EEK
2014-11-24 19:59 - 2014-11-24 19:59 - 00000049 _____ () C:\Users\Monika\Documents\mbam-241114.txt
2014-11-24 19:47 - 2014-12-13 12:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 19:47 - 2014-12-08 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-12-08 17:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-24 19:46 - 2014-11-24 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 19:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 19:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 19:39 - 2014-11-24 19:39 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-11-22 11:54 - 2014-11-24 20:46 - 00000018 _____ () C:\Windows\C˜užS
2014-11-19 09:48 - 2014-11-22 12:11 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Loader32
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-11-17 13:05 - 2014-11-18 08:39 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Java
2014-11-16 14:34 - 2014-11-16 14:34 - 00000000 ____D () C:\Users\Monika\Downloads\Samsung_ChannelListPCEditor_1.10
2014-11-15 14:20 - 2014-11-15 14:51 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Brgicqxlq
2014-11-15 11:17 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Java-out
2014-11-14 20:09 - 2014-11-19 10:30 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Avira64
2014-11-14 13:34 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Loader32-out
2014-11-14 09:23 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Run
2014-11-14 08:51 - 2014-11-28 14:21 - 00000000 ___HD () C:\Users\Monika\AppData\Local\Run-out
2014-11-14 08:50 - 2014-11-18 08:38 - 00000011 _____ () C:\Windows\ZL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 13:41 - 2011-03-03 18:22 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 13:41 - 2011-03-03 18:20 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Skype
2014-12-14 13:32 - 2010-12-08 15:58 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 13:26 - 2010-09-22 04:33 - 01289414 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 13:23 - 2012-07-16 08:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 12:49 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 12:49 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 12:41 - 2012-07-13 11:36 - 00000000 ____D () C:\Users\Monika\AppData\Roaming\Spamihilator
2014-12-14 12:40 - 2010-12-08 15:58 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 12:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 12:40 - 2009-07-14 05:39 - 00093337 _____ () C:\Windows\setupact.log
2014-12-13 13:07 - 2010-09-22 04:30 - 00080342 _____ () C:\Windows\PFRO.log
2014-12-12 11:36 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-12 11:36 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-12 11:32 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 11:30 - 2009-07-14 03:03 - 48758784 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-12 11:30 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-11 09:17 - 2012-07-16 08:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 09:17 - 2012-07-16 08:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 21:54 - 2012-02-14 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 13:56 - 2013-07-11 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 13:47 - 2012-04-10 21:08 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 13:20 - 2009-07-14 05:33 - 00370200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 12:15 - 2010-12-08 21:42 - 00089528 _____ () C:\Users\Monika\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 12:14 - 2013-09-17 11:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-02 18:35 - 2012-04-28 11:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-01 17:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\TAPI
2014-11-28 14:23 - 2014-04-25 10:46 - 00000000 ____D () C:\Windows\Offline Address Books
2014-11-27 10:41 - 2014-10-19 12:07 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\System
2014-11-24 22:18 - 2014-01-14 20:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-24 22:17 - 2011-06-19 11:04 - 00000000 ____D () C:\Program Files\Java
2014-11-24 20:39 - 2010-12-08 21:43 - 00001413 _____ () C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ___RD () C:\Program Files\Skype
2014-11-24 20:03 - 2011-03-03 18:20 - 00000000 ____D () C:\ProgramData\Skype
2014-11-24 20:00 - 2014-10-13 10:10 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Wqytx
2014-11-24 20:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\SchCache
2014-11-24 19:40 - 2014-09-04 17:54 - 00000000 ____D () C:\ProgramData\xgepa
2014-11-24 14:04 - 2010-12-08 16:08 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-16 14:41 - 2010-05-11 05:29 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:00 - 2014-10-28 09:57 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Firefox32
2014-11-15 14:20 - 2014-11-13 11:45 - 00000000 ___HD () C:\Users\Monika\AppData\Roaming\Qmuysugkp
Some content of TEMP:
====================
C:\Users\Monika\AppData\Local\temp\Quarantine.exe
C:\Users\Monika\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-11 09:10
==================== End Of Log ============================
|
|
14.12.2014, 20:39
| #10 |
| /// the machine /// TB-Ausbilder | Deutsche Bank Trojaner fordert 20 TANs an Jap, Neuinstallation und alle Passwörter und Zugänge ändern. Sieht nach Fileinfector aus, auf jeden Fall Password Stealer.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
