| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Telekom Abuse Team, Infektion: genericWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.02.2015, 22:12
| #1 |
| |  Telekom Abuse Team, Infektion: generic Hallo, ich habe vor kurzem einen Brief sowie 2 Mails vom Telekom-Abuse-Team erhalten mit folgendem Text: Code:
ATTFilter Sehr geehrte Kundin,
sehr geehrter Kunde,
uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein
Rechner, der sich über Ihren Internetzugang mit dem Internet verbindet,
mit einem Virus/Trojaner infiziert ist.
Die folgende IP-Adresse war zu dem genannten Zeitpunkt Ihnen zugeordnet:
IP-Adresse: XXXXXXXXXXXXX
Zeitangabe: 16.02.2015, 15:54:50 (MEZ)
Infektion: generic
Wir empfehlen Ihnen jetzt folgende Schritte:
1. Bitte stellen Sie sicher, dass Ihr Computer frei von Viren und
Trojanern ist. Verwenden Sie hierzu bitte eine Schutzsoftware Ihrer
Wahl.
2. Ändern Sie dann alle Passwörter:
- das 'Persönliche Kennwort' (für die Einwahl ins Internet)
- das 'Passwort' (für das E-Mail- und Kundencenter)
- das 'E-Mail-Passwort' (für E-Mail Programme, wie z.B. Microsoft
Outlook)
für die Dienste der Deutschen Telekom. Dies können Sie zentral im
Kundencenter unter
https://kundencenter.telekom.de/kundencenter/kundendaten/passwoerter
tätigen. Vergessen Sie nicht etwaige Passwörter für Onlinebanking,
eBay, Amazon, Paypal und so weiter, falls Sie solche Dienste nutzen.
3. Bitte prüfen Sie auch die Einstellungen Ihres Computers, ob das
Betriebssystem und die installierte Software aktuell sind.
Die Reihenfolge ist wichtig, da die neuen Passwörter sonst direkt
wieder von Dritten ausgelesen werden könnten, wenn eine vorhandene
Schadsoftware nicht zuvor entfernt wurde.
Wenn Sie hierbei Unterstützung benötigen, erreichen Sie uns von Montag
bis Freitag von 08:00 Uhr bis 18:00 Uhr direkt unter der kostenfreien
Rufnummer 0800 5544 300. Halten Sie hierzu Ihre Abuse-ID und
Zugangsnummer, welche Sie im Betreff finden, bereit.
Auf unserer Seite https://abusefaq.telekom.de haben wir Ihnen viele
hilfreiche Tipps und Links zum Thema "Sicherheit" zusammengestellt.
Wenn Sie Fragen zu unserer E-Mail haben, schreiben Sie uns an
abuse@telekom.de und geben Sie dabei Ihre im Betreff genannte
Zugangsnummer an.
Mit freundlichen Grüßen
Deutsche Telekom AG
SEC-CDM / Abuse-Team
T-Online-Allee 1
D-64295 Darmstadt
E-Mail: abuse@telekom.de
hxxp://www.t-online.de/abuse
hxxp://www.telekom.de
ERLEBEN, WAS VERBINDET.
Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben
Große Veränderungen fangen klein an - Ressourcen schonen und nicht jede
E-Mail drucken.
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und löschen Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail und der darin enthaltenen
Informationen sind nicht gestattet.
Auch habe ich noch an das Telekom-Abuse-Team geschrieben wg. weiteren Details und habe diese Antwort erhalten: Code:
ATTFilter So wurde die Schadsoftware entdeckt
-----------------------------------
Über Ihren Internetzugang wurde ein "Sinkhole" kontaktiert. Das ist ein
Server, der als Falle für durch Schadsoftware befallene Rechner dient,
indem er einen Command&Control-Server eines Botnets simuliert. Ein
Command&Control-Server ist ein Bestandteil eines Botnets, der zwischen
dem eigentlichen Verbrecher und seinen "Bots" vermittelt. Unter
hxxp://www.elektronik-kompendium.de/sites/net/1501041.htm finden Sie bei
Interesse eine gute Erklärung der Struktur eines Botnets sowie eine
schematische Darstellung.
Bei den beschwerdegegenständlichen Zugriffen handelt es sich nicht um
den Versand von E-Mails. Die Steuerung der Bots erfolgt über die Ports
80 (HTTP) und 443 (HTTPS), das ist die übliche Vorgehensweise der
Botnetzbetreiber, da es keine Internetzugänge gibt, bei denen diese
Ports gesperrt sind. Per HTTP(S) aktualisieren sich die Bots, liefern
gestohlene Login-Daten ab und holen sich ihre Aufgabenlisten ab: An
DoS-Attacken teilnehmen, rechtswidrige Inhalte verbreiten, Spam
versenden, usw.
Informationen zum detektierten Schädling
----------------------------------------
Leider liegen uns keine spezifischen Informationen dazu vor, welche
Schadsoftware für den Zugriff verantwortlich ist.
Aus den bisherigen Rückmeldungen anderer Kunden können wir (abgesehen
von den üblichen 'verseuchten' Windows-Rechnern) darauf schließen, dass
auch folgende Geräteklassen in Frage kommen:
- Geräte mit einer Android-Version < 4.4 (Elf Sicherheitslücken in
Systemkomponente WebView, die nicht gefixt werden, siehe
hxxp://ct.de/-2528130)
- Spezielle Geräte mit meist unixoiden OS, die einen Webserver
beinhalten. Die darauf installierte Software wird oft nicht gepflegt,
sodass veraltete Installationen (CMS, PHP, SQL, Apache, Bash, ntpd)
vorliegen, die Sicherheitslücken beinhalten. Sind diese Geräte von
außen erreichbar, kann man davon ausgehen, dass diese auch früher
oder später gefunden und missbraucht werden. In erster Linie betrifft
dies NAS (Netzwerkspeichersystem), aber auch IP-Kameras oder anderes
wären denkbar.
- Von außen erreichbare Server oder Gateways mit unixoiden OS
(betrifft insbesondere Linux und Mac OS)
Die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem
Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt,
die relevanten Zeitangaben aus den Beschwerden haben wir in die
jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:
| 217.238.145.154 Sa, 07.02.2015 14:56:22 MEZ
| 217.238.157.157 So, 08.02.2015 12:57:34 MEZ
| 217.238.136.124 Mo, 09.02.2015 07:04:55 MEZ
| 217.238.157.213 Di, 10.02.2015 19:56:01 MEZ
| 217.238.133.52 Mi, 11.02.2015 18:56:18 MEZ
| 217.238.138.7 Do, 12.02.2015 19:57:28 MEZ
| 217.238.132.122 Sa, 14.02.2015 15:57:30 MEZ
| 217.238.134.92 So, 15.02.2015 11:55:13 MEZ
| 217.238.131.95 Mo, 16.02.2015 15:54:50 MEZ
| 217.238.145.245 Di, 17.02.2015 14:57:00 MEZ
| 217.238.147.180 Mi, 18.02.2015 11:57:14 MEZ
| 217.238.142.157 Do, 19.02.2015 16:55:45 MEZ
| 217.238.141.103 Fr, 20.02.2015 13:55:33 MEZ
| 217.238.132.84 Sa, 21.02.2015 13:57:46 MEZ
Entsprechend der Anleitung habe ich alle Scans schon durchgeführt. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 23/02/2015 (Egerland)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Egerland (administrator) on EGERLAND-PC on 23-02-2015 17:05:24
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Loaded Profiles: Egerland (Available profiles: Egerland & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
() C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\EmoDio\SMSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [GMX Update] => C:\Program Files\GMX\LiveUpdate\m2LUTray.exe [2229632 2009-10-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-02] (Corel, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3081752 2014-12-10] ()
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Power DVD Player] => C:\Program Files\Power DVD Player\PowerDVDPlayer.exe [391168 2007-09-06] ()
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Egerland\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983 /CMPID=1213b
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {10eddee7-cbd3-11de-b12f-002454133c8b} - F:\setup.exe AUTORUN=1
HKU\S-1-5-18\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ebay.de/sch/i.html?_odkw=siemens+defekt&_fspt=1&_sadis=100&_osacat=20710&LH_Distance=2&_from=R40&LH_PrefLoc=1&_fpos=83342&_trksid=p2045573.m570.l1313.TR6.TRC1.A0.H0.Xbosch+defekt&_nkw=bosch+defekt&_sacat=20710
https://www.google.de/
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No File
URLSearchHook: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 - (No Name) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\.DEFAULT -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> DefaultScope {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {09C6AB88-402B-4371-B00B-750CA1B06199} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081&r=710
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {59005EF4-725A-4875-B03E-59C1BE9DCF52} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {5D6E4CE3-E317-4473-BEDE-6B111D426BBD} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {8F76D6BC-80B9-4027-9C3A-CFD0EAC6E23B} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={1A83451E-68B9-495B-B0CC-DB856FABA06D}&mid=cdc0da971bc747d19929d16d12f7d578-5ea248575a62144c5b04df843d51e7845d247983&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 16:40:13&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {A8EA1D37-CE39-4B3B-8728-7C93BCCBE5CA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {D6FAA450-51B8-4270-BAF0-ABCC34A41F04} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {F8B71535-AD50-4877-B331-3ECDD5EF90FA} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
Handler: haufereader - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1131658597-4005637612-88016806-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: GMX MailCheck - C:\Users\Egerland\AppData\Roaming\Mozilla\Firefox\Profiles\q5ajt1bs.default-1380970918604\Extensions\toolbar@gmx.net [2014-12-17]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=cc4771f80000000000002eeee6aeaafc&toi=16081"
CHR Profile: C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-12]
CHR Extension: (Google Wallet) - C:\Users\Egerland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.)
S2 gupdate1cacc505e5a502c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
S4 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 vToolbarUpdater18.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-10] (AVG Secure Search)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-12-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [121000 2014-04-24] (SlySoft, Inc.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [43296 2014-12-10] (AVG Technologies)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 17:04 - 2015-02-23 17:05 - 00000000 ____D () C:\FRST
2015-02-23 17:00 - 2015-02-23 17:05 - 00000000 ____D () C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
2015-02-23 16:59 - 2015-02-23 16:59 - 00000000 _____ () C:\Users\Egerland\defogger_reenable
2015-02-23 16:57 - 2015-02-23 16:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Virenanalyse
2015-02-23 15:17 - 2015-02-23 15:17 - 00000000 ___HD () C:\windows\AxInstSV
2015-02-22 13:57 - 2015-02-22 13:57 - 00000000 ____D () C:\Users\Egerland\Desktop\Referat
2015-02-22 11:45 - 2015-02-23 15:20 - 00008192 _____ () C:\windows\system32\WDPABKP.dat
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\Documents\TAXMAN
2015-02-21 21:35 - 2015-02-21 21:35 - 00000000 ____D () C:\Users\Egerland\AppData\Local\HL
2015-02-21 21:29 - 2015-02-21 21:29 - 00000000 ____D () C:\ProgramData\AAV
2015-02-21 21:27 - 2015-02-21 21:32 - 00002017 _____ () C:\Users\Public\Desktop\TAXMAN 2015.lnk
2015-02-21 21:21 - 2015-02-21 21:21 - 00000000 ____D () C:\ProgramData\HL
2015-02-17 19:32 - 2015-02-17 19:44 - 00000000 ____D () C:\Users\Egerland\Desktop\Dorema Bergamo
2015-02-16 19:16 - 2015-02-16 19:18 - 00146192 _____ () C:\windows\Minidump\021615-77766-01.dmp
2015-02-11 19:07 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:07 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-10 19:39 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:39 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:39 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:39 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:39 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:39 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:39 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:39 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:39 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:39 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-02-10 19:39 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:39 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-10 19:39 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-10 19:39 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 19:38 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:38 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:38 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:38 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:38 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:38 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:38 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:38 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:38 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:38 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:38 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:38 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:38 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:38 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:38 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:37 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:37 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:37 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:37 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:37 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:37 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:37 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:37 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:37 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:37 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:37 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:37 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:37 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:37 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:37 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:37 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:36 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:36 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:36 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 19:36 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-07 17:00 - 2015-02-07 17:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 15:57 - 2015-02-01 16:03 - 00029184 _____ () C:\Users\Egerland\Downloads\kalorienwochenbudget(1).xls
2015-01-27 14:01 - 2015-01-27 14:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 20:04 - 2015-01-25 20:04 - 00001169 _____ () C:\Users\Egerland\Desktop\Fitbit Connect.lnk
2015-01-24 13:51 - 2015-02-18 21:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-24 13:51 - 2015-01-25 08:52 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-01-24 13:51 - 2015-01-24 13:51 - 00000000 ____D () C:\Program Files\Fitbit Connect
2015-01-24 13:13 - 2015-01-24 13:13 - 32688736 _____ (Fitbit Inc.) C:\Users\Egerland\Downloads\FitbitConnect_Win_20141212_2.0.0.6518.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 16:59 - 2009-11-07 13:35 - 00000000 ____D () C:\Users\Egerland
2015-02-23 16:53 - 2009-09-17 07:44 - 01317671 _____ () C:\windows\WindowsUpdate.log
2015-02-23 16:38 - 2012-11-16 21:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 16:25 - 2010-03-25 20:40 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 16:17 - 2011-12-13 19:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:31 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 15:25 - 2010-03-25 20:40 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 15:17 - 2013-01-21 20:13 - 00000342 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-23 15:17 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-23 15:17 - 2009-07-14 05:39 - 00243979 _____ () C:\windows\setupact.log
2015-02-22 22:07 - 2012-11-16 20:33 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\BOM
2015-02-22 15:46 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Egerland\Desktop\Ralfs Lieblingsmusik
2015-02-22 15:45 - 2014-07-14 07:44 - 00000000 ____D () C:\Users\Egerland\AppData\Roaming\streamWriter
2015-02-22 15:35 - 2009-07-26 21:06 - 01427320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-22 11:47 - 2009-11-07 13:46 - 00124808 _____ () C:\Users\Egerland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 11:44 - 2009-07-14 05:33 - 00445376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-22 11:41 - 2014-02-18 20:06 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-02-22 11:41 - 2009-09-17 08:19 - 00836386 _____ () C:\windows\PFRO.log
2015-02-21 21:32 - 2009-11-07 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-02-21 21:29 - 2009-11-07 19:41 - 00000000 ____D () C:\Program Files\Lexware
2015-02-21 20:59 - 2014-02-18 20:06 - 00001895 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-02-21 20:59 - 2014-02-18 20:06 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-21 20:58 - 2013-04-20 15:49 - 00000083 ___SH () C:\ProgramData\.zreglib
2015-02-20 19:27 - 2010-03-25 20:22 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-16 19:16 - 2011-03-02 14:44 - 341335862 _____ () C:\windows\MEMORY.DMP
2015-02-16 19:16 - 2011-03-02 14:44 - 00000000 ____D () C:\windows\Minidump
2015-02-14 20:08 - 2013-01-23 20:01 - 00000000 ____D () C:\Users\Egerland\Documents\My Digital Editions
2015-02-11 19:06 - 2013-02-01 21:06 - 00000000 ____D () C:\Users\Egerland\Documents\Calibre Bibliothek
2015-02-11 18:44 - 2014-12-10 17:48 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 18:44 - 2014-05-06 21:09 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing
2015-02-11 18:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-02-10 21:15 - 2013-07-11 20:13 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:07 - 2009-11-10 21:27 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-09 16:40 - 2013-02-01 20:07 - 00000000 ____D () C:\Users\Egerland\Documents\My Kindle Content
2015-02-08 18:35 - 2011-05-12 15:23 - 00000000 ____D () C:\Users\Egerland\Desktop\DVD-Filme
2015-02-07 17:01 - 2013-12-01 16:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 17:01 - 2009-11-07 19:37 - 00000000 ____D () C:\Program Files\Java
2015-02-07 17:00 - 2014-12-07 21:42 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-02-05 19:39 - 2012-11-16 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:39 - 2011-11-09 21:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 16:39 - 2012-05-05 16:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 14:18 - 2009-11-07 13:36 - 00000000 ____D () C:\Users\Egerland\AppData\Local\Adobe
2015-01-25 16:00 - 2015-01-10 18:39 - 00126464 _____ () C:\Users\Egerland\Desktop\kalorienwochenbudget.xls
2015-01-25 15:08 - 2012-05-07 18:22 - 00000000 ____D () C:\Users\Egerland\Documents\Turbo Lister Backup
2015-01-25 09:15 - 2014-10-19 11:47 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-25 09:15 - 2014-04-01 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-25 09:11 - 2014-12-10 16:40 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
==================== Files in the root of some directories =======
2012-06-19 12:45 - 2015-01-19 17:26 - 0000564 _____ () C:\Users\Egerland\AppData\Roaming\mag33.ini
2012-09-13 07:55 - 2012-09-13 07:55 - 0027520 _____ () C:\Users\Egerland\AppData\Local\dt.dat
2012-01-24 19:55 - 2012-01-24 19:55 - 0000096 _____ () C:\Users\Egerland\AppData\Local\fusioncache.dat
2013-04-20 15:49 - 2015-02-21 20:58 - 0000083 ___SH () C:\ProgramData\.zreglib
2011-02-03 17:37 - 2011-02-03 17:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-11-07 13:40 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
Some content of TEMP:
====================
C:\Users\Egerland\AppData\Local\Temp\AskSLib.dll
C:\Users\Egerland\AppData\Local\Temp\avguidx.dll
C:\Users\Egerland\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\DivXSetup.exe
C:\Users\Egerland\AppData\Local\Temp\FileSystemView.dll
C:\Users\Egerland\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Egerland\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Egerland\AppData\Local\Temp\GLF6B54.tmp.ConduitEngineSetup.exe
C:\Users\Egerland\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Egerland\AppData\Local\Temp\InstallAX.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv_69d6064f.exe
C:\Users\Egerland\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Egerland\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Egerland\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Egerland\AppData\Local\Temp\msg3D00.exe
C:\Users\Egerland\AppData\Local\Temp\NEWFB40.tmp.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{4824FC86-92EA-4F8D-976A-41FF091EC03F}.exe
C:\Users\Egerland\AppData\Local\Temp\oi_{B0F039F7-0F24-4293-8632-95A462B79841}.exe
C:\Users\Egerland\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Egerland\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Egerland\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Egerland\AppData\Local\Temp\softonic-de3.exe
C:\Users\Egerland\AppData\Local\Temp\softonic_s_de3.exe
C:\Users\Egerland\AppData\Local\Temp\tbsoft.dll
C:\Users\Egerland\AppData\Local\Temp\tbwww..dll
C:\Users\Egerland\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Egerland\AppData\Local\Temp\Tsu24680825.dll
C:\Users\Egerland\AppData\Local\Temp\Tsu6B95603D.dll
C:\Users\Egerland\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Egerland\AppData\Local\Temp\VIS_DE-2013-12-13.exe
C:\Users\Egerland\AppData\Local\Temp\www.Freeware-download.com.exe
C:\Users\Egerland\AppData\Local\Temp\_is9990.exe
C:\Users\Egerland\AppData\Local\Temp\_isC13C.exe
C:\Users\Egerland\AppData\Local\Temp\_isDFD3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 17:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Egerland at 2015-02-23 17:06:34
Running from C:\Users\Egerland\Downloads\Virenentfernung Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ACSI Camp Site Guide Europe 2012 (HKLM\...\InstallShield_{B69FBCB1-805A-458B-8850-E93EC2323933}) (Version: 1.00.0000 - Ihr Firmenname)
ACSI Camp Site Guide Europe 2012 (Version: 1.00.0000 - Ihr Firmenname) Hidden
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Amazon Kindle) (Version: - Amazon)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.2.0 - SlySoft)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Biet-O-Matic v2.14.10 (HKLM\...\Biet-O-Matic v2.14.10) (Version: 2.14.10 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
Canon CanoScan Toolbox 5.0 (HKLM\...\CanoScan Toolbox 5.0) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM\...\conduitEngine) (Version: 6.2.3.0 - Conduit Ltd.) <==== ATTENTION
ContentSAFER for Wizmax (HKLM\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version: - )
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Disc2Phone (HKLM\...\{6E65247F-58F9-41CA-BE69-0316F7907170}) (Version: 1.3.0.106 - Sony Media Software)
DVD2one V2.4.2 (HKLM\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
EmoDio (HKLM\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - SAMSUNG)
EmoDio (Version: 1.0 - SAMSUNG) Hidden
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Firefox 3.6 GMX Edition (HKLM\...\Firefox 3.6 GMX Edition) (Version: - GMX)
Firefox 3.6 GMX Edition (Version: 1.6 - GMX) Hidden
Fitbit Connect (HKLM\...\{08002BE6-6476-4012-8D4B-CF0AE7C71F29}) (Version: 2.0.0.6518 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GMX Update (HKLM\...\GMX Update) (Version: - GMX)
GMX Update (Version: 1.0 - GMX) Hidden
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Deutsch Klasse 1+2) (Version: - )
Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2 (HKLM\...\Grundschule Lernspass mit Albert E. Mathematik Klasse 1+2) (Version: - )
Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Deutsch Klasse 3+4) (Version: - )
Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4 (HKLM\...\Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 3+4) (Version: - )
Haufe iDesk-Browser (HKLM\...\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}) (Version: 8.07.16.5590 - Haufe)
Haufe iDesk-Service (HKLM\...\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}) (Version: 8.08.20.5622 - Haufe)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2082 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Klett Nussknacker 2 (HKLM\...\Klett Nussknacker 2) (Version: - )
Kobo (HKLM\...\Kobo) (Version: 3.2.3 - Kobo Inc.)
Lexware Elster (HKLM\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware financial office 2011 (HKLM\...\{757469A9-396B-45E7-B069-67297D08470E}) (Version: 15.40.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten 2007 (HKLM\...\{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}) (Version: 14.00 - Lexware)
Lexware reisekosten 2007 (Version: 14.00 - Lexware) Hidden
MABBLE Junior 1.3 (HKLM\...\MABBLE Junior) (Version: 1.3 - )
MATHEARBEIT G 4.5 (HKLM\...\MATHEARBEIT G) (Version: 4.5 - MA-Software)
MATHE-PROFI 3.5 (HKLM\...\MATHE-PROFI) (Version: 3.5 - MA-Software)
MATHETEXT G 1.2 (HKLM\...\MATHETEXT G) (Version: 1.2 - )
MetaTrader 4 - RoboForex (HKLM\...\MetaTrader 4 - RoboForex) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PIXELA AAC LC CODEC (HKLM\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Power DVD Player (HKLM\...\Power DVD Player) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rasche`s Kartenspiele (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Rasche`s Kartenspiele) (Version: - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Schoener Fernsehen 0.0.0.2c (HKLM\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Steuer Update 15.09 (Version: 15.09 - Lexware) Hidden
streamWriter (HKLM\...\streamWriter_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TAXMAN 2008 (HKLM\...\{F331FBDC-7DCF-4598-9E7C-E11865677AB4}) (Version: 14.00 - Lexware)
TAXMAN 2008 (Version: 14.00 - Lexware) Hidden
TAXMAN 2009 (HKLM\...\{EFE38CC6-2592-4F93-B59B-CE4B69600890}) (Version: 15.00.00.0026 - Lexware)
TAXMAN 2009 (Version: 15.00.00.0026 - Lexware) Hidden
TAXMAN 2010 (HKLM\...\{5C5B0836-9648-4057-8044-2DF181E073E2}) (Version: 16.14.00.0002 - Haufe-Lexware GmbH & Co. KG)
TAXMAN 2011 spezial (HKLM\...\{D3898F55-9EF3-490F-8AF6-DD9EE5512BC0}) (Version: 17.08.00.0005 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2012 (HKLM\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.10.00.0007 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2015 (HKLM\...\{5613CAD3-71ED-4207-95A0-1BA0BF465E38}) (Version: 20.27.130 - Haufe-Lexware GmbH & Co.KG)
TAXMAN Bibliothek 2008 (HKLM\...\{1716D952-F601-4A07-8988-7FCFAEDE6FDC}) (Version: 14.0.0.0 - Haufe Mediengruppe)
TAXMAN Bibliothek 2009 (HKLM\...\{700C61BE-9424-4B20-9153-7A0C59722AF4}) (Version: 15.0.1.0 - Haufe Mediengruppe)
TELL ME MORE (HKLM\...\TMM90) (Version: - )
TELL ME MORE (HKLM\...\TMM90bis) (Version: - )
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity Web Player (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WD Quick View (HKLM\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{752EC2DC-0313-435A-BF9A-9B02927C049A}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WÖRTER-ZIRKUS 1.2 (HKLM\...\WÖRTER-ZIRKUS) (Version: 1.2 - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InprocServer32 -> C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Egerland\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Egerland\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6BB720C-25CB-11E0-B4E5-23EBDED72085}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\NEROOE~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Egerland\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
21-02-2015 21:24:45 TAXMAN 2015 wurde installiert.
21-02-2015 21:28:10 Installed AAVUpdateManager.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13EF8802-E98C-4044-841F-09939F00B4CA} - System32\Tasks\{610DCC01-61C0-4292-8C58-AA305922EB46} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {2EA70280-0F8B-494D-933F-B7BB03B14B87} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {367DECB2-BD37-4DB0-A698-8330E9C1C2EA} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {3873F851-5E91-480B-92A7-AB8D1BFD922A} - System32\Tasks\Western Digital\SmartWare\____Volume_511e6cee_a3da_11de_8773_806e6f6e6963______Volume_a38d148b_ed08_11e0_b8a7_002454133c8b__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2014-12-02] (Western Digital Technologies, Inc.)
Task: {4C651BF6-28CA-4682-8CB8-C231ACF5953E} - System32\Tasks\{46B3FD0C-BB4C-4212-93C8-E1AF8D5ECED4} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;systemlevelpresent
Task: {53BBBDF9-0E4C-464C-9193-2C582D60A182} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {5F5F4027-363A-43FD-8211-7A2BF4BF0E1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C26E75A-35C7-471F-AA49-1C8CE4E389CA} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {7A0D0A0B-DC9F-4A69-A646-1F963FCCE23E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {B2A658A5-E557-4413-BADF-0003EB869DD5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {B4A4B44D-DCB4-4BE9-8B6F-26007C2CD356} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BB01EB0E-8B75-42D7-BE30-3BF9D69CF38B} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {C5265011-C843-45D0-8F2B-0D9DE00A416F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
Task: {D26BCE6D-33D9-40F6-9B7B-44EDB866CD45} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {D3B61819-77A1-42CC-A171-783162CDF082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {EB8E8B1F-9C02-4436-9CDE-3A17A4BED76E} - System32\Tasks\{16DAC1D2-1A99-42B1-B8F5-DE02D0130882} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN
Task: {F7F7FBF4-798E-49B7-887A-30D694F135D8} - System32\Tasks\{ED4D7821-B5CB-454A-9385-5C49C63DB51E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsPlugin
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
==================== Loaded Modules (whitelisted) ==============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-22 15:40 - 2010-03-22 15:40 - 00011264 _____ () C:\Program Files\Netzmanager\NMInfraIS2\SoftPlugInterOp.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2009-09-17 07:50 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2009-10-16 14:16 - 2009-10-16 14:16 - 02229632 _____ () C:\Program Files\GMX\LiveUpdate\m2LUTray.exe
2014-12-10 16:40 - 2014-12-10 16:39 - 01686552 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-12-10 16:40 - 2014-12-10 16:39 - 03081752 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2007-09-06 08:28 - 2007-09-06 08:28 - 00391168 _____ () C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
2014-11-19 22:02 - 2014-11-19 22:02 - 40622592 ____R () C:\Program Files\Fitbit Connect\libcef.dll
2013-10-24 18:57 - 2013-05-15 09:10 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-10-24 18:57 - 2013-05-15 09:05 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:A42A9F39
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Egerland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1131658597-4005637612-88016806-500 - Administrator - Enabled) => C:\Users\Administrator.Egerland-PC
ASPNET (S-1-5-21-1131658597-4005637612-88016806-1009 - Limited - Enabled)
Egerland (S-1-5-21-1131658597-4005637612-88016806-1000 - Administrator - Enabled) => C:\Users\Egerland
Gast (S-1-5-21-1131658597-4005637612-88016806-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1131658597-4005637612-88016806-1007 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357
System errors:
=============
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/23/2015 05:04:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1169415
Error: (02/22/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1168416
Error: (02/22/2015 06:28:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1167418
Error: (02/22/2015 06:28:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/22/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1166357
CodeIntegrity Errors:
===================================
Date: 2014-06-30 16:48:30.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:47:55.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:33:10.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 16:33:05.494
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:50:08.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:50:02.754
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:52.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:10.503
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:07.198
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-25 17:49:04.945
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 3004.61 MB
Available physical RAM: 1799.84 MB
Total Pagefile: 6005.46 MB
Available Pagefile: 4177.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.05 GB) (Free:76.12 GB) NTFS
Drive d: () (Fixed) (Total:50.94 GB) (Free:50.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 07A54FFB)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-23 21:25:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Egerland\AppData\Local\Temp\pwdyqkob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x933C06E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x933C0800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x933C0010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x933C04D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x933C0300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x933C03E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x933C0120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x933C0210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x933C05E0]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRequestWaitReplyPort + 1499 83082995 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A2612 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 161F 830A9CE4 8 Bytes [E0, 06, 3C, 93, 00, 08, 3C, ...] {LOOPNZ 0x8; CMP AL, 0x93; ADD [EAX], CL; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1667 830A9D2C 4 Bytes [10, 00, 3C, 93] {ADC [EAX], AL; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1687 830A9D4C 4 Bytes [D0, 04, 3C, 93] {ROL BYTE [ESP+EDI], 0x1; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 1927 830A9FEC 8 Bytes [00, 03, 3C, 93, E0, 03, 3C, ...] {ADD [EBX], AL; CMP AL, 0x93; LOOPNZ 0x9; CMP AL, 0x93}
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 830A9FFC 8 Bytes [20, 01, 3C, 93, 10, 02, 3C, ...] {AND [ECX], AL; CMP AL, 0x93; ADC [EDX], AL; CMP AL, 0x93}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\ctfmon.exe[3680] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\msiexec.exe[4396] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\Program Files\iPod\bin\iPodService.exe[4448] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\SearchIndexer.exe[4676] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text C:\windows\system32\igfxext.exe[4716] ntdll.dll!NtWriteVirtualMemory 773F6AD8 5 Bytes JMP 5CBF1000 C:\Program Files\AVG\AVG2015\avghookx.dll
.text ...
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[7472] ole32.dll!OleLoadFromStream 74956143 5 Bytes JMP 01FD44C3 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
Device \Driver\iaStor \Device\Ide\iaStor0 AnyDVD.sys
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 AnyDVD.sys
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 AnyDVD.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B266379E 2996
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank schonmal für Eure Hilfe vorab Viele Grüße kroko123 |
| Themen zu Telekom Abuse Team, Infektion: generic |
| adware, antivirus, autorun, bonjour, browser, canon, cid, computer, cpu, desktop, device driver, downloader, ebanking, flash player, frage, home, homepage, karte, mozilla, msiexec.exe, realtek, rechtlich, registry, scan, secure search, security, svchost.exe, udp, usb, viren, vtoolbarupdater, wlan |
Baum-Darstellung