| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 100 Tans Trojaner bei OnlinebankingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2013, 14:44
| #1 |
| |  100 Tans Trojaner bei Onlinebanking Hallo liebe Trojaner Jäger, meine Schwiegermama hat sich den charmanten Trojaner eingefangen der bei ihren Online Konten die Tanliste abfragt und gerne hätte, dass sie alle 100 Tans einträgt um dann natürlich neue von der Bank zu bekommen... Es wäre super wenn ihr mir hier helfen könntet. Verschiedene Scans letzte Woche mit Spybot, Antivir und McAffee haben nur ein Resultat gehabt und dieses beseitigt. Danach war alles Clean. Gestern hatte Sie nun wieder das Problem weshalb ich jetzt euch um rat frage. Anbei die Logfiles für Defogger OTL GMER war als file Anhang zu groß mit 300kb für einen Anhang, deshalb als Dropbox link https://dl.dropboxusercontent.com/u/61070663/Gmerlog.log Ich hoffe ich habe nichts überlesen was ich noch tun soll bevor ich um Hilfe frage. Vielen Dank schon im Voraus für eure Unterstützung Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:23 on 17/05/2013 (PC)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 17.05.2013 23:30:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,50% Memory free 6,19 Gb Paging File | 4,32 Gb Available in Paging File | 69,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,07 Gb Total Space | 174,34 Gb Free Space | 60,52% Space Free | Partition Type: NTFS Drive D: | 10,01 Gb Total Space | 1,74 Gb Free Space | 17,36% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.17 23:24:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.05 22:07:08 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe PRC - [2013.03.05 22:07:08 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.13 01:14:03 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2009.12.01 14:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2009.12.01 14:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2008.09.29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2008.09.29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2008.08.11 15:00:10 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\stacsv.exe PRC - [2008.08.11 14:56:56 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2008.08.07 18:19:10 | 000,910,128 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.08.07 16:06:14 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.08.06 17:37:22 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe PRC - [2008.08.02 01:13:44 | 000,210,216 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.08.02 01:13:34 | 001,144,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\AEstSrv.exe PRC - [2008.05.26 05:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe PRC - [2008.03.14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe PRC - [2007.12.11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.11.22 00:21:10 | 000,131,072 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\readericon10.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 22:18:01 | 013,136,776 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.01 05:47:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll MOD - [2011.12.01 05:47:33 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll MOD - [2011.12.01 05:47:18 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll MOD - [2011.12.01 05:47:00 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MOD - [2011.12.01 05:46:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll MOD - [2011.12.01 05:44:31 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\cd2db4b9993efb0b9ffda72d8ceb2c20\System.Data.ni.dll MOD - [2011.12.01 05:44:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.12.01 05:44:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.12.01 05:43:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.12.01 05:43:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.12.01 05:41:58 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.12.01 05:41:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.08.02 01:13:46 | 000,857,384 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.08.02 01:13:42 | 000,013,608 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvcPS.dll MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.05.14 22:17:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.05 22:07:08 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.12.01 14:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.09.29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2008.09.29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2008.09.29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2008.09.29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2008.08.11 15:00:10 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\stacsv.exe -- (STacSV) SRV - [2008.08.06 17:37:22 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\AEstSrv.exe -- (AESTFilters) SRV - [2008.05.26 05:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2011.08.19 12:25:26 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.09.29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2008.09.29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2008.09.29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2008.09.29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2008.09.29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2008.09.29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2008.08.11 15:05:32 | 000,385,536 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.07.23 21:55:40 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.07.14 15:34:00 | 007,541,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.26 05:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.05.12 14:33:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.02.29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.14 16:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{14226132-5C3E-4807-AC96-77F648C3F131}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm049^YY^de&si=61531&ptb=22EA66A8-01C5-489C-8E4C-5E011C2004D8&psa=&ind=2013030515&st=sb&n=77fc6873&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{B6643A2F-620C-4E4F-AC1C-42F009CDFB27}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm049^YY^de&si=61531&ptb=22EA66A8-01C5-489C-8E4C-5E011C2004D8&psa=&ind=2013030515&st=sb&n=77fc6873&searchfor={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.02.10 23:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 00:55:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.03 19:45:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2013.03.05 22:07:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.02.10 23:02:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 00:55:15 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Donuleyse] C:\Users\***\AppData\Roaming\Hotaeb\uvor.exe (Mandiant) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D208A72-3417-44C1-9EEC-78857B955A5E}: DhcpNameServer = 10.2.0.1 10.2.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B751B0BE-F4D9-428D-BAB8-D096266CFC11}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 19:15:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.05.09 18:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.09 18:09:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.09 18:09:43 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.09 18:09:43 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.09 18:09:42 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.09 18:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.09 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.09 17:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.05.09 17:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.09 17:30:45 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.05.09 17:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.05.09 17:19:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2013.05.09 11:18:12 | 004,904,080 | ---- | C] (TeamViewer GmbH) -- C:\Users\***\Desktop\TeamViewer_Setup_de-ckc.exe [2013.04.30 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Idunez [2013.04.30 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hotaeb [2013.04.30 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Goomy ========== Files - Modified Within 30 Days ========== [2013.05.17 23:34:33 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.17 23:15:16 | 000,171,341 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.17 23:14:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb6bdf76a59810.job [2013.05.17 23:14:04 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.17 23:14:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 23:14:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 23:13:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 23:13:50 | 3218,046,976 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 23:12:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.17 23:09:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.17 23:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 22:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 20:43:07 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BF3D315-A2A7-4300-A240-F4BE27615D59}.job [2013.05.09 23:12:56 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.05.09 23:12:56 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.05.09 22:10:20 | 000,002,597 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2003.lnk [2013.05.09 18:30:48 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.09 18:10:16 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.09 17:30:54 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.09 11:18:21 | 004,904,080 | ---- | M] (TeamViewer GmbH) -- C:\Users\***\Desktop\TeamViewer_Setup_de-ckc.exe [2013.05.08 19:13:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.08 19:13:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.08 19:13:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.08 19:13:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.03 10:34:15 | 000,007,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2013.04.28 22:15:30 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\MS PowerPoint 2003.lnk [2013.04.23 21:05:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.05.17 23:34:32 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.17 23:09:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.09 18:10:16 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.09 17:31:18 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.05.09 17:31:17 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.05.09 17:31:03 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.09 17:30:54 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.09 17:30:54 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.11.09 11:18:09 | 000,182,152 | ---- | C] () -- C:\Users\***\ESt2011_***_Peter_und_***_Yvonne.elfo [2012.09.01 15:40:53 | 000,177,137 | ---- | C] () -- C:\Users\***\ESt2011_***_Yvonne_und_***_Yvonne.elfo [2011.07.06 16:35:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2010.12.02 00:50:44 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.03.11 20:37:26 | 000,022,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.03.11 20:36:46 | 000,006,187 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2010.03.07 13:16:35 | 000,038,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel.ADR [2010.02.12 01:06:06 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.12.16 10:13:52 | 000,171,341 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.16 10:13:46 | 000,171,341 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.15 19:50:05 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.03 23:23:21 | 000,000,261 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.03 14:29:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\4Media [2012.10.06 12:45:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.passpack.desktop.5608783B8287D942A05053A46986E54ED4532229.1 [2009.08.13 11:30:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DigitalPersona [2013.05.17 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.06.09 20:27:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2013.05.17 22:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Goomy [2013.04.30 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hotaeb [2013.04.30 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Idunez [2011.11.07 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Internet-Manager [2012.04.11 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicNet [2013.05.09 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 23:30:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,50% Memory free
6,19 Gb Paging File | 4,32 Gb Available in Paging File | 69,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,07 Gb Total Space | 174,34 Gb Free Space | 60,52% Space Free | Partition Type: NTFS
Drive D: | 10,01 Gb Total Space | 1,74 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19186185-C9AA-4BFF-9BD6-29F3BF331308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{232A229A-3AC9-42E3-9568-939A822D96A1}" = lport=138 | protocol=17 | dir=in | name=hp 138 |
"{27DB1764-1E19-4904-945C-A82C4E9C4784}" = lport=139 | protocol=6 | dir=in | name=hp 139 ausg tcp |
"{34B70CB3-E66B-4C53-8668-529F8680EA1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{3824C14F-E2BB-4589-BD8C-6AED89E2E466}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39128A51-5FD3-4FEA-A58B-D28DEDF38E3A}" = lport=161 | protocol=17 | dir=in | name=hp 161 |
"{3B22837F-4470-4529-A369-149F8BD5FE46}" = rport=137 | protocol=17 | dir=out | app=system |
"{41EF4F8F-D20A-4F1C-BCED-5B54BE4C77C5}" = lport=427 | protocol=17 | dir=in | name=hp officejet |
"{55FDC429-E97D-4FE1-AD22-7CD54216C192}" = lport=137 | protocol=17 | dir=in | name=hp 137 |
"{5D121D5B-1EF9-4936-89C4-88B60265C775}" = lport=137 | protocol=6 | dir=in | name=hp 137 ausg tcp |
"{622C5DB2-32BF-41C1-979F-0BAF8CF2D1ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{66F9A9F0-BD27-49B8-B556-3DC14F72D6A3}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7116E9BB-1F3F-424A-B3F5-67A6C85C32BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71F670D2-E385-4B4C-8DB6-5C7E10A22AAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B0BCDA8-CC31-4100-B983-DC3BE4A489B8}" = lport=9220 | protocol=6 | dir=in | name=hp 9220 tcp |
"{7CF83340-D64D-41D1-A0EB-C22755A4BD66}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F7C59EF-EB76-4307-BF69-CC78C1B51E29}" = lport=445 | protocol=6 | dir=in | app=system |
"{90EA1671-DBDF-4CBD-AD8A-2A03708BBE1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{918886F1-F62F-48F0-B8D1-166100F590D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{91AACA07-756B-4314-8A70-2043EA99E68C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9788F5B9-5ACF-4D28-99F9-2A20BE223461}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{984DB0A4-E914-4A28-9E3F-5ADDB1E30159}" = lport=139 | protocol=6 | dir=in | app=system |
"{AB654815-E331-4379-8ECD-0C7E278CF1F1}" = lport=9100 | protocol=6 | dir=in | name=hp 9100 tcp |
"{B6A96DAC-95C7-4561-BEDE-13850F4C0BE3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BBC69CD8-8D3D-409B-9530-0053525E9718}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD1A3CAE-EFF8-4D53-955F-BDB7D9CF3731}" = lport=427 | protocol=6 | dir=in | name=hp 427 tcp |
"{BF7301FD-D922-43A8-95AF-816D14A898A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{CB642D4A-8391-499B-A5ED-6D74CB10182B}" = lport=9500 | protocol=6 | dir=in | name=hp 9500 tcp |
"{D38403AC-7147-4E55-856F-454FD713AAF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DABE0310-211C-4FBC-B348-C7E93CDCE4A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{F655BDF7-66AB-41EB-88CE-3377669BF661}" = lport=427 | protocol=17 | dir=in | name=hp 427 |
"{FDD3E5A6-FB2B-4B28-AF8D-89ECD9C3A5CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FEB476-A40C-4759-ACA8-48A5B2C97A89}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{0B61A0A2-499E-4BC7-93BA-CBF0F1040A2D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{0C3AAF29-5476-4604-847F-14BB428E69E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0EA9E9E5-9B91-4139-8BE9-D8C384581966}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0EBF7BC1-3252-4B2A-982B-82FA257664C8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{128538B7-E81C-4929-B0D1-BA6B1380BF08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{156D4378-19C1-47F0-A7AE-D2E369831624}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{171E82EA-0949-4C60-BFE4-9DED80841BE4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{1F755AE9-3EB9-4250-BB1D-74543137126A}" = protocol=6 | dir=in | app=c:\program files\mcafee\virusscan enterprise\scncfg32.exe |
"{2572EEF6-01A7-41C8-9717-8893422BE9DE}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{257EA389-D23B-497E-B346-B1E7C7C57973}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{284844A9-9200-4E01-8E04-9468A065824F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2879B2B9-3C7B-4E25-8A6D-872697462861}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2D796C9B-510A-4B21-8461-DD3EC3799B1E}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2FB6BE7B-FDB0-4764-9ED5-27C10137FC45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{329228F7-90C3-400D-9A91-BB05E29DCBCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{32AAFDD4-A83F-48C5-B41F-95A1568C5E16}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3DFFCA94-9CA3-415B-B1B7-4DB1D8E29ABD}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3F46BED1-221D-47B1-A4A2-A467802DC563}" = dir=in | app=e:\setup\hpznui01.exe |
"{43EB52FA-F18C-4B52-9E35-7830AC2A985A}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{4CF6F833-C018-419A-90B0-37697E696066}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{4EE60182-C1B4-4B65-9F81-F81CA2F29048}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{5E85D14B-5CD1-4DC0-8817-48720CF5B4A9}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{64C12343-0D82-4107-AD01-7ADC5EB46977}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{675D931B-15BC-4F14-A3BF-1D9F9272A21F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{76CDAD4A-1B10-4A0B-B867-4FFF776C4794}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7CDFF328-EA76-465D-85A1-A6FF42201B11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89BFC4DB-03F6-43CE-B25A-350B30B8B7AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8D0FD2AF-BD63-4700-A5AA-77E4E9ACDE44}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E1E009F-E9D6-4114-B1A6-0CD5ED8B11E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A041AE8-CD41-47B2-AAF6-459036A02EC6}" = protocol=17 | dir=in | app=c:\program files\mcafee\virusscan enterprise\scncfg32.exe |
"{9B6DE86D-762A-4F65-BBB9-4CFC362CAA7D}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{A1F622A1-8752-4838-B3C6-E8CB67B3A96A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A8C017A5-C860-4BA1-A43F-A3FE06AFA840}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{A8CB34EB-EADE-4D5E-B5C5-36FCC99FD906}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B43638A8-BBE1-4F00-9DE5-704C096E4224}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{B8A66E0B-B733-4EDB-B66F-ED8260B9B1CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA8E49FE-1616-4C11-A05C-5A1944A10464}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BBABDD7D-6B09-4DB0-9D24-7EB93389AD72}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{BD281103-BB9C-4B99-A142-4367A81E227D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{D343E834-90BB-4B6A-9B90-B33D3EFE9EA4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D5EDCF4A-4468-4DF1-8CE0-B3017ACF4A0F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{DA74FA9B-5C3F-4DD9-A255-BA15825CB450}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EAE085DF-03AA-40E2-913D-EF0B3055427A}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{EC17F58B-EC29-4A2D-9A4C-E7E6291D6E8D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"TCP Query User{27243D05-980F-4496-BB30-BA4EA2B96FBD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B39DA203-A53B-4358-99E0-3B5A5638F4CE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{16DD315A-70CE-4DB5-8779-2B01ED0F6B1A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9DDADD41-EC07-48BE-8F19-6FA251BD7F18}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DAAFD82-7FB5-4793-A733-127D628C1D13}" = HP MediaSmart SmartMenu
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}" = Multimedia Card Reader
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C204A37D-34B3-6BA4-2DE3-8857C22C38A0}" = Passpack Desktop
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6E79220-A3F5-4951-B8D9-75A4B15FD789}" = HP User Guides 0122
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media MP4 to MP3 Converter 6" = 4Media MP4 to MP3 Converter 6
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.passpack.desktop.5608783B8287D942A05053A46986E54ED4532229.1" = Passpack Desktop
"ElsterFormular" = ElsterFormular
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}" = Multimedia Card Reader
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2012 15:00:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.04.2012 15:20:02 | Computer Name = ***-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1088) SUS20ClientDataStore: Der Versionsspeicher für
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange
andauernde Transaktion: Sitzungs-ID: 0x01570320 Sitzungskontext: 0x00000000 Thread-ID
des Sitzungskontextes: 0x00000918 Cleanup: 1
Error - 29.04.2012 15:24:29 | Computer Name = ***-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1088) SUS20ClientDataStore: Der Versionsspeicher für
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange
andauernde Transaktion: Sitzungs-ID: 0x01570320 Sitzungskontext: 0x00000000 Thread-ID
des Sitzungskontextes: 0x00000918 Cleanup: 1
Error - 30.04.2012 05:59:05 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2012 06:05:09 | Computer Name = ***-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1072) SUS20ClientDataStore: Der Versionsspeicher für
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde. Mögliche lange
andauernde Transaktion: Sitzungs-ID: 0x01A20320 Sitzungskontext: 0x00000000 Thread-ID
des Sitzungskontextes: 0x0000009C Cleanup: 1
[ DigitalPersona Pro Events ]
Error - 05.09.2011 02:48:46 | Computer Name = ***-PC | Source = DigitalPersona Pro | ID = 17827589
Description = DPHost kann nicht gestartet werden. Fehler: 0x8009000f
[ Spybot - Search and Destroy Events ]
Error - 09.05.2013 11:59:53 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 17.05.2013 04:09:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.05.2013 14:46:33 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 17.05.2013 15:59:02 | Computer Name = ***-PC | Source = Print | ID = 64
Description = Fehler beim Versuch, den Drucker Microsoft XPS Document Writer 6.0.6002.18005
in einem Offline-Betriebssystemabbild zu installieren. Win32-Fehlercode: 3016 (0xbc8).
Dieser Fehler kann auftreten, wenn für den Druckertreiber eine Benutzereingabe
erforderlich ist oder wenn eine Benutzeroberfläche während der Installation angezeigt
wird.
Error - 17.05.2013 15:59:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.05.2013 16:00:02 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2013 17:14:05 | Computer Name = ***-PC | Source = Print | ID = 64
Description = Fehler beim Versuch, den Drucker Microsoft XPS Document Writer 6.0.6002.18005
in einem Offline-Betriebssystemabbild zu installieren. Win32-Fehlercode: 3016 (0xbc8).
Dieser Fehler kann auftreten, wenn für den Druckertreiber eine Benutzereingabe
erforderlich ist oder wenn eine Benutzeroberfläche während der Installation angezeigt
wird.
Error - 17.05.2013 17:14:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.05.2013 17:15:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.05.2013 17:15:09 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2013 17:15:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
18.05.2013, 15:19
| #2 |
| /// TB-Ausbilder  | 100 Tans Trojaner bei Onlinebanking!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Lesestoff:Banking-Trojaner Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Scan mit Combofix
__________________ |
|
18.05.2013, 23:13
| #3 |
| | 100 Tans Trojaner bei Onlinebanking Hallo ryder,
__________________vielen Dank für deine Unterstützung. Habe die Liste durchgearbeitet und alles was ich davon gefunden habe deinstalliert. Logdatei von adw cleaner und combofix Vielen Dank  Code:
ATTFilter ComboFix 13-05-18.03 - Frenz 18.05.2013 23:42:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1253 [GMT 2:00]
ausgeführt von:: c:\users\Frenz\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dlghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dyn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64feedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64ieovr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64msg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64radio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files\TelevisionFanatic\bar\1.bin\64reghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64sknlcr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
c:\program files\TelevisionFanatic\bar\1.bin\64SrchMn.exe
c:\program files\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
c:\program files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\1.bin\CREXT.DLL
c:\program files\TelevisionFanatic\bar\1.bin\CrExtP64.exe
c:\program files\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\1.bin\installKeys.js
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8HTML.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\program files\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\users\Frenz\AppData\Roaming\Hotaeb
c:\users\Frenz\AppData\Roaming\Hotaeb\uvor.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TelevisionFanaticService
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-18 bis 2013-05-18 ))))))))))))))))))))))))))))))
.
.
2013-05-18 21:50 . 2013-05-18 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-17 21:27 . 2013-05-17 21:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-09 15:30 . 2013-05-09 15:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-09 15:30 . 2013-05-18 21:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-09 15:19 . 2013-05-09 15:19 -------- d-----w- c:\users\Frenz\AppData\Roaming\TeamViewer
2013-05-07 18:38 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5908373-3127-496F-8A8F-7CDB2B9D4F07}\mpengine.dll
2013-04-30 18:43 . 2013-05-18 21:30 -------- d-----w- c:\users\Frenz\AppData\Roaming\Goomy
2013-04-30 18:43 . 2013-04-30 18:43 -------- d-----w- c:\users\Frenz\AppData\Roaming\Idunez
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 21:25 . 2012-05-04 10:49 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-17 21:25 . 2010-08-29 08:29 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-14 20:17 . 2012-06-27 10:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 20:17 . 2011-12-09 18:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2009-10-29 10:23 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frenz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frenz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Frenz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-05-23 253952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-11-21 131072]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-08-07 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-08-01 1144104]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-08-01 210216]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-08-07 910128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-11 442460]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-14 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-14 92704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Frenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frenz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MCtlSvc.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
backup=c:\windows\pss\MCtlSvc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 00:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-29 08:30 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-23 19:05 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 20:17]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bdf76a59810.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:30]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:30]
.
2013-05-18 c:\windows\Tasks\User_Feed_Synchronization-{7BF3D315-A2A7-4300-A240-F4BE27615D59}.job
- c:\windows\system32\msfeedssync.exe [2011-11-30 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Donuleyse - c:\users\Frenz\AppData\Roaming\Hotaeb\uvor.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5844)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\users\Frenz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_84a4a6b7\STacSV.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\vfsFPService.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mfevtps.exe
c:\windows\SMINST\BLService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-19 00:02:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-18 22:01
.
Vor Suchlauf: 8 Verzeichnis(se), 186.489.528.320 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 186.165.055.488 Bytes frei
.
- - End Of File - - D0719BB54A50D4BA1D99772F47336A4E
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 18/05/2013 um 23:25:38 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Frenz - FRENZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Frenz\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Frenz\AppData\Local\PackageAware
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19154
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Frenz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3890 octets] - [18/05/2013 23:25:38]
########## EOF - C:\AdwCleaner[S1].txt - [3950 octets] ##########
|
|
19.05.2013, 13:48
| #4 |
| /// TB-Ausbilder | 100 Tans Trojaner bei Onlinebanking Gut, dann machen wir weiter: Combofix-Skript
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.05.2013, 08:35
| #5 |
| /// TB-Ausbilder | 100 Tans Trojaner bei Onlinebanking Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.05.2013, 08:47
| #6 |
| /// TB-Ausbilder | 100 Tans Trojaner bei Onlinebanking Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ --> 100 Tans Trojaner bei Onlinebanking |
|
| Themen zu 100 Tans Trojaner bei Onlinebanking |
| 32 bit, antivir, avira, bho, bonjour, browser, converter, desktop, ebanking, error, firefox, flash player, google, helper, home, homepage, iexplore.exe, install.exe, launch, mindspark, mp3, officejet, plug-in, problem, realtek, refresh, registry, safer networking, security, software, super, svchost.exe, tan 100 volksbank trojaner vista, tan trojaner, trojaner, vista |
Linear-Darstellung
