| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanermeldung durch MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.04.2013, 12:49
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojanermeldung durch MalwarebytesFixen mit OTL
Code:
ATTFilter :OTL
SRV:64bit: - (ctfmon64) -- C:\Windows\SysNative\objsel64.exe ()
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA10CDD2
:Files
C:\Windows\SysNative\objsel64.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.04.2013, 15:20
| #32 |
 | Trojanermeldung durch MalwarebytesCode:
ATTFilter Error: Unable to interpret <OTL Logfile: |
|
09.04.2013, 16:03
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Bitte beim Kopireen besser aufpassen!
__________________Du hast nicht das Script sondern ein ganzes OTL-Log da reinkopiert, das kann nicht funktionieren Bitte nochmal richtig machen
__________________ |
|
09.04.2013, 16:54
| #34 |
| | Trojanermeldung durch Malwarebytes Hoffe das ist jetzt richtig Code:
ATTFilter All processes killed
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV:64bit: - (ctfmon64) -- C:\Windows\SysNative\objsel64.exe ()> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AA10CDD2> in the current context!
========== FILES ==========
C:\Windows\SysNative\objsel64.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Peet17\Desktop\cmd.bat deleted successfully.
C:\Users\Peet17\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Peet17
->Temp folder emptied: 912289 bytes
->Temporary Internet Files folder emptied: 92479 bytes
->Java cache emptied: 15400278 bytes
->FireFox cache emptied: 68839583 bytes
->Flash cache emptied: 57236 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 23273952 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 302406 bytes
RecycleBin emptied: 1422 bytes
Total Files Cleaned = 104,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_174808
Files\Folders moved on Reboot...
C:\Users\Peet17\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.04.2013, 22:17
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Nein, leider nicht. Du musst den Text aus meiner CODE-Box 1:1 kopieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2013, 22:35
| #36 |
| | Trojanermeldung durch MalwarebytesCode:
ATTFilter All processes killed
========== OTL ==========
Service ctfmon64 stopped successfully!
Service ctfmon64 deleted successfully!
File C:\Windows\SysNative\objsel64.exe not found.
ADS C:\ProgramData\TEMP:AA10CDD2 deleted successfully.
========== FILES ==========
File\Folder C:\Windows\SysNative\objsel64.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Peet17\Desktop\cmd.bat deleted successfully.
C:\Users\Peet17\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Peet17
->Temp folder emptied: 146535 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2160259 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 65670 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_233140
Files\Folders moved on Reboot...
C:\Users\Peet17\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.04.2013, 23:18
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Ja  Bitte zur Kontrolle neue OTL-Logs machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 09:33
| #38 |
| | Trojanermeldung durch Malwarebytes So, hier ist die Logfile des Kontrollaufes mit OTL Code:
ATTFilter OTL logfile created on: 10.04.2013 10:18:46 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peet17\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 42,46% Memory free 7,96 Gb Paging File | 5,56 Gb Available in Paging File | 69,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 207,60 Gb Total Space | 105,68 Gb Free Space | 50,91% Space Free | Partition Type: NTFS Drive F: | 374,46 Gb Total Space | 369,18 Gb Free Space | 98,59% Space Free | Partition Type: NTFS Drive G: | 14,65 Gb Total Space | 9,11 Gb Free Space | 62,20% Space Free | Partition Type: NTFS Drive H: | 167,08 Gb Total Space | 18,97 Gb Free Space | 11,35% Space Free | Partition Type: NTFS Computer Name: PEET17-VAIO | User Name: Peet17 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Peet17\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe () PRC - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll () MOD - C:\Program Files (x86)\TraXEx\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (WO_LiveService) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe () SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130409.021\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130409.021\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130406.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (LiveTunerPM) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{130E203B-3D36-4F8F-9EC2-5697EB54FAE9}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{280EAC15-DCD4-4C07-95BE-76F5F54C63E3}: "URL" = hxxp://services.zinio.com.anonymize-me.de/?anonymto=687474703A2F2F73657276696365732E7A696E696F2E636F6D2F7365617263683F733D7B7365617263685465726D737D2672663D736F6E79736C69636573&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{973D2D8B-CF98-4F45-86F0-BFBE74F662E3}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{97C35CBC-59A3-4DCB-8C59-3754579DEBF9}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{AE61EDF4-E707-4245-BFD6-83DDED57A69F}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D33373237362D31363630392D32372F343F6D7072653D687474703A2F2F73686F702E656261792E64652F3F6F656D496E4C6E3D6965537263682D51333131265F6E6B773D7B7365617263685465726D737D&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{CD23E5DE-3EB3-442D-9727-670560155406}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{EBE3F4F2-B8A1-45EF-A666-F3DC5D7ABAEF}: "URL" = [String data over 1000 bytes] IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\SearchScopes\{FC1FE748-6B47-4970-BB46-4C5F7DE20236}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9224394e-b344-407a-9bf0-551ce14eb59a&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-4075830544-3649874069-869990161-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: maps%40ovi.com:5.9.2.0 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.47 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.02.13 14:38:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.09 23:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013.03.26 16:40:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.22 20:26:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.08 17:06:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.08 17:06:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.01 16:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\Extensions [2013.04.08 00:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\Firefox\Profiles\n53j8j13.default\extensions [2012.05.08 17:59:27 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Peet17\AppData\Roaming\mozilla\Firefox\Profiles\n53j8j13.default\extensions\maps@ovi.com [2012.12.11 17:51:30 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\testpilot@labs.mozilla.com.xpi [2013.03.22 14:35:39 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\toolbar@web.de.xpi [2013.04.02 19:23:44 | 000,349,773 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.11 19:38:59 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 16:36:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.21 16:10:59 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2012.03.05 16:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\extensions\maps@ovi.com\plugins\package.XPI [2013.02.23 18:52:33 | 000,001,248 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\ashampoo-de-customized-web-search.xml [2013.03.22 14:35:42 | 000,002,418 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\englische-ergebnisse.xml [2013.03.22 14:35:42 | 000,010,701 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\gmx-suche.xml [2013.03.22 14:35:42 | 000,002,432 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\lastminute.xml [2013.03.22 14:35:42 | 000,005,682 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\webde-suche.xml [2013.02.23 18:52:33 | 000,001,870 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\{2ACCC7CF-D613-4458-8718-52934267CF46}.xml [2013.02.23 18:52:33 | 000,002,188 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\{35C64247-C242-4EF2-864E-08D0A36789AF}.xml [2013.02.23 18:52:33 | 000,002,077 | ---- | M] () -- C:\Users\Peet17\AppData\Roaming\mozilla\firefox\profiles\n53j8j13.default\searchplugins\{E5C408BC-DAD8-4C09-BBD4-917EFE4AAA24}.xml [2013.03.22 20:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.09 23:31:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-21-4075830544-3649874069-869990161-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-4075830544-3649874069-869990161-1005..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-4075830544-3649874069-869990161-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4075830544-3649874069-869990161-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4075830544-3649874069-869990161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4075830544-3649874069-869990161-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Peet17\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Peet17\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files (x86)\TraXEx\Integration\TraXEx Internet Explorer.lnk () O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files (x86)\TraXEx\Integration\TraXEx Löschautomat.lnk () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0966E0-9BB8-42D7-8397-765D99DE8B84}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - G:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 23:33:48 | 000,000,000 | R--D | C] -- C:\Users\Peet17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.09 16:17:14 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.09 16:10:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peet17\Desktop\OTL.exe [2013.04.08 17:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.08 13:19:36 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Peet17\Desktop\esetsmartinstaller_enu.exe [2013.04.07 23:48:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.07 23:48:01 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.07 23:45:32 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Peet17\Desktop\JRT.exe [2013.04.06 16:57:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.06 16:20:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.06 16:20:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.06 16:20:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.06 16:19:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.06 16:19:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.06 16:14:50 | 005,047,402 | R--- | C] (Swearware) -- C:\Users\Peet17\Desktop\ComboFix.exe [2013.04.05 17:52:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Peet17\Desktop\aswMBR.exe [2013.04.05 17:17:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Peet17\Desktop\tdsskiller.exe [2013.04.05 13:42:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.03 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Peet17\Desktop\mbar-1.01.0.1022 [2013.04.03 18:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.03 18:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.01 11:00:48 | 000,000,000 | ---D | C] -- C:\Users\Peet17\AppData\Roaming\Malwarebytes [2013.04.01 11:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.01 11:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.01 11:00:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 11:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.26 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\Peet17\AppData\Roaming\VDownloader [2013.03.26 16:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.03.26 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\Peet17\AppData\Local\VDownloader [2013.03.26 16:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader [2013.03.26 16:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader [2013.03.26 16:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2013.03.26 16:17:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.22 20:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.22 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\Peet17\Qtrax [2013.03.22 20:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.03.22 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Peet17\Desktop\mbar [2013.03.19 18:11:44 | 000,000,000 | ---D | C] -- C:\Users\Peet17\Documents\Outlook-Dateien [2013.03.14 17:50:13 | 000,000,000 | ---D | C] -- C:\Users\Peet17\AppData\Roaming\MyPhoneExplorer [2013.03.14 17:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.03.14 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2013.03.14 16:57:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 16:57:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 16:57:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 16:57:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 16:57:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 16:57:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 16:57:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 16:57:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 16:57:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 16:57:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 16:57:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 16:57:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 16:57:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 16:57:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 16:57:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 16:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 16:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 16:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 19:41:11 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.tmp files -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.10 09:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 01:23:56 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.10 01:23:56 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 23:37:19 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 23:37:19 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.09 23:37:19 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 23:37:19 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.09 23:37:19 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 23:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 23:32:45 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 23:31:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013.04.09 16:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peet17\Desktop\OTL.exe [2013.04.08 13:19:37 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Peet17\Desktop\esetsmartinstaller_enu.exe [2013.04.08 10:08:02 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.08 10:06:23 | 000,613,083 | ---- | M] () -- C:\Users\Peet17\Desktop\adwcleaner.exe [2013.04.07 23:45:35 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Peet17\Desktop\JRT.exe [2013.04.06 16:15:11 | 005,047,402 | R--- | M] (Swearware) -- C:\Users\Peet17\Desktop\ComboFix.exe [2013.04.05 17:54:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Peet17\Desktop\aswMBR.exe [2013.04.05 17:17:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Peet17\Desktop\tdsskiller.exe [2013.04.05 14:04:57 | 409,139,317 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.05 11:02:24 | 000,222,832 | ---- | M] () -- C:\Users\Peet17\Desktop\snipp.PNG [2013.04.04 16:58:23 | 000,007,892 | ---- | M] () -- C:\Users\Peet17\Desktop\GMER.zip [2013.04.04 16:53:52 | 000,004,577 | ---- | M] () -- C:\Users\Peet17\Desktop\GMER.7z [2013.04.04 14:43:20 | 000,377,856 | ---- | M] () -- C:\Users\Peet17\Desktop\onl49zno.exe [2013.04.04 14:37:46 | 000,001,101 | ---- | M] () -- C:\Users\Peet17\Dokumente - Verknüpfung.lnk [2013.04.04 09:51:19 | 000,000,017 | ---- | M] () -- C:\Users\Peet17\AppData\Local\resmon.resmoncfg [2013.04.03 19:25:17 | 012,894,739 | ---- | M] () -- C:\Users\Peet17\Desktop\mbar-1.01.0.1022.zip [2013.04.02 16:38:45 | 000,000,020 | ---- | M] () -- C:\Users\Peet17\defogger_reenable [2013.04.01 11:00:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 17:57:32 | 000,002,760 | ---- | M] () -- C:\{D2A06217-CFE2-41D6-90CC-8B100CB8EF0A} [2013.03.27 21:00:56 | 000,013,003 | ---- | M] () -- C:\test.xml [2013.03.27 12:19:10 | 001,680,165 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.03.26 16:40:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk [2013.03.22 20:33:53 | 000,000,306 | ---- | M] () -- C:\Users\Peet17\Documents\cc_20130322_193349.reg [2013.03.22 18:01:14 | 001,771,921 | ---- | M] () -- C:\Users\Peet17\Desktop\036-044_HGT201201_Tischgrills.pdf [2013.03.22 15:22:08 | 000,000,124 | ---- | M] () -- C:\Users\Peet17\Documents\ax_files.xml [2013.03.22 14:17:43 | 005,123,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.19 20:40:35 | 000,002,173 | ---- | M] () -- C:\Users\Peet17\Desktop\Skat-Online V9.lnk [2013.03.19 18:07:18 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.03.19 18:06:20 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021 [2013.03.15 21:33:12 | 000,002,160 | ---- | M] () -- C:\{24C94FC6-ECE7-4EC0-AEA7-0D52FA1B10CA} [2013.03.14 18:10:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013.03.14 17:50:11 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.03.13 19:41:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 19:41:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.13 19:41:11 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.03.11 15:01:49 | 000,053,030 | ---- | M] () -- C:\Users\Peet17\Desktop\Computerfreeks.jpg [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 10:07:54 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.08 10:06:20 | 000,613,083 | ---- | C] () -- C:\Users\Peet17\Desktop\adwcleaner.exe [2013.04.06 16:20:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.06 16:20:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.06 16:20:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.06 16:20:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.06 16:20:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.05 13:42:03 | 409,139,317 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.05 11:02:24 | 000,222,832 | ---- | C] () -- C:\Users\Peet17\Desktop\snipp.PNG [2013.04.04 16:58:23 | 000,007,892 | ---- | C] () -- C:\Users\Peet17\Desktop\GMER.zip [2013.04.04 16:53:52 | 000,004,577 | ---- | C] () -- C:\Users\Peet17\Desktop\GMER.7z [2013.04.04 14:43:20 | 000,377,856 | ---- | C] () -- C:\Users\Peet17\Desktop\onl49zno.exe [2013.04.04 14:37:46 | 000,001,101 | ---- | C] () -- C:\Users\Peet17\Dokumente - Verknüpfung.lnk [2013.04.04 09:51:19 | 000,000,017 | ---- | C] () -- C:\Users\Peet17\AppData\Local\resmon.resmoncfg [2013.04.03 19:25:16 | 012,894,739 | ---- | C] () -- C:\Users\Peet17\Desktop\mbar-1.01.0.1022.zip [2013.04.02 16:38:45 | 000,000,020 | ---- | C] () -- C:\Users\Peet17\defogger_reenable [2013.04.01 11:00:40 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 17:57:32 | 000,002,760 | ---- | C] () -- C:\{D2A06217-CFE2-41D6-90CC-8B100CB8EF0A} [2013.03.26 16:40:35 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013.03.26 16:40:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk [2013.03.22 20:33:51 | 000,000,306 | ---- | C] () -- C:\Users\Peet17\Documents\cc_20130322_193349.reg [2013.03.22 20:26:47 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.22 18:01:14 | 001,771,921 | ---- | C] () -- C:\Users\Peet17\Desktop\036-044_HGT201201_Tischgrills.pdf [2013.03.22 14:17:11 | 005,123,776 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.19 18:07:18 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.03.15 21:33:10 | 000,002,160 | ---- | C] () -- C:\{24C94FC6-ECE7-4EC0-AEA7-0D52FA1B10CA} [2013.03.14 18:10:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2013.03.14 17:50:11 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.03.11 15:01:49 | 000,053,030 | ---- | C] () -- C:\Users\Peet17\Desktop\Computerfreeks.jpg [2013.02.23 18:52:26 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.12 22:03:01 | 000,091,136 | ---- | C] () -- C:\Windows\SendToClip.exe [2013.01.30 21:13:53 | 000,001,521 | ---- | C] () -- C:\Users\Peet17\AppData\Local\recently-used.xbel [2012.11.08 18:16:37 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.11.08 18:16:37 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.11.08 18:16:37 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.11.08 18:16:35 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.11.02 18:07:16 | 000,058,617 | ---- | C] () -- C:\Users\Peet17\final_bstSnapshot_18759.jpg [2012.10.23 21:47:11 | 121,932,055 | ---- | C] () -- C:\Users\Peet17\Urlaub in Obergurgel 2012.wmv [2012.09.14 14:37:30 | 000,009,216 | ---- | C] () -- C:\Users\Peet17\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.29 15:55:21 | 000,000,045 | ---- | C] () -- C:\ProgramData\.SimImages [2012.06.19 15:01:50 | 009,314,047 | ---- | C] () -- C:\Users\Peet17\Meine Diashow.wmv [2012.06.01 00:44:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.04.02 20:25:01 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.04.02 20:25:01 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.04.02 20:25:01 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.04.02 20:25:01 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.04.02 20:25:01 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.04.02 20:21:02 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.16 21:02:23 | 000,017,408 | ---- | C] () -- C:\Users\Peet17\AppData\Local\WebpageIcons.db [2012.03.15 09:47:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.03.06 11:35:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.03.05 14:30:32 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >  Peter |
|
10.04.2013, 09:41
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Gut Noch Probleme offen, nervt Malwarebytes immer noch mit der Meldung?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 12:05
| #40 |
| | Trojanermeldung durch Malwarebytes Hallo, bis jetzt nervt Malwarebytes nicht mehr, scheint also alles o.k. zu sein. Nochmals vielen Dank und weiterhin viel Erfolg. Peter  |
|
10.04.2013, 12:24
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 12:30
| #42 |
| | Trojanermeldung durch Malwarebytes Alles O.K.  |
|
10.04.2013, 14:02
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 16:24
| #44 |
| | Trojanermeldung durch Malwarebytes Hallo Cosinus, muss mich trotzdem nochmal melden. Seit der Trojaner beseitigt ist und ich deine Anweisungen umgestzt habe ist der Rechner total langsam geworden. Bei Arbeiten im Internet (z.B. Banküberweisungen) muss ich jetzt ca. 1,5 Minuten warten bis eine TAN erzeugt ist, was vorher in ca. 7 Sekunden erfolgte. Ist das normal? Kann ich was dagegen tun? Schönen Tag Peter |
|
12.04.2013, 12:18
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldung durch Malwarebytes Mit so wenig Angaben kann man dir nicht helfen Du schreibst weder wie genau du Onlinebanking machst noch andere Details wie zB verwendete Software - webbrowserbasiert oder per Bankingprogramm
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojanermeldung durch Malwarebytes |
| dankbar, erfolgreich, erschein, erscheint, gefährliche, gefährlichen, gestoppt, laptop, laufe, laufend, malwarebytes, meldung, neue, neuen, nicht mehr, plötzlich, prozess, sauber, scan, troja, trojanermeldung, vertraut, webseite, zugang, öffnen |
Textbox. 
Linear-Darstellung
