TR/ATRAPS.Gen2 gefunden in Windows\installer

schrauber · 14.06.2013, 11:57

Dann jetzt Combofix

Nil11 · 14.06.2013, 14:01

Hi! Das wird erst heute abend was. Mein Rechner lief aber wieder recht flüssig heute morgen! Yeah

schrauber · 14.06.2013, 16:11

Supi

Nil11 · 14.06.2013, 17:12

Code:

ATTFilter

ComboFix 13-06-13.01 - Xxx 14.06.2013   8:27.5.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.1768 [GMT 2:00]
ausgeführt von:: c:\users\Xxx\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-14 bis 2013-06-14  ))))))))))))))))))))))))))))))
.
.
2013-06-14 06:41 . 2013-06-14 06:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-14 06:41 . 2013-06-14 06:41	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2013-06-10 06:06 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-06-10 06:06 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-10 06:06 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-06-09 17:58 . 2013-06-09 17:58	--------	d-----w-	C:\FRST
2013-06-08 19:56 . 2013-06-08 19:56	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-06-03 17:47 . 2013-06-03 18:01	--------	d-----w-	c:\program files (x86)\BeCyPDFMetaEdit
2013-05-19 11:22 . 2013-05-19 11:22	--------	d-----w-	c:\users\Xxx\AppData\Local\Cisco
2013-05-19 11:22 . 2013-05-19 11:22	--------	d-----w-	c:\programdata\Cisco
2013-05-19 11:22 . 2013-05-19 11:22	--------	d-----w-	c:\program files (x86)\Cisco
2013-05-15 21:02 . 2013-04-09 01:55	2774016	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 21:02 . 2013-04-15 14:17	901496	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 21:02 . 2013-04-13 03:34	47104	----a-w-	c:\windows\system32\cdd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 21:46 . 2012-04-26 12:59	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 21:46 . 2011-07-06 07:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 09:01 . 2006-11-02 12:35	75016696	----a-w-	c:\windows\system32\mrt.exe
2013-05-16 08:51 . 2012-01-20 18:29	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-10-02 23:43	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-04 12:50 . 2010-11-17 16:03	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\Winload\prxtbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"F.lux"="c:\users\Xxx\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-05-09 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
.
c:\users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42504932.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint64.sys;c:\windows\SYSNATIVE\DRIVERS\acsint64.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux64.sys;c:\windows\SYSNATIVE\DRIVERS\acsmux64.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 21:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=43daec26-4aa8-4fef-a72a-029f14216055&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: asc.at\*.uibk
Trusted Zone: uibk.ac.at
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F5DAF58B-FD6E-43BF-900F-80EF1CCBA83A}: NameServer = 130.149.7.7 130.149.7.7
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - prefs.js: network.proxy.http - 50.22.206.179
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-15 02:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
AddRemove-Windows XP Video Screensaver Powertoy_is1 - c:\windows\system32\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2013-06-14  08:45:26
ComboFix-quarantined-files.txt  2013-06-14 06:45
ComboFix2.txt  2013-06-10 20:58
ComboFix3.txt  2013-06-09 17:01
.
Vor Suchlauf: 23 Verzeichnis(se), 363.698.434.048 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 363.638.218.752 Bytes frei
.
- - End Of File - - D62BE0FBAB6B62623F17DFACD9D6AB65
81CD5EC01DB0CE57EDD853F82462EF27

Hi, eben kam diese mail. Etwas in der Art habe ich bisher noch nie gekriegt. Kann aber natürlich Zufall sein. Den Anhang habe ich bisher nicht geöffnet (natürlich). Ist das in irgendeiner Form ernst zu nehmen? Bestellt habe ICH nichts...

Sehr geehrter Kunde,

durch Ihre Bestellung vom 29.05.2013 haben Sie sich rechtlich verpflichtet die Summe in Höhe von 366,00 Euro an unseren Mandanten zu zahlen.

Den Betrag haben Sie bis jetzt nicht an das Bankkonto von Thalia Online Store GmbH übertragen.

Weiterhin sind Sie aus Gründen des Verzuges gezwungen die Ausgaben unserer Beauftragung zu tragen.

Unsere Anwaltskanzlei wurden von der Firma Thalia Online Store GmbH beauftragt die gesetzlichen Interessen zu vertreten. Die Bevollmächtigung wurde notariell schriftlich zugesichert.

Die zusätzlichen Kosten unserer Tätigkeit errechnen sich nach dieser Kostenrechnung:

********************
19,00 Euro (nach Nummer 9129 RGV)
16,00 Euro (Pauschalvergütung gemäß RVG § 4 Abs. 1 und 2)
********************

Wir verpflichten Sie mit Kraft unserer Mandantschaft den Gesamtbetrag auf das Konto unseren Mandanten zu übersenden. Die Kontodaten und die Lieferdaten Ihrer Bestellung finden Sie im angehängtem Ordner. Für den Eingang der Zahlung setzten wir Ihnen eine gesetzliche letzte Zeitfrist bis zum 24.06.2013.

Mit freundliche Grüßen Linda Maier Anwaltschaft

schrauber · 14.06.2013, 18:45

Lol, das is Spam. Leite mal weiter an schrauber(at)gmx.eu.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und zum Schluss ein frisches FRST Scanlog, dann sind wir durch

Nil11 · 14.06.2013, 22:26

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 14/06/2013 um 23:17:07 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Xxx - XXX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\searchplugins\Web Search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Winload
Gelöscht mit Neustart : C:\Users\Xxx\AppData\Local\Smartbar
Gelöscht mit Neustart : C:\Users\Xxx\AppData\LocalLow\boost_interprocess
Gelöscht mit Neustart : C:\Users\Xxx\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Xxx\AppData\LocalLow\Winload
Gelöscht mit Neustart : C:\Users\Xxx\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BEDA9FD-7D79-4DB6-928E-22831DDEA6A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAE5F710-7EED-46DE-AB63-BBE940028139}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=43daec26-4aa8-4fef-a72a-029f14216055&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=43daec26-4aa8-4fef-a72a-029f14216055&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=43daec26-4aa8-4fef-a72a-029f14216055&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=43daec26-4aa8-4fef-a72a-029f14216055&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

Datei : C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\prefs.js

C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

*************************

AdwCleaner[S1].txt - [5514 octets] - [14/06/2013 23:17:07]

########## EOF - C:\AdwCleaner[S1].txt - [5574 octets] ##########

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Xxx on 14.06.2013 at 23:28:26,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{01F1531F-8BD5-4C5F-99E8-352FC65C9022}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{072A93D2-F33E-48DA-9B03-1AE92CE15182}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{08807135-607A-46EC-88D0-1675B36C0039}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{09685018-C674-4BDB-A672-B3A9368CC95F}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{0F16E9C7-5AC9-4872-BEBD-9A2FB1B8BD32}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{12C674FE-02AC-498B-BC4D-4A13AB29F37C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{13FF9490-B07D-4404-98F3-9E812D0A063B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1457F197-F485-4D00-B969-FA5A56E7DBD0}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{15A7572E-E642-4E0A-A5DA-5109DC82D792}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{184B27FC-5F9A-46AC-9BEF-F4BA5D4F20D7}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1873DDFF-5E3B-4E06-8035-B7572D40E73C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1927DF14-4342-439E-BB0F-90D35CC2D839}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1B61849E-1CB2-4571-BAF2-09B2859D0E30}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1B8D69CF-1058-4F76-8B7F-75EC1620BB4C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1BEC6BA9-E7DC-4B80-B271-B44D4F98F7BE}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1E274369-A483-46FB-9BD4-8065516EC411}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{1FEB72E3-6687-4D9A-B7DE-3F6D7E428C99}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{20671462-C2F0-44A0-9A73-DDDA84F66DED}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{209048DA-1E1D-4DB5-8353-EB2F9D0FD646}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{22B034BF-8CF5-4E75-A967-4EE7A6166731}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{22F80A6F-D548-4A3B-9F8F-11BE34979B44}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{23C6B81D-E165-494A-9E7D-CAC4782AC371}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{242B588A-9CB5-47F2-83FD-9AD7D84BA088}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{24CFC454-5554-4CF8-B6EC-0E9EBDE49E87}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{27CC2430-80BE-4607-A689-5BC365F69FB1}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{283C2890-9480-44CF-9C49-4932F1FEBE06}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{2901B93F-B15F-4E47-8A07-5B2B30983BAF}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{2A934D6D-492A-4DBC-AECF-347AE6854B8E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{2B45500D-79FA-49BD-9064-E6581B4BF245}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{2B56FCB6-D065-4145-AAB7-2C16826F46A4}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{2F89F6F8-18D3-42A4-ADF1-26A3D50204C7}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3168212C-9A15-4B2A-A995-88175B057D19}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{32794EBF-488D-4602-9974-3F52080FEBD1}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3500F30C-FCC8-41CF-881E-AF156ABC2A84}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{36660AB4-0B95-428D-BA83-03D72D006035}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3756A6DB-C335-405E-AAA8-6A1BE5FA48CB}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3C6567EF-7831-4890-BE70-628BA9BB261B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3E991545-B5A7-475A-9872-FAC3628C373D}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{3F6E2397-91B2-4301-BC63-9ABB214A1ACF}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{42D2B040-8603-4584-9D98-10E3E1EB329D}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{42D9D80A-7DDA-4693-9BA6-E2E833349503}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{42FF4041-9A28-43D2-9EFB-FCD02BE0F523}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{4424B50C-C0B3-48C7-8522-331BEA77131A}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{46317B52-D971-4A62-9207-6AC4CA442186}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{46AEAAE3-4BCF-4E9D-BCBB-645280A330B3}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{4C02FB23-9E41-4DCA-B35A-B4D24FBF75E2}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{4F095B00-BE2C-45B4-AE1B-C04A35E4FB17}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{50120D4C-7FCA-4D0B-8A96-4AA2C044035A}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{555B09D5-E5D7-4995-BEDF-706DC028C4D6}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{566894C9-0FD9-43A1-9B9E-B1686C6BC451}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{56E73C9A-8A38-4BA4-9950-6AC7FB5DB540}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5776841E-6E67-4849-8695-1605750D5D7C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{57DB33AC-B605-43DD-9A74-6F2720645A17}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{59AA2F83-ED95-45F1-A681-F6B3EB653216}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{59F0932C-BB21-469E-8564-F12A49E132D1}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5AB377ED-FBB2-4D91-8E5A-A9D250BA5F81}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5ACFB0B1-9904-4DAB-9063-FAD54E579ADE}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5B2FFBEE-2204-4230-9D01-81BBB6008D71}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5E1486A6-38EF-4683-BE4A-2993FCD98D92}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5E7F6200-BA3E-40F3-838C-C5A2EEC80A2E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{5ED231DF-5D48-46F3-A26D-5942E15A804E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{61324138-153D-4880-B07F-585D87E6CE67}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6235577A-2A44-4D7D-A3E8-F4C48DD3D1D6}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6263E2F3-7784-41D7-A405-7BE59A72FFAE}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{629665A0-4CFE-42E1-955B-3E9FCD13A6E5}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{62CBDE4E-ED91-4F97-A265-ADFC46832CEE}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6555D123-B566-4C36-B482-6147F77E749B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{66B6248C-39E8-47CB-8B12-660DFC27FCBF}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{692FDB43-5A96-4FF7-9494-E54102B68699}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6ACB8BF8-E37D-48D0-8D6A-F25E153B5ED5}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6D2D2A4F-092A-4EA9-8B70-6D567710289B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{6EEF0B2A-3BBB-4F08-85E6-99F712B5D169}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{711BF235-4B9F-4785-8FBE-3A90BBCF5EE0}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{73A23E20-07E3-4BAD-B580-A86BFE6D8CF6}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{76FE5950-180D-4598-B7C2-0E5BAA1F674E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{792FCCC5-88BF-45E4-99B9-0AE45C25E1BA}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{7B486318-C26A-43EF-A06D-A7451E39170E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{7C837369-D527-400D-9C78-825E0D0C0D07}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{82C66B3E-345D-42C5-BE71-BA02886B0E96}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{832295D6-3406-4933-BB96-B9A27C9DC757}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{8585A0AD-E2ED-4D37-9AEA-865CB6BC5076}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{85ED6366-7E4B-4CE7-BBCC-F4340EF4084B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{86F3FA9B-34BB-45AB-9D01-459BB2CFE73E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{888B476D-48BB-46B6-9AFB-E614C1ED7264}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{89345C46-B693-450B-A2F4-E3057FE6719B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{8AC52835-714B-4AF7-B558-A2331FC67A6B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{8C8217E4-C14F-4CB9-8FE4-A833DACE47C1}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{8DE6EF12-48A6-4D43-A26C-0FA4C609FC4E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{9029A65C-6834-4163-9034-3D5075BFB38F}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{90936A67-956A-43FD-974F-B6AB51046C9F}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{91A26D27-FABF-46B9-8FA8-B30FAABC78C2}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{91AC14AA-B949-44EF-BF9A-B2C5D7CC2767}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{94E2074B-679B-40E4-B772-B349987C327D}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{95D00FE1-C63E-49D6-B6B8-0B95988F753A}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{95DEF6F0-A9D1-46CD-B7A1-BCAEBE774D22}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{96076A88-160D-48AA-931B-EB254E890165}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{9E488697-1108-41D9-99C0-ABE01A4F323B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{9E7F625E-076C-4D8A-88B0-FF36204E4AFC}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{9F0AD39E-33B0-4C67-88CE-73F5CB5EFC80}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{9F695206-D438-4756-99BE-14E97F13F4B8}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{A04CA9C9-113A-4CAC-9CA8-BF823C0D032E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{A5C29315-AE25-4FE2-B05B-CE1B9892A1E4}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{AE61F724-8528-405C-A159-20104BF96C13}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{B0AB8568-C4AF-4E77-BA19-3309C5972B28}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{B2A8292A-FB61-4030-B284-7C1BE32C38E9}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{B325FBB4-ECBA-4DE9-9F6E-5EC7E7A0E4AA}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{B4ED073B-201B-422B-95DC-178BE361106F}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{B746E23B-BFCF-45B5-9C03-7ABA39D215EF}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{BC530ECA-977C-4927-9E11-045BD5227073}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C547DF8C-0602-45CC-8B34-45CBD2912D5A}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C5C23208-064F-4F6A-8D0C-7975C5EF1C5C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C707F5A2-C1CE-4811-83E2-0A78DB2E3923}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C733A367-2A7F-4141-A4EA-012386416D7A}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C7D57BAD-0FBE-4072-A904-A79BC3A71489}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C80A92E4-278A-4998-A876-963AC982030E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C858C2F3-55B4-4353-9230-070791626621}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C9481AC5-F001-47AF-8119-E9F991A219DF}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{C9915D78-E02B-4E2C-9BE0-AF13FC8BFF01}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{CA6FBF03-875F-4A2F-B5EE-2E8218E45CC4}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{CAC79130-F0D0-4FED-BDEA-9F2B96F17F4E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D164B431-5CE4-45F5-AC5C-F242C5967282}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D25C0B15-CA4F-43C3-9191-8B6CF3A6CDC4}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D373ABEE-7100-4B96-A6AC-F0EDB1BEC08E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D4B6ED1E-F56D-4CEA-8570-ADAF5DDA7BC4}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D4B7EA69-8C80-413C-A9D4-64AEF8CEBD1E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{D9B9B2A4-2DD1-4A0F-81A5-D6BAF003592C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E0E43D25-2F79-434C-8FBB-91F7C875C1E6}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E159FABD-4497-48B5-A9D9-FBC9F94E4C7E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E29051A9-BDA5-46DD-9A8E-9F7CC8AC2B21}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E3E3B240-3A73-472A-B00F-43350955E296}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E4C49365-E506-4577-9DA0-D534A7A41986}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E4FD8C6D-D577-4815-A7EE-E0DE89728FA0}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E54567C2-14F6-4349-86E9-234CCB73E3BA}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E5C58327-B678-4237-A36E-CDA95BBD2AAD}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E63772A8-5416-4EA8-B156-FF4CBC12652E}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E8D287B9-58DC-4696-85DE-E61812DC3552}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E97EA5E8-B896-4658-82AE-54C47186DC28}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{E9C5B95E-B4BF-498A-8B5C-F755E1D0656B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{ED487378-2E7F-4F12-9C50-739D710CD6EE}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{EEA4D3A7-C051-45F7-B420-35D97AD7D06D}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{EEAA705B-C12E-4D9A-A6A3-722301E68734}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{EF7A4FDA-52CC-4E67-9A29-CC7917601CEB}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F065A15F-E7BD-4980-BDF8-D99E0D10FDB5}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F09AD6AC-5846-4364-A75B-EC1FBB90932C}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F243B038-EC5F-49FD-8A52-236565F3EECA}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F33038C7-06EE-40AD-A346-5570779D8A96}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F3C0B588-BA9A-40DD-8CA3-86A30E73B209}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F50ED4F3-AB9A-4BE0-B041-22FE2E0A7143}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F521B702-14D9-4F1D-BD14-D59E6592C367}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F6DCC282-FF75-44C2-8EF5-353124F66AE2}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F7BB198D-4D6B-4A13-A552-EC132E12D74B}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{F9CF88B6-ACB2-4C31-A93E-A952E4B9D0F8}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FA93ED1A-BACB-494E-9812-716279FE2A23}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FB9F92DC-A1D2-4642-B204-DAE658403567}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FBD6B40A-46F3-4704-9AAC-516CC87306CC}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FCA19223-2C76-4F41-B88A-9972B414FE55}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FCF0BD69-AB37-49B1-AB48-CBC6E7B78A49}
Successfully deleted: [Empty Folder] C:\Users\Xxx\appdata\local\{FD4EBDC1-877A-45CF-97F1-CD5320ADF993}



~~~ FireFox

Emptied folder: C:\Users\Xxx\AppData\Roaming\mozilla\firefox\profiles\jcwd05qk.default\minidumps [324 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.06.2013 at 23:32:51,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

oh oh

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=befbc43768e21b4084c8a0c2c232e785
# engine=14075
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-15 12:30:44
# local_time=2013-06-15 02:30:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 29089 208780150 0 0
# scanned=389887
# found=8
# cleaned=0
# scan_time=10110
sh=6EA7D8B4EBA6063B1B13CA8A4EF8BF295B43E83D ft=1 fh=862b09638877a7b0 vn="Win64/Patched.A trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\file0000\tsk0000.dta"
sh=1728444F6D66A543C4E38B92A9CC1D2D332B72F0 ft=1 fh=6bf8034f6983546b vn="Win32/Sirefef.EZ trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0000.dta"
sh=A0E57BAC8B2A6FF64937D45029FF31FA0F873B30 ft=1 fh=bbc320f44d9ef8bc vn="Win64/Sirefef.W trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0001.dta"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0005.dta"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0007.dta"
sh=061A3739739904F13A5B9ADCBF4AC2E8A3157B18 ft=1 fh=3f70b78fb0084ee4 vn="Win64/Sirefef.AW trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0008.dta"
sh=B13BD8868B583578C5146AFB237DC55B85512158 ft=1 fh=cc5cb84c7733d7f0 vn="a variant of Win32/Sirefef.FV trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0009.dta"
sh=48C3E4403B2099D7CE9BBB89FF0F0CCBF77981F4 ft=1 fh=1d52409ede4e2f84 vn="Win64/Sirefef.AN trojan" ac=I fn="C:\TDSSKiller_Quarantine\08.06.2013_21.55.43\zasubsys0000\zafs0000\tsk0010.dta"

Security check:

Code:

ATTFilter

UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Xxx (administrator) on 15-06-2013 08:26:05
Running from C:\Users\Xxx\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe
(The MathWorks Inc.) C:\Program Files (x86)\MATLAB71\bin\win32\MATLAB.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Users\Xxx\Local Settings\Apps\F.lux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Xxx\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [F.lux] "C:\Users\Xxx\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] ()
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-05-09] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe" [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [685048 2012-08-03] (Cisco Systems, Inc.)
HKU\Default\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\UpdatusUser\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM - {017A66CC-3985-4911-A97F-FECB0BCC95B0} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {58235107-16C5-49E2-98F1-21B363368353} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {9E85F70F-E0D6-4AD4-823C-1BC5B6AE763C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F5DAF58B-FD6E-43BF-900F-80EF1CCBA83A}: [NameServer]130.149.7.7 130.149.7.7

FireFox:
========
FF ProfilePath: C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "http", "50.22.206.179"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: FoxyProxy Basic - C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\foxyproxy@eric.h.jung
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jcwd05qk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
R2 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [536576 2005-07-27] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [45480 2012-08-03] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [69544 2012-08-03] (Cisco Systems, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2011-04-04] (Hauppauge Computer Works, Inc.)
R3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [19840 2011-04-04] (Hauppauge Computer Works, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15168 2012-03-10] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 ildid; system32\drivers\icbpzwk.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64; system32\drivers\LVUSBS64.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [x]
S0 sboliv; system32\drivers\giecpry.sys [x]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
S0 yyca; system32\drivers\txgtym.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-15 08:25 - 2013-06-15 08:25 - 01920398 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64(1).exe
2013-06-15 08:21 - 2013-06-15 08:21 - 00890839 ____A C:\Users\Xxx\Desktop\SecurityCheck.exe
2013-06-14 23:40 - 2013-06-14 23:40 - 02347384 ____A (ESET) C:\Users\Xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-14 23:40 - 2013-06-14 23:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-14 23:32 - 2013-06-14 23:32 - 00018871 ____A C:\Users\Xxx\Desktop\JRT.txt
2013-06-14 23:28 - 2013-06-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-14 23:28 - 2013-06-14 23:28 - 00000000 ____D C:\JRT
2013-06-14 23:27 - 2013-06-14 23:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Xxx\Desktop\JRT.exe
2013-06-14 23:17 - 2013-06-14 23:18 - 00005637 ____A C:\AdwCleaner[S1].txt
2013-06-14 23:15 - 2013-06-14 23:15 - 00648201 ____A C:\Users\Xxx\Desktop\adwcleaner.exe
2013-06-14 23:09 - 2013-06-14 23:09 - 00448512 ____A (OldTimer Tools) C:\Users\Xxx\Desktop\TFC.exe
2013-06-14 08:45 - 2013-06-14 08:45 - 00019783 ____A C:\ComboFix.txt
2013-06-14 08:23 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-14 08:15 - 2013-06-14 08:16 - 05080197 ____R (Swearware) C:\Users\Xxx\Desktop\ComboFix.exe
2013-06-14 08:12 - 2013-06-14 08:13 - 00000000 ____D C:\NoMBR
2013-06-13 23:26 - 2013-06-13 23:26 - 00000000 ____D C:\Users\Xxx\Desktop\Minitab v16
2013-06-13 22:39 - 2013-06-13 22:39 - 00000000 ____D C:\savw_102_sa
2013-06-13 22:27 - 2013-06-13 22:32 - 104043216 ____A C:\Users\Xxx\Desktop\escw_102_sa_sfx.exe
2013-06-13 22:26 - 2013-06-13 22:31 - 99026344 ____A C:\Users\Xxx\Desktop\savw_102_sa_sfx.exe
2013-06-10 08:06 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-10 08:06 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-10 08:06 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-10 08:06 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-09 19:58 - 2013-06-09 19:58 - 00000000 ____D C:\FRST
2013-06-09 19:56 - 2013-06-11 20:45 - 01920158 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64.exe
2013-06-09 12:57 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-09 12:57 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-09 12:57 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-09 12:53 - 2013-06-14 08:45 - 00000000 ____D C:\Qoobox
2013-06-09 12:53 - 2013-06-10 22:47 - 00000000 ____D C:\Windows\erdnt
2013-06-08 22:57 - 2013-06-08 22:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 22:51 - 2013-06-09 00:00 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 21:56 - 2013-06-08 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 19:47 - 2013-06-03 20:01 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-05-22 22:55 - 2013-05-22 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-19 18:54 - 2013-05-19 18:54 - 00000154 ____A C:\Users\Xxx\.appletviewer
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Users\Xxx\AppData\Local\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Program Files (x86)\Cisco

==================== One Month Modified Files and Folders =======

2013-06-15 08:25 - 2013-06-15 08:25 - 01920398 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64(1).exe
2013-06-15 08:21 - 2013-06-15 08:21 - 00890839 ____A C:\Users\Xxx\Desktop\SecurityCheck.exe
2013-06-15 08:19 - 2009-07-22 10:36 - 01455771 ____A C:\Windows\WindowsUpdate.log
2013-06-15 08:18 - 2012-04-26 14:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 08:18 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 08:18 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 03:09 - 2006-11-02 14:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-15 03:08 - 2012-02-09 23:02 - 01547800 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 03:08 - 2009-05-19 14:37 - 00674972 ____A C:\Windows\System32\perfh007.dat
2013-06-15 03:08 - 2009-05-19 14:37 - 00145640 ____A C:\Windows\System32\perfc007.dat
2013-06-15 03:08 - 2006-11-02 14:46 - 01547800 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 23:40 - 2013-06-14 23:40 - 02347384 ____A (ESET) C:\Users\Xxx\Desktop\esetsmartinstaller_enu.exe
2013-06-14 23:40 - 2013-06-14 23:40 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-14 23:32 - 2013-06-14 23:32 - 00018871 ____A C:\Users\Xxx\Desktop\JRT.txt
2013-06-14 23:28 - 2013-06-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-14 23:28 - 2013-06-14 23:28 - 00000000 ____D C:\JRT
2013-06-14 23:27 - 2013-06-14 23:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Xxx\Desktop\JRT.exe
2013-06-14 23:21 - 2011-12-12 03:13 - 00000000 ___RD C:\Users\Xxx\Dropbox
2013-06-14 23:21 - 2011-12-12 03:10 - 00000000 ____D C:\Users\Xxx\AppData\Roaming\Dropbox
2013-06-14 23:19 - 2009-05-19 06:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-14 23:19 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-14 23:18 - 2013-06-14 23:17 - 00005637 ____A C:\AdwCleaner[S1].txt
2013-06-14 23:18 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-14 23:15 - 2013-06-14 23:15 - 00648201 ____A C:\Users\Xxx\Desktop\adwcleaner.exe
2013-06-14 23:12 - 2012-02-11 13:15 - 00121092 ____A C:\Windows\PFRO.log
2013-06-14 23:09 - 2013-06-14 23:09 - 00448512 ____A (OldTimer Tools) C:\Users\Xxx\Desktop\TFC.exe
2013-06-14 19:00 - 2011-04-25 19:40 - 00000000 ____D C:\Users\Xxx\AppData\Roaming\Skype
2013-06-14 08:45 - 2013-06-14 08:45 - 00019783 ____A C:\ComboFix.txt
2013-06-14 08:45 - 2013-06-09 12:53 - 00000000 ____D C:\Qoobox
2013-06-14 08:41 - 2006-11-02 14:34 - 00000215 ____A C:\Windows\system.ini
2013-06-14 08:23 - 2012-06-10 11:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-14 08:16 - 2013-06-14 08:15 - 05080197 ____R (Swearware) C:\Users\Xxx\Desktop\ComboFix.exe
2013-06-14 08:13 - 2013-06-14 08:12 - 00000000 ____D C:\NoMBR
2013-06-13 23:46 - 2012-04-26 14:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 23:46 - 2011-07-06 09:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 23:26 - 2013-06-13 23:26 - 00000000 ____D C:\Users\Xxx\Desktop\Minitab v16
2013-06-13 23:26 - 2012-02-22 19:11 - 00005364 ____A C:\Windows\setupact.log
2013-06-13 22:39 - 2013-06-13 22:39 - 00000000 ____D C:\savw_102_sa
2013-06-13 22:32 - 2013-06-13 22:27 - 104043216 ____A C:\Users\Xxx\Desktop\escw_102_sa_sfx.exe
2013-06-13 22:31 - 2013-06-13 22:26 - 99026344 ____A C:\Users\Xxx\Desktop\savw_102_sa_sfx.exe
2013-06-11 20:45 - 2013-06-09 19:56 - 01920158 ____A (Farbar) C:\Users\Xxx\Desktop\FRST64.exe
2013-06-10 22:47 - 2013-06-09 12:53 - 00000000 ____D C:\Windows\erdnt
2013-06-09 19:58 - 2013-06-09 19:58 - 00000000 ____D C:\FRST
2013-06-09 19:01 - 2006-11-02 15:33 - 00000000 __RHD C:\users\Default
2013-06-09 13:03 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-09 12:38 - 2012-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\2012MalwarebytesAnti-Malware
2013-06-09 00:59 - 2006-11-02 15:33 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-06-09 00:59 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-09 00:00 - 2013-06-08 22:51 - 00010750 ____A C:\Windows\IE9_main.log
2013-06-08 23:59 - 2012-05-08 18:07 - 00000928 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-08 22:57 - 2013-06-08 22:57 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 22:57 - 2013-06-08 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 22:57 - 2013-06-08 22:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 22:57 - 2013-06-08 22:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 22:57 - 2013-06-08 22:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 22:57 - 2013-06-08 22:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-08 22:57 - 2013-06-08 22:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 22:57 - 2006-11-02 14:16 - 00008798 ____A C:\Windows\SysWOW64\icrav03.rat
2013-06-08 22:57 - 2006-11-02 14:16 - 00001988 ____A C:\Windows\SysWOW64\ticrf.rat
2013-06-08 22:57 - 2006-11-02 08:36 - 00008798 ____A C:\Windows\System32\icrav03.rat
2013-06-08 22:57 - 2006-11-02 08:36 - 00001988 ____A C:\Windows\System32\ticrf.rat
2013-06-08 21:56 - 2013-06-08 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\UpdatusUser\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\postgres\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:03 - 2013-06-03 20:03 - 00000845 ____A C:\Users\elephant\Desktop\PDF Password Remover v3.1.lnk
2013-06-03 20:01 - 2013-06-03 19:47 - 00000000 ____D C:\Program Files (x86)\BeCyPDFMetaEdit
2013-06-02 17:44 - 2012-07-19 20:28 - 00000000 ____D C:\Users\Xxx\Desktop\Projekt
2013-06-02 16:57 - 2010-10-13 15:54 - 00000000 ____D C:\Users\Xxx\Desktop\Stuff
2013-05-23 21:03 - 2011-04-25 19:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-23 21:03 - 2011-04-25 19:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 20:58 - 2012-04-25 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 23:19 - 2013-05-22 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 22:12 - 2010-04-09 23:30 - 00000000 ____D C:\users\postgres
2013-05-19 18:54 - 2013-05-19 18:54 - 00000154 ____A C:\Users\Xxx\.appletviewer
2013-05-19 18:54 - 2009-09-14 13:56 - 00000000 ____D C:\users\Xxx
2013-05-19 13:50 - 2011-06-06 18:38 - 00000000 ____D C:\Users\Xxx\Desktop\Bücher Maschinenbau
2013-05-19 13:48 - 2012-11-01 20:52 - 00000000 ____D C:\Users\Xxx\Desktop\Masterarbeit
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Users\Xxx\AppData\Local\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\ProgramData\Cisco
2013-05-19 13:22 - 2013-05-19 13:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-05-16 23:24 - 2010-04-11 14:44 - 00125808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-05-16 20:48 - 2006-11-02 17:21 - 00460928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 11:05 - 2013-01-07 04:24 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-16 10:56 - 2012-01-10 23:36 - 00001883 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-05-16 10:53 - 2013-01-03 14:25 - 00125808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 23:30

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 15.06.2013, 09:24

Kein Grund zur Sorge, die Funde von ESET waren schon in Quarantäne

Wir sind fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob/Kritik loswerden möchtest:
Lob, Kritik und Wünsche - Trojaner-Board

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Nil11 · 15.06.2013, 20:19

Alles erledigt. Vielen, vielen Dank. Hammer Hilfe!

schrauber · 15.06.2013, 20:32

Gern geschehen

14.06.2013, 11:57	#46
schrauber /// the machine /// TB-Ausbilder	$TR/ATRAPS.Gen2 gefunden in Windows\installer - Standard$ TR/ATRAPS.Gen2 gefunden in Windows\installer Dann jetzt Combofix __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

14.06.2013, 16:11	#48
schrauber /// the machine /// TB-Ausbilder	$TR/ATRAPS.Gen2 gefunden in Windows\installer - Standard$ TR/ATRAPS.Gen2 gefunden in Windows\installer Supi __________________ __________________

15.06.2013, 20:32	#54
schrauber /// the machine /// TB-Ausbilder	$TR/ATRAPS.Gen2 gefunden in Windows\installer - Standard$ TR/ATRAPS.Gen2 gefunden in Windows\installer Gern geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

TR/ATRAPS.Gen2 gefunden in Windows\installer

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 gefunden in Windows\installer