| |
| |||||||
Log-Analyse und Auswertung: TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.09.2013, 13:05
| #16 |
 |  TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe OK, ich warte dann Abends auf dich :P Hier meine LanmanInfo.txt Code:
ATTFilter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation
DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService
Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage
Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"
Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider
DeviceName REG_SZ \Device\LanmanRedirector
Name REG_SZ Microsoft Windows Network
DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102
ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\aptw5nvi7.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
EnablePlainTextPassword REG_DWORD 0x0
EnableSecuritySignature REG_DWORD 0x1
RequireSecuritySignature REG_DWORD 0x0
OtherDomains REG_MULTI_SZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation
DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService
Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage
Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"
Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider
DeviceName REG_SZ \Device\LanmanRedirector
Name REG_SZ Microsoft Windows Network
DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102
ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\aptw5nvi7.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
EnablePlainTextPassword REG_DWORD 0x0
EnableSecuritySignature REG_DWORD 0x1
RequireSecuritySignature REG_DWORD 0x0
OtherDomains REG_MULTI_SZ
|
|
17.09.2013, 20:37
| #17 |
| /// Malwareteam   | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe Mmmh, hat auch nicht geklappt - dann eben nochmal anders:
__________________Bitte folgendes Tool downloaden: http://www.trojaner-board.de/redirec....com%2FOTL.exe Fixen mit OTL
Code:
ATTFilter :reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
:Commands
[emptytemp]
Und dann nochmal die Bat ausführen wie oben, bitte.
__________________ |
|
17.09.2013, 21:08
| #18 |
| | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe OTL Txt Doku
__________________Code:
ATTFilter All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|"%SystemRoot%\System32\wkssvc.dll" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenny
->Temp folder emptied: 33054 bytes
->Temporary Internet Files folder emptied: 2253313 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14994233 bytes
->Google Chrome cache emptied: 273709741 bytes
->Flash cache emptied: 1030 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6576 bytes
RecycleBin emptied: 156 bytes
Total Files Cleaned = 278,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 09172013_215533
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation
DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService
Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage
Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"
Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider
DeviceName REG_SZ \Device\LanmanRedirector
Name REG_SZ Microsoft Windows Network
DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102
ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
ServiceDll REG_SZ %SystemRoot%\System32\wkssvc.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
EnablePlainTextPassword REG_DWORD 0x0
EnableSecuritySignature REG_DWORD 0x1
RequireSecuritySignature REG_DWORD 0x0
OtherDomains REG_MULTI_SZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation
DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService
Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage
Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"
Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider
DeviceName REG_SZ \Device\LanmanRedirector
Name REG_SZ Microsoft Windows Network
DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102
ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
ServiceDll REG_SZ %SystemRoot%\System32\wkssvc.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
EnablePlainTextPassword REG_DWORD 0x0
EnableSecuritySignature REG_DWORD 0x1
RequireSecuritySignature REG_DWORD 0x0
OtherDomains REG_MULTI_SZ
|
|
19.09.2013, 20:30
| #19 |
| /// Malwareteam | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe So, scheint endlich geklappt zu haben. Gibt es noch Probleme / Fehlermeldungen etc? Ok, dann kontrollieren wir nochmal: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
20.09.2013, 21:31
| #20 |
| | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe Guten Abend, ich habe alles Schritte erledigt. Probleme und Fehlermeldungen hatte ich keine bis ich nach deinem letzten Post den Scan mit Malware gesartet habe, da kam nämlich folgende Meldung von Avira unten am Bildschirm "Der Zugriff auf die Datei C:\Users\Jenny\Downloads\ZipOpenerSetup.exe, die ein Virus oder unerwünschtes Programm ADWARE\InstallCore.Gen7 enthält wurde verweigert. Außerdem habe ich es nicht hinbekommen die Addition.txt zu finden nach dem Scan, sollte sie dann nicht auf dem Desktop erscheinen? Ich weiss ich habe diesen schritt schonmal am anfang gemacht aber ich weiss nicht was ich falsch mache...... Schritt 1 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.19.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jenny :: JENNY-PC [Administrator] Schutz: Deaktiviert 19.09.2013 22:44:07 mbam-log-2013-09-19 (22-44-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205643 Laufzeit: 9 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Jenny\Downloads\FreeYouTubeToMP3Converter(1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Top_Eleven_Hack.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Musteranschreiben PDF Downloader (1).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Musteranschreiben PDF Downloader.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Schritt 2 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d3a4dc2e02b73b47a164f7b07a31655f
# engine=15192
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 09:41:26
# local_time=2013-09-19 11:41:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1036 16777214 0 1 535077 35938035 0 0
# compatibility_mode=1799 16775165 100 95 3778 5461273 0 0
# compatibility_mode=5892 16776574 100 100 210726 217159614 0 0
# scanned=35637
# found=5
# cleaned=0
# scan_time=1404
sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir"
sh=38A526023ACE147C64DFEAC98AF7F1F087A8CF52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooLayers.crx.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js.vir"
sh=128AD5222AFA91938FE35745FEAAE60E666386C7 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\yl.js.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d3a4dc2e02b73b47a164f7b07a31655f
# engine=15192
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 11:47:05
# local_time=2013-09-20 01:47:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1036 16777214 0 1 542616 35945574 0 0
# compatibility_mode=1799 16775165 100 95 11317 5468812 4090 0
# compatibility_mode=5892 16776574 100 100 218265 217167153 0 0
# scanned=227756
# found=7
# cleaned=0
# scan_time=7083
sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir"
sh=38A526023ACE147C64DFEAC98AF7F1F087A8CF52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooLayers.crx.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js.vir"
sh=128AD5222AFA91938FE35745FEAAE60E666386C7 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\yl.js.vir"
sh=B77B2987BC8F53DB2B7D2BA7E696728AC5295A37 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Jenny\Desktop\Alte Firefox-Daten\2sx7i702.default\extensions\125\chrome\content\main.js"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Jenny\Desktop\Alte Firefox-Daten\2sx7i702.default\extensions\plugin@yontoo.com\content\overlay.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 TuneUp Utilities Language Pack (de-DE) CCleaner Java(TM) 6 Update 22 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Schritt 4 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by Jenny (administrator) on JENNY-PC on 20-09-2013 21:49:44
Running from C:\Users\Jenny\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Tor\tor.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent, Inc.) C:\Users\Jenny\Program Files\DNA\btdna.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Facebook Inc.) C:\Users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMConfig.exe
(UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [KMCONFIG] - C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe [212992 2008-05-30] (UASSOFT.COM)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [BitTorrent DNA] - C:\Users\Jenny\Program Files\DNA\btdna.exe [323392 2010-02-21] (BitTorrent, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-24] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Bewerbung-Reminder.lnk
ShortcutTarget: WISO Bewerbung-Reminder.lnk -> C:\Program Files\Buhl\Bewerbung 2008\KCReminder.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D5F1E952-386A-4407-B179-8DC034744CD9} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {DFEF6E39-45CE-4D40-8057-126A3A81C462} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -DVDVideoSoft Toolbar - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\6rfrif3m.default-1379167572116
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Jenny\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jenny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Jenny\Program Files\DNA
FF Extension: No Name - C:\Users\Jenny\Program Files\DNA
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Jenny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (DNA Plug-in) - C:\Users\Jenny\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 KMWDSERVICE; C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe [1823744 2009-08-31] (UASSOFT.COM)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-04] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [x]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-18] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-30] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-18] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleNT; \??\C:\Users\Jenny\AppData\Local\Temp\EagleNT.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-20 21:49 - 2013-09-20 21:49 - 01083549 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.exe
2013-09-20 21:06 - 2013-09-20 21:06 - 00001284 _____ C:\Users\Jenny\Desktop\checkup.txt
2013-09-20 20:59 - 2013-09-20 20:59 - 00891144 _____ C:\Users\Jenny\Desktop\SecurityCheck.exe
2013-09-20 20:54 - 2013-09-20 20:54 - 00016257 _____ C:\Users\Jenny\Desktop\Download.htm
2013-09-20 20:48 - 2013-09-20 20:48 - 98487876 _____ C:\Windows\system32\倗⹍᭄²
2013-09-19 23:45 - 2013-09-19 23:45 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu (1).exe
2013-09-19 23:15 - 2013-09-19 23:15 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu.exe
2013-09-19 23:15 - 2013-09-19 23:15 - 00000000 ____D C:\Program Files\ESET
2013-09-19 22:39 - 2013-09-19 22:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-17 22:05 - 2013-09-17 22:05 - 00008856 _____ C:\Users\Jenny\Desktop\LanmanInfo.txt
2013-09-17 21:55 - 2013-09-17 21:55 - 00000000 ____D C:\_OTL
2013-09-17 21:51 - 2013-09-17 21:52 - 00602112 _____ (OldTimer Tools) C:\Users\Jenny\Downloads\OTL.exe
2013-09-17 13:13 - 2013-09-17 22:05 - 00000156 _____ C:\Users\Jenny\Desktop\Look.bat
2013-09-17 13:04 - 2013-09-17 13:04 - 00000183 _____ C:\Users\Jenny\Desktop\regfix.reg
2013-09-16 20:17 - 2013-09-16 20:17 - 00100562 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 673617.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00508578 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 888162.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 684994.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 138409.crdownload
2013-09-15 23:11 - 2013-09-15 23:11 - 00017915 _____ C:\Users\Jenny\Desktop\combo.txt
2013-09-15 23:10 - 2013-09-15 23:10 - 00017915 _____ C:\ComboFix.txt
2013-09-15 22:46 - 2013-09-15 22:46 - 05126233 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe
2013-09-15 22:14 - 2013-09-15 22:15 - 05126233 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix (1).exe
2013-09-14 17:04 - 2013-09-14 17:04 - 01083285 _____ (Farbar) C:\Users\Jenny\Downloads\FRST (1).exe
2013-09-14 16:43 - 2013-09-14 16:43 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 16:42 - 2013-09-14 16:42 - 01029509 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.exe
2013-09-14 16:39 - 2013-09-14 16:39 - 00014383 _____ C:\Users\Jenny\Desktop\AdwCleaner[S0].txt
2013-09-14 16:30 - 2013-09-14 16:31 - 00000000 ____D C:\AdwCleaner
2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Downloads\adwcleaner.exe
2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Desktop\adwcleaner.exe
2013-09-14 13:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 13:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 13:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 13:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 13:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 13:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 13:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 13:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 13:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 13:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 13:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 13:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 13:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 13:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 13:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 13:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 17:38 - 2013-09-15 23:10 - 00000000 ____D C:\Qoobox
2013-09-13 17:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-13 17:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-13 17:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-13 17:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-13 17:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-13 17:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-13 17:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-13 17:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-13 17:37 - 2013-09-15 23:00 - 00000000 ____D C:\Windows\erdnt
2013-09-13 17:36 - 2013-09-13 17:37 - 05125578 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix.exe
2013-09-13 16:52 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 16:52 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-13 16:41 - 2013-09-13 16:41 - 97492159 _____ C:\Windows\system32\嶾�᭄¢
2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (3).exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (2).exe
2013-09-12 20:38 - 2013-09-12 20:38 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (1).exe
2013-09-12 20:37 - 2013-09-12 20:37 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck.exe
2013-09-12 15:03 - 2013-09-12 15:03 - 00285646 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 2.htm
2013-09-12 15:03 - 2013-09-12 15:03 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 2_files
2013-09-12 15:02 - 2013-09-12 15:02 - 00283481 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 1.htm
2013-09-12 15:02 - 2013-09-12 15:02 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 1_files
2013-09-12 12:17 - 2013-09-12 12:17 - 00048347 _____ C:\Users\Jenny\Downloads\FRST.txt
2013-09-12 12:17 - 2013-09-12 12:17 - 00030706 _____ C:\Users\Jenny\Downloads\Addition.txt
2013-09-12 12:14 - 2013-09-12 12:14 - 01082587 _____ (Farbar) C:\Users\Jenny\Downloads\FRST.exe
2013-09-12 12:14 - 2013-09-12 12:14 - 00000000 ____D C:\FRST
2013-09-12 12:11 - 2013-09-12 12:11 - 00050477 _____ C:\Users\Jenny\Downloads\Defogger.exe
2013-09-12 11:59 - 2013-09-12 11:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\avgchrome
2013-09-11 17:54 - 2013-09-11 17:54 - 05212254 _____ C:\Users\Jenny\Downloads\EVEG_GNTM.flv
2013-09-11 15:14 - 2013-09-11 15:14 - 09059029 _____ C:\Users\Jenny\Downloads\Anhänge_2013911 (1).zip
2013-09-11 14:32 - 2013-09-11 14:32 - 00000000 ____D C:\Users\Jenny\Downloads\Anhänge_2013911
2013-09-11 14:29 - 2013-09-11 14:30 - 13403826 _____ C:\Users\Jenny\Downloads\Anhänge_2013911.zip
2013-09-10 18:50 - 2013-09-10 18:58 - 00000000 ____D C:\ProgramData\POIbase
2013-09-10 18:50 - 2013-09-10 18:52 - 00000000 ____D C:\Program Files\POIbase
2013-09-10 18:50 - 2013-09-10 18:50 - 00001610 _____ C:\Users\Public\Desktop\POIbase.lnk
2013-09-10 18:49 - 2013-09-10 18:49 - 21719272 _____ ( ) C:\Users\Jenny\Downloads\poibase_setup1066_poibase.exe
2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (2).exe
2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (1).exe
2013-09-09 18:57 - 2013-09-09 19:00 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Garmin
2013-09-09 18:57 - 2013-09-09 18:59 - 00000000 ____D C:\Program Files\Garmin
2013-09-09 18:56 - 2013-09-09 18:57 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272.exe
2013-09-08 12:25 - 2013-09-19 22:40 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-08 12:25 - 2013-09-19 22:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes
2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 12:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-08 12:04 - 2013-09-08 12:05 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 18:40 - 2013-09-07 18:40 - 96533415 _____ C:\Windows\system32\᭥讻᭄…
2013-09-04 16:50 - 2013-09-04 16:50 - 00000000 ____D C:\Program Files\Tor
2013-08-28 17:43 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== One Month Modified Files and Folders =======
2013-09-20 21:49 - 2013-09-20 21:49 - 01083549 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.exe
2013-09-20 21:47 - 2010-02-21 21:20 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\DNA
2013-09-20 21:40 - 2010-10-04 20:48 - 01482299 _____ C:\Windows\WindowsUpdate.log
2013-09-20 21:40 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 21:40 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 21:06 - 2013-09-20 21:06 - 00001284 _____ C:\Users\Jenny\Desktop\checkup.txt
2013-09-20 20:59 - 2013-09-20 20:59 - 00891144 _____ C:\Users\Jenny\Desktop\SecurityCheck.exe
2013-09-20 20:54 - 2013-09-20 20:54 - 00016257 _____ C:\Users\Jenny\Desktop\Download.htm
2013-09-20 20:48 - 2013-09-20 20:48 - 98487876 _____ C:\Windows\system32\倗⹍᭄²
2013-09-20 17:32 - 2013-07-29 20:44 - 00000000 ___RD C:\Users\Jenny\Dropbox
2013-09-20 17:32 - 2013-07-29 20:41 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Dropbox
2013-09-19 23:45 - 2013-09-19 23:45 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu (1).exe
2013-09-19 23:15 - 2013-09-19 23:15 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu.exe
2013-09-19 23:15 - 2013-09-19 23:15 - 00000000 ____D C:\Program Files\ESET
2013-09-19 23:03 - 2013-07-18 18:33 - 00021776 _____ C:\Windows\PFRO.log
2013-09-19 23:01 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\Performance
2013-09-19 22:40 - 2013-09-19 22:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-19 22:40 - 2013-09-08 12:25 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-19 22:40 - 2013-09-08 12:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-19 19:59 - 2010-02-04 15:02 - 00119808 _____ C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-19 19:58 - 2006-11-02 12:33 - 01592986 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 23:45 - 2011-11-11 18:29 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\UseNeXT
2013-09-18 23:43 - 2011-11-11 18:29 - 00000000 ____D C:\Users\Jenny\Documents\UseNeXT
2013-09-17 22:05 - 2013-09-17 22:05 - 00008856 _____ C:\Users\Jenny\Desktop\LanmanInfo.txt
2013-09-17 22:05 - 2013-09-17 13:13 - 00000156 _____ C:\Users\Jenny\Desktop\Look.bat
2013-09-17 21:55 - 2013-09-17 21:55 - 00000000 ____D C:\_OTL
2013-09-17 21:52 - 2013-09-17 21:51 - 00602112 _____ (OldTimer Tools) C:\Users\Jenny\Downloads\OTL.exe
2013-09-17 15:16 - 2013-04-08 21:39 - 00000000 ____D C:\Users\Jenny\Desktop\Bilder Kopiene machne
2013-09-17 14:55 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-17 13:04 - 2013-09-17 13:04 - 00000183 _____ C:\Users\Jenny\Desktop\regfix.reg
2013-09-16 20:17 - 2013-09-16 20:17 - 00100562 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 673617.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00508578 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 888162.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 684994.crdownload
2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 138409.crdownload
2013-09-15 23:11 - 2013-09-15 23:11 - 00017915 _____ C:\Users\Jenny\Desktop\combo.txt
2013-09-15 23:10 - 2013-09-15 23:10 - 00017915 _____ C:\ComboFix.txt
2013-09-15 23:10 - 2013-09-13 17:38 - 00000000 ____D C:\Qoobox
2013-09-15 23:02 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-15 23:00 - 2013-09-13 17:37 - 00000000 ____D C:\Windows\erdnt
2013-09-15 22:46 - 2013-09-15 22:46 - 05126233 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe
2013-09-15 22:34 - 2013-05-01 21:44 - 00000000 ____D C:\Users\Jenny\Desktop\Bewerbung Toni
2013-09-15 22:21 - 2013-06-12 17:21 - 00000000 ____D C:\Users\Jenny\Desktop\Toooo
2013-09-15 22:21 - 2013-04-08 21:33 - 00000000 ____D C:\Users\Jenny\Desktop\j
2013-09-15 22:15 - 2013-09-15 22:14 - 05126233 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix (1).exe
2013-09-14 20:08 - 2013-06-12 17:26 - 00000000 ____D C:\Users\Jenny\Toni Musik CAR
2013-09-14 17:04 - 2013-09-14 17:04 - 01083285 _____ (Farbar) C:\Users\Jenny\Downloads\FRST (1).exe
2013-09-14 16:43 - 2013-09-14 16:43 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 16:42 - 2013-09-14 16:42 - 01029509 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.exe
2013-09-14 16:39 - 2013-09-14 16:39 - 00014383 _____ C:\Users\Jenny\Desktop\AdwCleaner[S0].txt
2013-09-14 16:31 - 2013-09-14 16:30 - 00000000 ____D C:\AdwCleaner
2013-09-14 16:31 - 2010-03-31 22:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-14 16:31 - 2010-02-04 23:12 - 00000000 ____D C:\ProgramData\ICQ
2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Downloads\adwcleaner.exe
2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Desktop\adwcleaner.exe
2013-09-14 16:08 - 2010-02-04 15:22 - 00000000 ____D C:\Users\Jenny\AppData\Local\Google
2013-09-14 14:49 - 2006-11-02 14:47 - 03749016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 13:36 - 2013-08-17 12:14 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 13:34 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-13 22:02 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-13 17:37 - 2013-09-13 17:36 - 05125578 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix.exe
2013-09-13 17:36 - 2012-01-05 20:26 - 00000000 ____D C:\ProgramData\MFAData
2013-09-13 16:41 - 2013-09-13 16:41 - 97492159 _____ C:\Windows\system32\嶾�᭄¢
2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (3).exe
2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (2).exe
2013-09-12 20:38 - 2013-09-12 20:38 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (1).exe
2013-09-12 20:37 - 2013-09-12 20:37 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck.exe
2013-09-12 16:57 - 2011-11-11 18:45 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\vlc
2013-09-12 15:03 - 2013-09-12 15:03 - 00285646 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 2.htm
2013-09-12 15:03 - 2013-09-12 15:03 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 2_files
2013-09-12 15:02 - 2013-09-12 15:02 - 00283481 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 1.htm
2013-09-12 15:02 - 2013-09-12 15:02 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 1_files
2013-09-12 12:17 - 2013-09-12 12:17 - 00048347 _____ C:\Users\Jenny\Downloads\FRST.txt
2013-09-12 12:17 - 2013-09-12 12:17 - 00030706 _____ C:\Users\Jenny\Downloads\Addition.txt
2013-09-12 12:14 - 2013-09-12 12:14 - 01082587 _____ (Farbar) C:\Users\Jenny\Downloads\FRST.exe
2013-09-12 12:14 - 2013-09-12 12:14 - 00000000 ____D C:\FRST
2013-09-12 12:11 - 2013-09-12 12:11 - 00050477 _____ C:\Users\Jenny\Downloads\Defogger.exe
2013-09-12 11:59 - 2013-09-12 11:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\avgchrome
2013-09-11 17:54 - 2013-09-11 17:54 - 05212254 _____ C:\Users\Jenny\Downloads\EVEG_GNTM.flv
2013-09-11 15:14 - 2013-09-11 15:14 - 09059029 _____ C:\Users\Jenny\Downloads\Anhänge_2013911 (1).zip
2013-09-11 14:32 - 2013-09-11 14:32 - 00000000 ____D C:\Users\Jenny\Downloads\Anhänge_2013911
2013-09-11 14:30 - 2013-09-11 14:29 - 13403826 _____ C:\Users\Jenny\Downloads\Anhänge_2013911.zip
2013-09-11 13:41 - 2013-04-03 18:12 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (5).lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (4).lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (4).lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (5).lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (4).lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (5) - Verknüpfung ().lnk
2013-09-11 13:41 - 2013-04-03 18:12 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (4) - Verknüpfung ().lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (3).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000608 _____ C:\Users\Jenny\Die Europäische Union - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000608 _____ C:\Users\Jenny\Die Europäische Union - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung (3).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (3).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung (3).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (3).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (2).lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (3) - Verknüpfung ().lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (2) - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (2) - Verknüpfung ().lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000460 _____ C:\Users\Jenny\DivX - Verknüpfung.lnk
2013-09-11 13:41 - 2013-04-03 18:10 - 00000460 _____ C:\Users\Jenny\DivX - Verknüpfung (2).lnk
2013-09-10 18:58 - 2013-09-10 18:50 - 00000000 ____D C:\ProgramData\POIbase
2013-09-10 18:52 - 2013-09-10 18:50 - 00000000 ____D C:\Program Files\POIbase
2013-09-10 18:50 - 2013-09-10 18:50 - 00001610 _____ C:\Users\Public\Desktop\POIbase.lnk
2013-09-10 18:49 - 2013-09-10 18:49 - 21719272 _____ ( ) C:\Users\Jenny\Downloads\poibase_setup1066_poibase.exe
2013-09-10 18:46 - 2013-07-28 19:52 - 00006410 _____ C:\Windows\setupact.log
2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (2).exe
2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (1).exe
2013-09-09 19:00 - 2013-09-09 18:57 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Garmin
2013-09-09 18:59 - 2013-09-09 18:57 - 00000000 ____D C:\Program Files\Garmin
2013-09-09 18:59 - 2011-11-08 23:43 - 00000000 ____D C:\Program Files\DIFX
2013-09-09 18:59 - 2010-02-04 14:19 - 00000000 ____D C:\Users\Jenny
2013-09-09 18:57 - 2013-09-09 18:56 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272.exe
2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes
2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 12:05 - 2013-09-08 12:04 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-07 18:40 - 2013-09-07 18:40 - 96533415 _____ C:\Windows\system32\᭥讻᭄…
2013-09-05 17:47 - 2013-04-30 19:04 - 00000000 ____D C:\Users\Jenny\Documents\Bewerbung2008
2013-09-05 17:42 - 2011-09-09 19:51 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-05 14:13 - 2013-07-18 18:42 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 14:13 - 2013-04-10 15:22 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 16:50 - 2013-09-04 16:50 - 00000000 ____D C:\Program Files\Tor
2013-08-23 18:52 - 2013-04-07 12:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-23 10:55 - 2013-04-15 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
Files to move or delete:
====================
C:\Users\Jenny\ApnToolbarInstaller.exe
C:\Users\Jenny\gimp-2.6.11-i686-setup-1.exe
C:\Users\Jenny\jagex_runescape_preferences.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-20 17:36
==================== End Of Log ============================
|
|
21.09.2013, 16:52
| #21 |
| /// Malwareteam | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe EDIT:
Code:
ATTFilter ^HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /700
C:\Windows\SysNative\*.dll /700
C:\Windows\SysWOW64\*.dll /700
CREATERESTOREPOINT
__________________ --> TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe |
|
| Themen zu TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe |
| adware/adware.gen7, adware/bprotect.d, adware/ibryte.n, adware/installcore.gen, tr/fakeadb.a, tr/mevade.a.107, tr/spy.injector.ah, unerwünschtes programm |
Textbox. 
Linear-Darstellung
