Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.01.2014, 22:26   #1
butterfly16
 
Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



Hallo liebes Team,

ich benötige dringend eure Hilfe.
Ich habe heute dummerweise einen Emailanhang, genauer gesagt eine zip-Datei von einer falschen Rechnung geöffnet und habe nach der Recherche im Internet nun Angst, dass ein Virus meinen Laptop komplett lahm legen könnte.

Ich würde mich über Hilfe sehr freuen, da ich gar keine Ahnung von Rechnern/Laptops habe.

Vielen Dank im Voraus

Liebe Grüße

Butterfly 16

Alt 21.01.2014, 22:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 21.01.2014, 23:23   #3
butterfly16
 
Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by Samira (administrator) on SAMIRA-PC on 21-01-2014 23:19:45
Running from C:\Users\Samira\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Samira\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Samira\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\Samira\AppData\Local\Temp\HouseCall\housecall.bin
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
HKLM\...\Run: [SmpcSys] - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\Pixart\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe
HKCU\...\Run: [SmpcSys] - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-10-09] (Google Inc.)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKCU\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Samira\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-08-02] (Spotify Ltd)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex [240288 2011-05-23] (Adobe Systems, Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
MountPoints2: {865877c5-2d20-11df-abd8-00059a3c7800} - F:\autorun.bat
MountPoints2: {b5de1e27-2179-11df-a1fb-00269e3e4172} - F:\shelexec.exe .\Html-Anleitung\index.htm
MountPoints2: {d5c1f6a4-26d5-11df-9aff-00269e3e4172} - F:\shelexec.exe .\Html-Anleitung\index.htm
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKCU - DefaultScope {03159EC7-6646-4512-AC65-690AE8A20B36} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {03159EC7-6646-4512-AC65-690AE8A20B36} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt
SearchScopes: HKCU - {07F6F4D2-76FB-411C-A091-1EA8613FD8CC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=583a7e0c-fd4a-4888-ac19-ad43793d5444&apn_sauid=79F3EECD-D282-492C-9A4F-9035B616BF5B
SearchScopes: HKCU - {35414CE3-0FDA-4DC2-9748-E22DDECBD211} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {3EB0173B-7CBA-47FE-B4EB-BD5FD963C9CB} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {4ACB0E1A-1369-424E-A7E5-C901DF970519} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741435057&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt
SearchScopes: HKCU - {6F27DB61-25F8-4F75-B6A9-C3DA7B912B1F} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {A7345C8A-B5DB-44C2-8A08-B2BAEFF52ABC} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
SearchScopes: HKCU - {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKCU - {FB8B59F8-FD89-49C1-8401-64CAE413973A} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2009-10-09] (EasyBits Software Corp.)
ShellExecuteHooks:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Drive) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21]
CHR Extension: (Google Wallet) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-21]
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Samira\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2014-01-21]

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google)
S2 gupdate1ca4ce3cb650f18; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-14] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360192 2009-10-09] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [603904 2009-10-09] (TuneUp Software)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [40304 2013-10-10] (Cisco Systems, Inc.)
R3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58736 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [98432 2008-02-27] (Guillemot Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2009-10-10] (Padus, Inc.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [200976 2011-06-21] (Trend Micro Inc.)
S3 EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 23:19 - 2014-01-21 23:19 - 00030041 _____ C:\Users\Samira\Downloads\FRST.txt
2014-01-21 23:19 - 2014-01-21 23:19 - 00000000 ____D C:\FRST
2014-01-21 23:18 - 2014-01-21 23:19 - 01222144 _____ (Farbar) C:\Users\Samira\Downloads\FRST.exe
2014-01-21 23:07 - 2014-01-21 23:07 - 00000000 ____D C:\Users\Samira\AppData\Roaming\QuickScan
2014-01-21 22:57 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-01-21 22:56 - 2014-01-21 22:56 - 00000036 _____ C:\Users\Samira\AppData\Local\housecall.guid.cache
2014-01-21 21:55 - 2014-01-21 21:55 - 00048827 _____ C:\Users\Samira\Downloads\Forderung der abgewiesenen Buchung 16.01.2014 - beauftragte Anwaltschaft.zip
2014-01-21 21:41 - 2013-10-10 22:29 - 00040304 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsint.sys
2014-01-16 15:29 - 2014-01-16 15:29 - 00465800 _____ C:\Users\Samira\Downloads\KIC1 (1).ZIP
2014-01-16 15:25 - 2014-01-16 15:25 - 01501314 _____ C:\Users\Samira\Downloads\KIC2 (1).ZIP
2014-01-14 16:30 - 2014-01-14 16:30 - 00007939 _____ C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung.htm
2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung_files

==================== One Month Modified Files and Folders =======

2014-01-21 23:19 - 2014-01-21 23:19 - 00030041 _____ C:\Users\Samira\Downloads\FRST.txt
2014-01-21 23:19 - 2014-01-21 23:19 - 00000000 ____D C:\FRST
2014-01-21 23:19 - 2014-01-21 23:18 - 01222144 _____ (Farbar) C:\Users\Samira\Downloads\FRST.exe
2014-01-21 23:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 23:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 23:07 - 2014-01-21 23:07 - 00000000 ____D C:\Users\Samira\AppData\Roaming\QuickScan
2014-01-21 23:06 - 2009-09-20 12:21 - 02013979 _____ C:\Windows\WindowsUpdate.log
2014-01-21 23:00 - 2009-10-09 21:43 - 00000502 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2014-01-21 22:56 - 2014-01-21 22:56 - 00000036 _____ C:\Users\Samira\AppData\Local\housecall.guid.cache
2014-01-21 22:37 - 2009-10-14 16:46 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 22:28 - 2013-06-13 21:05 - 00000000 ____D C:\Users\Samira\Desktop\Masterbewerbung
2014-01-21 21:55 - 2014-01-21 21:55 - 00048827 _____ C:\Users\Samira\Downloads\Forderung der abgewiesenen Buchung 16.01.2014 - beauftragte Anwaltschaft.zip
2014-01-21 21:51 - 2009-10-14 16:46 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 21:41 - 2011-01-17 17:22 - 00000000 ____D C:\ProgramData\Cisco
2014-01-21 21:41 - 2011-01-17 17:22 - 00000000 ____D C:\Program Files\Cisco
2014-01-20 17:23 - 2012-05-10 22:09 - 00000000 ___RD C:\Users\Samira\Dropbox
2014-01-20 17:23 - 2012-05-10 22:04 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Dropbox
2014-01-20 17:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 14:39 - 2006-11-02 14:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-19 23:06 - 2008-01-21 08:16 - 01432888 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 23:05 - 2013-05-19 23:44 - 00002388 _____ C:\Windows\setupact.log
2014-01-17 11:28 - 2013-04-05 23:55 - 00006964 _____ C:\Windows\PFRO.log
2014-01-17 04:08 - 2013-03-05 01:05 - 00000000 ____D C:\Users\Samira\AppData\Local\DCA7282E-374F-4DB6-8137-0B78279961EC.aplzod
2014-01-16 15:29 - 2014-01-16 15:29 - 00465800 _____ C:\Users\Samira\Downloads\KIC1 (1).ZIP
2014-01-16 15:25 - 2014-01-16 15:25 - 01501314 _____ C:\Users\Samira\Downloads\KIC2 (1).ZIP
2014-01-16 15:03 - 2009-01-08 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 15:02 - 2013-08-16 02:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 14:58 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-16 00:39 - 2013-04-19 11:32 - 00109706 _____ C:\Windows\DpInst.log
2014-01-16 00:29 - 2012-11-30 23:51 - 00001881 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-01-16 00:29 - 2009-01-08 17:29 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-14 16:30 - 2014-01-14 16:30 - 00007939 _____ C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung.htm
2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung_files
2014-01-09 13:35 - 2009-11-25 21:46 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Apple Computer
2014-01-09 13:35 - 2009-11-25 21:46 - 00000000 ____D C:\Users\Samira\AppData\Local\Apple Computer
2014-01-08 13:06 - 2012-05-10 22:05 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 13:06 - 2010-03-06 10:33 - 00001336 _____ C:\Windows\wininit.ini
2014-01-02 20:18 - 2009-10-09 19:21 - 00000000 ____D C:\Users\Samira\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\Samira\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-20 17:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014
Ran by Samira at 2014-01-21 23:20:55
Running from C:\Users\Samira\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
ACDSee 9 Foto-Manager (Version: 9.0.55 - ACD Systems Ltd.)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4 - Adobe Systems Incorporated)
Aldi Süd Foto Service 4.6 (Version: 4.6 - ORWO Net)
Aldi Sued Fotoservice 2.7 (Version:  - )
ALDI Süd Online Druck Service 4.6 (Version: 4.6 - ORWO Net)
Apple Application Support (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (Version: 1.28 - Avanquest Software)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (remove only) (Version:  - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
dm-Fotowelt (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EasyBits Magic Desktop (Version:  - )
EPSON Printer Software (Version:  - )
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Desktop (Version: 5.9.1005.12335 - Google)
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Graboid Video 3.45 (Version: 3.45 - Graboid Inc.)
Graboid Video 3.45 Setup (Version: 3.4.5 - FUSENET)
HDRegDE (Version: 2.0.0 - Acxiom)
Hercules Classic Link Webcam (Version: 2.8.0.0 - Hercules)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (Version: 27.0.0 - Hewlett Packard)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
iCloud (Version: 2.1.1.3 - Apple Inc.)
ICQ Away Reader 1.4 (Version:  - murb.com)
ICQ7.4 (Version: 7.4 - ICQ)
Intel(R) Graphics Media Accelerator Driver (Version:  - Intel Corporation)
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (Version: 6.0.370 - Oracle)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
MetaBoli (Version: 1.00.0000 - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation) Hidden
Microsoft Works 9.0 SE (Version:  - )
MobileMe Control Panel (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 20.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (Version: 8.3.389 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Packard Bell ImageWriter (Version: 1.00.0000 - )
Packard Bell Updator (Version: 3.00.0000 - )
PDF24 Creator 5.6.0 (Version:  - PDF24.org)
PDFCreator (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v6.5 (Version: 6.5 - Spigot, Inc.) <==== ATTENTION
QuickTime (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5678 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version:  - Realtek Semiconductor Corp.)
Safari (Version: 5.34.57.2 - Apple Inc.)
SecureW2 EAP Suite 1.1.3 for Windows (Version:  - )
Setup My PC (Version: 3.00.0000 - )
Skype Toolbars (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
Sony Ericsson Update Engine (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (Version: 2.10.188 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU Version: 0.9.0.133.gd18ed589 - Spotify AB)
Studie zur Verbesserung von HP Photosmart 5520 series Produkten (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Total Commander (Remove or Repair) (Version:  - )
TuneUp Utilities 2009 (Version: 8.0.2000.35 - TuneUp Software)
Universal Document Converter (Demo) (Version: 5.3 - fCoder Group, Inc.)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update Service (Version: 2.9.11.10 - Sony Ericsson Mobile Communications AB)
VGA USB Camera (Version: 1.2.0.0 - )
Vista Codec Package (Version: 5.3.2 - Shark007)
VLC media player 1.0.1 (Version: 1.0.1 - VideoLAN Team)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

17-12-2013 12:51:36 Geplanter Prüfpunkt
02-01-2014 14:16:39 Geplanter Prüfpunkt
14-01-2014 17:40:03 Geplanter Prüfpunkt
15-01-2014 23:29:54 Sony Ericsson PC Suite Drivers
15-01-2014 23:38:57 Sony PC Companion
16-01-2014 13:55:34 Windows Update
17-01-2014 02:43:27 Geplanter Prüfpunkt
20-01-2014 17:12:48 Geplanter Prüfpunkt
21-01-2014 09:45:48 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {088D7CE9-6C8B-4013-A3BA-2E9EA7BF38C5} - System32\Tasks\{7D7A6E57-9442-41FB-825A-7177B85E91AB} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.166.217&amp;LastError=206
Task: {0F58900D-B319-480A-B1B6-3DB935D7837A} - System32\Tasks\{11AD902C-9A2C-4ABC-9F8F-1E9FA189AED5} => C:\Program Files\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CF61B3C-9E56-4166-BDC1-0FB42B27083D} - System32\Tasks\{FDC7307C-AF37-465C-B296-52DA08B5822C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.115.217/en/abandoninstall?page=tsMain
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {52792633-6C0F-48D2-8979-CD7486577EE2} - System32\Tasks\HP AR Program Upload - 43807665ed9144b0b52fc5c9a9aaefdc3d6e8e9cd5754fc98499a590a3e57ffe => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5F565FCD-76C5-4126-8045-E7712106D017} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11] (TuneUp Software GmbH)
Task: {75765EF4-BCF5-4FC0-BF16-BD1358A7FF90} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7D03E8B7-D299-489D-8AAB-4864BA121B27} - System32\Tasks\{77393045-CBB6-43A0-A9FF-2757E23C3676} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.166.217&amp;LastError=206
Task: {96AA2E92-DFAA-4D26-A827-8DC2DCB88A9D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Samira => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {9F377148-AC53-4B92-8DB0-4E53A03B0353} - System32\Tasks\HP AR Program Upload - f99cf1f8d4b348e1878f7c603d03abb46da0082a8b174f489611660b688537a6 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B804E8F2-F312-4C65-A053-CE1D3795AD14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14] (Google Inc.)
Task: {CD67070F-FDE5-467D-83E9-3D19365284B3} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CD84DB2D-2478-4386-B3BE-8A680B6238C3} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2012-12-17] (Apple Inc.)
Task: {DF7D0833-3C05-42B4-A77E-A69590539E35} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {ED1F9F41-C757-4A2C-8EEA-0847EE210002} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F689AB73-58A5-4BB4-9EE9-79C0D0876F9C} - System32\Tasks\{3303A07A-296E-4134-9BEE-6ACA5504C40E} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.166.217&amp;LastError=206
Task: {F714BC01-AE23-4E26-B4CE-5A02029DC7D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14] (Google Inc.)
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3626E1E3-17D2-4B2D-AEA9-D7587A15B117}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-01-08 17:41 - 2010-07-21 20:22 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-30 23:51 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-11-30 23:51 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Samira\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-17 03:59 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 03:59 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 03:59 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-17 03:59 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
2014-01-17 14:58 - 2014-01-17 14:58 - 04591616 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-17 14:58 - 2014-01-17 14:58 - 00112128 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
2014-01-21 22:57 - 2009-07-03 06:52 - 00151552 _____ () C:\Users\Samira\AppData\Local\Temp\HouseCall\libexpatw.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20991026

Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20991026

Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20989856

Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20989856

Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2014 09:36:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20987625

Error: (01/21/2014 09:36:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20987625

Error: (01/21/2014 09:36:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/21/2014 03:46:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1185


System errors:
=============
Error: (01/20/2014 05:22:47 PM) (Source: Service Control Manager) (User: )
Description: 30000vpnagent

Error: (01/20/2014 05:22:47 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/20/2014 02:31:15 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LISA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DD2255CA-E577-4C06-80FB-1EAABB772D-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/20/2014 02:28:42 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.1.39 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (01/19/2014 06:19:36 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.1.35 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (01/18/2014 05:04:39 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LISA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6297B51E-03A0-4971-ACDF-83734768D7-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/17/2014 05:13:23 PM) (Source: Tcpip) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.34 mit dem Computer mit der
Netzwerkhardwareadresse 18-20-32-7A-03-2B ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (01/17/2014 04:47:28 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (01/17/2014 02:47:13 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.1.37 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (01/17/2014 11:30:45 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (08/01/2013 03:15:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14862 seconds with 10080 seconds of active time.  This session ended with a crash.

Error: (08/01/2013 11:05:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5794 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (07/28/2013 07:06:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6485 seconds with 2400 seconds of active time.  This session ended with a crash.

Error: (07/28/2013 05:17:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10027 seconds with 5820 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 10:05:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 723 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (07/31/2012 05:59:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 05:58:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 05:57:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/14/2011 02:32:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2011 10:35:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-08-25 01:04:01.816
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:04:01.445
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:04:01.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:04:00.685
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:04:00.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:03:59.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:03:59.515
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:03:59.053
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:03:58.618
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-25 01:03:58.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 2971.98 MB
Available physical RAM: 1174.98 MB
Total Pagefile: 6184.25 MB
Available Pagefile: 4053.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:86.49 GB) (Free:1.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Samira) (Fixed) (Total:198.6 GB) (Free:186.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A013DCE6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=86 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=199 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 22.01.2014, 16:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.01.2014, 21:01   #5
butterfly16
 
Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



Es hat leider nicht funktioniert. Ich konnte Combofix.exe nicht auf dem Desktop speichern und danach hat mein Avira und mein Windows-Defender nicht mehr richtig funktioniert.


Alt 23.01.2014, 19:17   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Standard

Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus



Geht das etwas genauer?
__________________
--> Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus

Antwort

Themen zu Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus
ahnung, angst, anhang, benötige, dringend, email, falsche, falschen, freue, heute, inter, interne, internet, keine ahnung, komplett, lahm, laptop, legen, rechner, rechnung, virus, vista, windows, windows vista, würde



Ähnliche Themen: Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus


  1. Windows 8: Trojaner (Backdoor.Win32.Androm.gjvy) auf Computer nach öffnen einer Email für pay pal Rechnung
    Log-Analyse und Auswertung - 25.03.2015 (13)
  2. Anhang einer gefälschten Telekom-Email geöffnet. Verdacht auf Schadsoftware
    Log-Analyse und Auswertung - 01.12.2014 (7)
  3. Anhang einer (Ebay-)Spammail geöffnet
    Alles rund um Windows - 14.10.2014 (2)
  4. Anhang in einer Email geöffnet, Zip-Datei ausversehen ausgeführt, jetzt deutliche Leistungseinbußen, Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (13)
  5. Windows Vista Spam-Email Anhang geöffnet
    Log-Analyse und Auswertung - 23.07.2014 (11)
  6. A1 Rechnung Email RTF Datei Anhang mit Word geöffnet
    Log-Analyse und Auswertung - 20.06.2014 (23)
  7. Avira erkennt Viren nach öffnen einer falschen Telekom-Email
    Log-Analyse und Auswertung - 18.06.2014 (11)
  8. Anhang (angebliche Rechnung) einer Spammail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (1)
  9. Anhang einer Pishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (1)
  10. versehentlich zip-anhang einer email geöffnet und .exe ausgeführt
    Log-Analyse und Auswertung - 19.02.2014 (11)
  11. Zip-Anhang einer E-Mail dummerweise geöffnet, nicht entpackt , Angst vor Virus/Trojaner o.ä.
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (4)
  12. MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (13)
  13. Anhang einer Phishing Mail geöffnet
    Mülltonne - 14.06.2013 (2)
  14. Rechnung per email Anhang bekommen. Zip geöffnet. Exe downloaded.
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  15. Verdächtiger Anhang einer Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (2)
  16. Zipfile mit Virus im Gewand einer Rechnung - aus Versehen geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (5)
  17. Dateien sind alle umbenannt in z.b. aeDepXDTssXlaTsX durch einen Anhang von einer E-Mail (Rechnung)
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (1)

Zum Thema Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus - Hallo liebes Team, ich benötige dringend eure Hilfe. Ich habe heute dummerweise einen Emailanhang, genauer gesagt eine zip-Datei von einer falschen Rechnung geöffnet und habe nach der Recherche im Internet - Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus...
Archiv
Du betrachtest: Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.