Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Yahoo versendet E-Mails trotz Passwortänderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.06.2014, 12:22   #1
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Hallo,
Yahoo versendet E-Mails trotz Passwortänderung von einem anderen PC aus.

Die Progrmme AdwCleaner, aswMBR, ComboFix, FRST, JRT, Malwarebytes AntiMalware haben nichts verdächtiges gefunden.
Beim Start von GMER kommt die Meldung: C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Weitere Infos folgen gleich.

Alt 09.06.2014, 12:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.06.2014, 12:31   #3
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 01
Ran by Anonym (administrator) on ANONYM on 09-06-2014 13:02:00
Running from C:\Malware Analyse 41,4 MB\FRST
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Farbar) C:\Malware Analyse 41,4 MB\FRST\FRST64    .exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe
Startup: C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKCU - DefaultScope {90B3A719-AD2F-44E4-9AB8-BC0BF070695E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {90B3A719-AD2F-44E4-9AB8-BC0BF070695E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1

FireFox:
========
FF ProfilePath: C:\Users\Anonym\AppData\Roaming\Mozilla\Firefox\Profiles\clgv5pdk.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-07] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 Alpham1; C:\Windows\System32\drivers\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\drivers\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\ANONYM~1\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 12:54 - 2014-06-09 13:02 - 00000000 ____D () C:\FRST
2014-06-09 12:52 - 2014-06-09 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 12:37 - 2014-06-09 12:41 - 00000000 ____D () C:\AdwCleaner
2014-06-09 12:36 - 2014-06-09 12:47 - 00087040 ___SH () C:\Users\Anonym\Desktop\Thumbs.db
2014-06-09 12:36 - 2014-06-09 12:47 - 00000922 _____ () C:\Users\Anonym\Desktop\Malware Analyse.lnk
2014-06-09 12:31 - 2014-06-09 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-09 12:15 - 2014-06-09 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 12:13 - 2014-06-09 12:13 - 00000000 ____D () C:\Malware Analyse 41,4 MB
2014-05-20 16:31 - 2014-05-20 16:31 - 00000000 ____D () C:\Users\Anonym\Documents\OneNote-Notizbücher
2014-05-20 16:30 - 2014-05-20 16:30 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Users\Anonym\Documents\Benutzerdefinierte Office-Vorlagen
2014-05-20 15:56 - 2014-05-20 15:59 - 00000000 ___RD () C:\Windows\BrowserChoice
2014-05-20 15:52 - 2014-05-20 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-18 09:02 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-18 09:02 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 09:01 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-18 09:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-18 09:01 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-18 09:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-18 09:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-18 09:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-18 09:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-18 09:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-18 09:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-18 09:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-18 09:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-18 09:01 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-18 09:01 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-18 09:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-18 09:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 09:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-18 09:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 09:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-18 09:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-18 09:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-18 09:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-18 09:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-18 09:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-18 09:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-18 09:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-18 09:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-18 09:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-18 09:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-18 09:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-18 09:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-18 09:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-18 09:01 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-18 09:01 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-18 09:01 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-18 09:01 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-18 09:01 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-18 08:57 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-18 08:57 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-18 08:57 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-18 08:57 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-14 20:19 - 2014-05-14 20:19 - 00000788 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk
2014-05-14 20:06 - 2014-05-26 17:27 - 00000000 ____D () C:\Users\Anonym\Documents\Waki Leitung
2014-05-14 20:06 - 2014-05-20 16:45 - 00000000 ____D () C:\Users\Anonym\Documents\Waki
2014-05-14 20:06 - 2014-05-14 20:07 - 00000000 ____D () C:\Users\Anonym\Documents\Bank
2014-05-14 20:06 - 2014-05-14 20:06 - 00000000 ____D () C:\Users\Anonym\Documents\Privat
2014-05-14 19:57 - 2014-06-09 12:12 - 00002391 _____ () C:\Windows\setupact.log
2014-05-14 19:57 - 2014-05-14 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 19:54 - 2014-05-14 19:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-14 14:41 - 2014-05-14 14:41 - 00000000 ____D () C:\Users\Anonym\AppData\Local\MediaServer
2014-05-14 14:39 - 2014-05-14 14:39 - 00000032 _____ () C:\ProgramData\Temp.log
2014-05-14 14:32 - 2014-05-14 14:34 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Ashampoo
2014-05-14 14:32 - 2014-05-14 14:32 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Ashampoo
2014-05-14 14:20 - 2014-05-14 14:20 - 00001117 _____ () C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\MAGIX
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-14 14:18 - 2014-05-14 14:20 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-14 14:18 - 2014-05-14 14:18 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-14 14:18 - 2014-05-14 14:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-14 14:14 - 2014-06-09 12:42 - 00005176 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANONYM-Anonym ANONYM
2014-05-14 14:14 - 2014-06-09 12:42 - 00000000 __RDO () C:\Users\Anonym\OneDrive
2014-05-14 14:10 - 2014-05-14 14:38 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\CyberLink
2014-05-14 14:10 - 2014-05-14 14:10 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Cyberlink
2014-05-14 14:05 - 2014-06-09 12:42 - 00083992 _____ () C:\Windows\PFRO.log
2014-05-14 14:02 - 2014-05-14 14:02 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 14:02 - 2014-05-14 14:02 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 14:02 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Mozilla
2014-05-14 14:02 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Mozilla
2014-05-14 14:01 - 2014-05-14 14:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 14:01 - 2014-05-14 14:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-14 14:01 - 2014-05-14 14:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 13:57 - 2014-05-14 13:57 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-14 13:57 - 2014-05-14 13:57 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-14 13:57 - 2014-05-14 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-14 13:57 - 2014-05-14 13:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-14 13:54 - 2014-05-14 13:54 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Avira
2014-05-14 13:53 - 2014-06-09 12:17 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-14 13:53 - 2014-06-09 12:17 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-14 13:53 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-14 13:52 - 2014-05-14 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-14 13:52 - 2014-05-14 13:53 - 00000000 ____D () C:\ProgramData\Avira
2014-05-14 13:52 - 2014-05-14 13:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-14 13:52 - 2014-05-14 13:52 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-14 13:52 - 2014-05-14 13:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-14 12:28 - 2014-05-14 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-14 12:26 - 2014-05-26 16:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-14 11:24 - 2014-05-20 15:53 - 00003116 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2997412286-1015458257-1311533761-1002
2014-05-14 11:24 - 2014-05-14 14:14 - 00000000 ___RD () C:\Users\Anonym\OneDrive.old
2014-05-14 11:24 - 2014-05-14 11:24 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 __SHD () C:\Users\Anonym\AppData\Local\EmieUserList
2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 __SHD () C:\Users\Anonym\AppData\Local\EmieSiteList
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Apple
2014-05-14 10:54 - 2014-06-09 12:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2997412286-1015458257-1311533761-1002
2014-05-14 10:52 - 2014-06-09 13:01 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{364430C7-1D4C-4845-9410-72BC63897737}
2014-05-14 10:52 - 2014-05-14 10:52 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Macromedia
2014-05-14 10:51 - 2014-05-14 10:51 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Intel Corporation
2014-05-14 10:50 - 2014-05-14 10:50 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Apple Computer
2014-05-14 10:50 - 2014-05-14 10:50 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Power2Go8
2014-05-14 10:49 - 2014-06-09 13:02 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Temp
2014-05-14 10:49 - 2014-05-28 12:15 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Packages
2014-05-14 10:49 - 2014-05-20 15:59 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 10:49 - 2014-05-20 15:59 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 10:49 - 2014-05-14 14:14 - 00000000 ____D () C:\Users\Anonym
2014-05-14 10:49 - 2014-05-14 10:49 - 00001458 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-14 10:49 - 2014-05-14 10:49 - 00000020 ___SH () C:\Users\Anonym\ntuser.ini
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Vorlagen
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Startmenü
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Netzwerkumgebung
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Lokale Einstellungen
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Eigene Dateien
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Druckumgebung
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Documents\Eigene Musik
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Documents\Eigene Bilder
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Local\Verlauf
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Local\Anwendungsdaten
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Anwendungsdaten
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Adobe
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Local\VirtualStore
2014-05-14 10:49 - 2014-04-25 17:25 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 10:49 - 2014-04-25 17:25 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-14 10:49 - 2014-04-07 11:46 - 00001965 _____ () C:\Users\Default\Desktop\Lieferando, hier wird Essen bestellt!.lnk
2014-05-14 10:49 - 2014-04-07 11:46 - 00001965 _____ () C:\Users\Default User\Desktop\Lieferando, hier wird Essen bestellt!.lnk
2014-05-14 10:49 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-14 10:49 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-14 10:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 10:49 - 2012-09-15 20:55 - 00001779 _____ () C:\Users\Anonym\Desktop\MEDION Serviceportal.lnk
2014-05-14 10:49 - 2012-09-15 20:55 - 00001779 _____ () C:\Users\Default\Desktop\MEDION Serviceportal.lnk
2014-05-14 10:49 - 2012-09-15 20:55 - 00001779 _____ () C:\Users\Default User\Desktop\MEDION Serviceportal.lnk
2014-05-14 10:43 - 2014-06-09 12:41 - 01404695 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2014-06-09 13:02 - 2014-06-09 12:54 - 00000000 ____D () C:\FRST
2014-06-09 13:02 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Temp
2014-06-09 13:01 - 2014-05-14 10:52 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{364430C7-1D4C-4845-9410-72BC63897737}
2014-06-09 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-09 12:52 - 2014-06-09 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 12:47 - 2014-06-09 12:36 - 00087040 ___SH () C:\Users\Anonym\Desktop\Thumbs.db
2014-06-09 12:47 - 2014-06-09 12:36 - 00000922 _____ () C:\Users\Anonym\Desktop\Malware Analyse.lnk
2014-06-09 12:47 - 2014-05-14 10:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2997412286-1015458257-1311533761-1002
2014-06-09 12:46 - 2014-04-25 10:40 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-06-09 12:46 - 2014-04-25 10:40 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-06-09 12:46 - 2014-04-25 10:36 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 12:42 - 2014-05-14 14:14 - 00005176 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANONYM-Anonym ANONYM
2014-06-09 12:42 - 2014-05-14 14:14 - 00000000 __RDO () C:\Users\Anonym\OneDrive
2014-06-09 12:42 - 2014-05-14 14:05 - 00083992 _____ () C:\Windows\PFRO.log
2014-06-09 12:42 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 12:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-09 12:41 - 2014-06-09 12:37 - 00000000 ____D () C:\AdwCleaner
2014-06-09 12:41 - 2014-05-14 10:43 - 01404695 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 12:31 - 2014-06-09 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-09 12:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-06-09 12:17 - 2014-05-14 13:53 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-09 12:17 - 2014-05-14 13:53 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-09 12:15 - 2014-06-09 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 12:13 - 2014-06-09 12:13 - 00000000 ____D () C:\Malware Analyse 41,4 MB
2014-06-09 12:12 - 2014-05-14 19:57 - 00002391 _____ () C:\Windows\setupact.log
2014-05-28 12:15 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Packages
2014-05-26 17:27 - 2014-05-14 20:06 - 00000000 ____D () C:\Users\Anonym\Documents\Waki Leitung
2014-05-26 16:07 - 2014-05-14 12:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-20 16:45 - 2014-05-14 20:06 - 00000000 ____D () C:\Users\Anonym\Documents\Waki
2014-05-20 16:35 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-20 16:31 - 2014-05-20 16:31 - 00000000 ____D () C:\Users\Anonym\Documents\OneNote-Notizbücher
2014-05-20 16:30 - 2014-05-20 16:30 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-20 16:27 - 2014-05-20 16:27 - 00000000 ____D () C:\Users\Anonym\Documents\Benutzerdefinierte Office-Vorlagen
2014-05-20 15:59 - 2014-05-20 15:56 - 00000000 ___RD () C:\Windows\BrowserChoice
2014-05-20 15:59 - 2014-05-14 10:49 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 15:59 - 2014-05-14 10:49 - 00000000 ___RD () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-20 15:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-20 15:53 - 2014-05-14 11:24 - 00003116 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2997412286-1015458257-1311533761-1002
2014-05-20 15:52 - 2014-05-20 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-20 15:52 - 2014-04-25 11:00 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-20 15:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 20:19 - 2014-05-14 20:19 - 00000788 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk
2014-05-14 20:07 - 2014-05-14 20:06 - 00000000 ____D () C:\Users\Anonym\Documents\Bank
2014-05-14 20:06 - 2014-05-14 20:06 - 00000000 ____D () C:\Users\Anonym\Documents\Privat
2014-05-14 19:57 - 2014-05-14 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 19:54 - 2014-05-14 19:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-14 19:42 - 2013-08-22 16:44 - 00454224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-14 14:51 - 2014-04-25 12:30 - 00000000 ____D () C:\Program Files\CyberLink
2014-05-14 14:50 - 2014-04-25 12:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-14 14:44 - 2014-04-25 13:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema
2014-05-14 14:44 - 2014-04-25 13:51 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-14 14:44 - 2014-04-25 13:51 - 00000000 ____D () C:\ProgramData\CLSK
2014-05-14 14:41 - 2014-05-14 14:41 - 00000000 ____D () C:\Users\Anonym\AppData\Local\MediaServer
2014-05-14 14:39 - 2014-05-14 14:39 - 00000032 _____ () C:\ProgramData\Temp.log
2014-05-14 14:38 - 2014-05-14 14:10 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\CyberLink
2014-05-14 14:35 - 2014-04-25 12:31 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-05-14 14:34 - 2014-05-14 14:32 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Ashampoo
2014-05-14 14:34 - 2014-04-25 12:32 - 00000000 ____D () C:\ProgramData\ashampoo
2014-05-14 14:32 - 2014-05-14 14:32 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Ashampoo
2014-05-14 14:20 - 2014-05-14 14:20 - 00001117 _____ () C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\MAGIX
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-05-14 14:20 - 2014-05-14 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-14 14:20 - 2014-05-14 14:18 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-14 14:18 - 2014-05-14 14:18 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-14 14:18 - 2014-05-14 14:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-14 14:14 - 2014-05-14 11:24 - 00000000 ___RD () C:\Users\Anonym\OneDrive.old
2014-05-14 14:14 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym
2014-05-14 14:10 - 2014-05-14 14:10 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Cyberlink
2014-05-14 14:02 - 2014-05-14 14:02 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 14:02 - 2014-05-14 14:02 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 14:02 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Mozilla
2014-05-14 14:02 - 2014-05-14 14:02 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Mozilla
2014-05-14 14:02 - 2014-05-14 14:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 14:01 - 2014-05-14 14:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-14 14:01 - 2014-05-14 14:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 13:58 - 2014-04-25 11:27 - 00000000 ____D () C:\Windows\Panther
2014-05-14 13:57 - 2014-05-14 13:57 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-14 13:57 - 2014-05-14 13:57 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-14 13:57 - 2014-05-14 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-14 13:57 - 2014-05-14 13:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-14 13:54 - 2014-05-14 13:54 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Avira
2014-05-14 13:53 - 2014-05-14 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-14 13:53 - 2014-05-14 13:52 - 00000000 ____D () C:\ProgramData\Avira
2014-05-14 13:53 - 2014-05-14 13:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-14 13:52 - 2014-05-14 13:52 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-14 13:52 - 2014-05-14 13:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-14 12:31 - 2014-05-14 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-14 11:24 - 2014-05-14 11:24 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-14 11:00 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 __SHD () C:\Users\Anonym\AppData\Local\EmieUserList
2014-05-14 10:59 - 2014-05-14 10:59 - 00000000 __SHD () C:\Users\Anonym\AppData\Local\EmieSiteList
2014-05-14 10:58 - 2014-05-14 10:58 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Apple
2014-05-14 10:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2014-05-14 10:52 - 2014-05-14 10:52 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Macromedia
2014-05-14 10:52 - 2014-04-25 14:23 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-05-14 10:51 - 2014-05-14 10:51 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Intel Corporation
2014-05-14 10:50 - 2014-05-14 10:50 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Apple Computer
2014-05-14 10:50 - 2014-05-14 10:50 - 00000000 ____D () C:\Users\Anonym\AppData\Local\Power2Go8
2014-05-14 10:49 - 2014-05-14 10:49 - 00001458 _____ () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-14 10:49 - 2014-05-14 10:49 - 00000020 ___SH () C:\Users\Anonym\ntuser.ini
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Vorlagen
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Startmenü
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Netzwerkumgebung
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Lokale Einstellungen
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Eigene Dateien
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Druckumgebung
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Documents\Eigene Musik
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Documents\Eigene Bilder
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Local\Verlauf
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\AppData\Local\Anwendungsdaten
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 _SHDL () C:\Users\Anonym\Anwendungsdaten
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Roaming\Adobe
2014-05-14 10:49 - 2014-05-14 10:49 - 00000000 ____D () C:\Users\Anonym\AppData\Local\VirtualStore
2014-05-14 10:49 - 2013-08-22 16:45 - 00000000 ____D () C:\Windows\Setup
2014-05-14 10:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Anonym\AppData\Local\Temp\AppLauncher.exe
C:\Users\Anonym\AppData\Local\Temp\avgnt.exe
C:\Users\Anonym\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Start-Manager fr Firmware
--------------------------
Bezeichner              {fwbootmgr}
displayorder            {bootmgr}
                        {670204c0-cc5a-11e3-a42e-8af615110421}
                        {670204c1-cc5a-11e3-a42e-8af615110421}
                        {670204c2-cc5a-11e3-a42e-8af615110421}
                        {6f641847-ccdc-11e3-9ef0-806e6f6e6963}
timeout                 2

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {670204b8-cc5a-11e3-a42e-8af615110421}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {670204c0-cc5a-11e3-a42e-8af615110421}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\BOOT\BOOTX64.EFI
description             UEFI OS

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {670204c1-cc5a-11e3-a42e-8af615110421}
description             UEFI:CD/DVD Drive

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {670204c2-cc5a-11e3-a42e-8af615110421}
description             UEFI:Removable Device

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {6f641847-ccdc-11e3-9ef0-806e6f6e6963}
description             UEFI:Network Device

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {f83f8a70-ced9-11e3-8263-c03fd54a3ebe}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {670204b8-cc5a-11e3-a42e-8af615110421}
nx                      OptIn
bootmenupolicy          Standard

Windows-Startladeprogramm
-------------------------
Bezeichner              {8d7f0cc6-879e-47f6-a767-0ed8fd3b0659}
device                  ramdisk=[\Device\HarddiskVolume4]\Sources\boot.wim,{572bcd56-ffa7-11d9-aae0-0007e994107d}
path                    \windows\system32\winload.efi
description             MEDION Recovery Environment
osdevice                ramdisk=[\Device\HarddiskVolume4]\Sources\boot.wim,{572bcd56-ffa7-11d9-aae0-0007e994107d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {f83f8a70-ced9-11e3-8263-c03fd54a3ebe}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{f83f8a71-ced9-11e3-8263-c03fd54a3ebe}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{f83f8a71-ced9-11e3-8263-c03fd54a3ebe}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {670204b8-cc5a-11e3-a42e-8af615110421}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
recoverysequence        {f83f8a70-ced9-11e3-8263-c03fd54a3ebe}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 No

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {572bcd56-ffa7-11d9-aae0-0007e994107d}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \boot\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {f83f8a71-ced9-11e3-8263-c03fd54a3ebe}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2014-06-09 12:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 01
Ran by Anonym at 2014-06-09 13:02:17
Running from C:\Malware Analyse 41,4 MB\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Avira (HKLM-x32\...\{a7b7cd1e-76a2-4e45-9bed-f735572b2c9e}) (Version: 1.1.13.21221 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.21221 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{091AAE2A-BF2C-4C2E-A22B-99173B02E7BC}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video easy HD (HKLM-x32\...\MAGIX_{0EC215D6-C7BC-4C38-8F22-A4B7C7A678CC}) (Version: 5.0.1.100 - MAGIX AG)
MAGIX Video easy HD (Version: 5.0.1.100 - MAGIX AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA Control Panel 332.35 (Version: 332.35 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0927 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

14-05-2014 08:58:08 Removed Apple Application Support
20-05-2014 13:50:37 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17CA8989-DE5A-47DE-806B-E81D49A4D10B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {436C7D4B-B342-46C9-AD0E-FF3C580AF2FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CC99925-F7C6-4603-91CC-7CEDCF44FF01} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-20] (Microsoft Corporation)
Task: {52323132-996F-4D4E-B80B-70A5A43C52D7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2997412286-1015458257-1311533761-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {832C2A13-BCA5-42BA-89BA-26F2C9A2CA03} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C0C29A40-D56F-465E-AC98-E798A9A039BE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF73F39F-CF1B-4F57-89C7-B0AA987DF795} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBCE90C5-6D00-443B-9FD4-737450565786} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {F3C78343-70DE-4838-8A09-F0466DAE0E07} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ANONYM-Anonym ANONYM => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-14] (Microsoft Corporation)
Task: {F66B4F3E-9985-4563-ACF3-3F904F6D5083} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

==================== Loaded Modules (whitelisted) =============

2014-04-25 14:23 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-14 12:26 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-14 12:26 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-05-07 12:48 - 2014-05-07 12:48 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-07 12:48 - 2014-05-07 12:48 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-14 12:27 - 2014-05-14 12:32 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-05-14 12:26 - 2014-05-14 12:26 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-05-14 12:26 - 2014-05-14 12:26 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-05-14 13:54 - 2014-05-07 12:48 - 00049744 _____ () C:\Users\Anonym\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-25 14:26 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Anonym\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 00:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 9.6.2014.0, Zeitstempel: 0x5395463c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8c9c
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (06/09/2014 00:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 9.6.2014.0, Zeitstempel: 0x5395463c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8c9c
ID des fehlerhaften Prozesses: 0x9a0
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (06/09/2014 00:54:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (06/09/2014 00:42:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (06/09/2014 00:41:51 PM) (Source: DCOM) (EventID: 10010) (User: ANONYM)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (06/09/2014 00:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe9.6.2014.05395463cntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c70801cf83d1c5dba936C:\Malware Analyse 41,4 MB\FRST\FRST64.exeC:\Windows\SYSTEM32\ntdll.dll07208fe2-efc5-11e3-8274-c03fd54a3ebe

Error: (06/09/2014 00:58:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe9.6.2014.05395463cntdll.dll6.3.9600.17031530895afc000037400000000000f8c9c9a001cf83d128fe1a3eC:\Malware Analyse 41,4 MB\FRST\FRST64.exeC:\Windows\SYSTEM32\ntdll.dllee5a0470-efc4-11e3-8274-c03fd54a3ebe

Error: (06/09/2014 00:54:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Malware Analyse 41,4 MB\ESET\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 6099.47 MB
Available physical RAM: 4760.93 MB
Total Pagefile: 7763.47 MB
Available Pagefile: 6346.33 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:815.3 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-09 13:41:16
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b ST1000DX001-1CM162 rev.CC43 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\ANONYM~1\AppData\Local\Temp\pxtdypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\dwm.exe[848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                           00007ffa83f7169a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\dwm.exe[848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                           00007ffa83f716a2 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\dwm.exe[848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                              00007ffa83f7181a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\dwm.exe[848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                              00007ffa83f71832 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ffa83f7169a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ffa83f716a2 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ffa83f7181a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\system32\nvvsvc.exe[916] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ffa83f71832 4 bytes [F7, 83, FA, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1572] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ffa83f7169a 4 bytes [F7, 83, FA, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1572] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ffa83f716a2 4 bytes [F7, 83, FA, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1572] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ffa83f7181a 4 bytes [F7, 83, FA, 7F]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1572] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ffa83f71832 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\Explorer.EXE[1564] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007ffa83f7169a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\Explorer.EXE[1564] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007ffa83f716a2 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\Explorer.EXE[1564] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                 00007ffa83f7181a 4 bytes [F7, 83, FA, 7F]
.text   C:\Windows\Explorer.EXE[1564] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                 00007ffa83f71832 4 bytes [F7, 83, FA, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [544:568]                                                                                           fffff9600087db90
Thread  C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE [3508:3640]                                                       000000006b35a301

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----
         
[/CODE]
--- --- ---
--- --- ---GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-09 14:19:28
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\0000002b ST1000DX001-1CM162 rev.CC43 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\ANONYM~1\AppData\Local\Temp\pxtdypog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960                            fffff80070d5fd00 12 bytes [C0, 52, AC, FF, 02, AD, 4E, ...]
.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 973                            fffff80070d5fd0d 23 bytes [B2, A2, 02, 00, C4, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714    00007ff9e6f8154a 4 bytes [F8, E6, F9, 7F]
.text   C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722    00007ff9e6f81552 4 bytes [F8, E6, F9, 7F]
.text   C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98   00007ff9e6f8162a 4 bytes [F8, E6, F9, 7F]
.text   C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122  00007ff9e6f81642 4 bytes [F8, E6, F9, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [460:468]                                            fffff960008cab90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Geändert von manne42 (09.06.2014 um 13:25 Uhr)

Alt 09.06.2014, 15:53   #4
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2014 14:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Malware Analyse 41,4 MB\OTL
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,74 Gb Available Physical Memory | 79,64% Memory free
11,96 Gb Paging File | 10,67 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 809,91 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 45,38 Gb Free Space | 75,63% Space Free | Partition Type: NTFS
 
Computer Name: ANONYM | User Name: Anonym | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Malware Analyse 41,4 MB\OTL\OTL 3.2.69.0.exe (OldTimer Tools)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ()
MOD - C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ()
MOD - C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll ()
MOD - C:\Users\ANONYM~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (RtlWlanu) -- C:\Windows\SysNative\drivers\RTWlanU.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\..\SearchScopes,DefaultScope = {90B3A719-AD2F-44E4-9AB8-BC0BF070695E}
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\..\SearchScopes\{90B3A719-AD2F-44E4-9AB8-BC0BF070695E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
IE - HKU\S-1-5-21-2997412286-1015458257-1311533761-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014.05.14 14:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anonym\AppData\Roaming\mozilla\Extensions
[2014.05.18 09:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anonym\AppData\Roaming\mozilla\Firefox\Profiles\clgv5pdk.default\extensions
[2014.05.14 14:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.05.14 14:01:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [AppLauncher] C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe File not found
O4 - HKU\S-1-5-18..\Run: [AppLauncher] C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe File not found
O4 - Startup: C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99BCB1EF-CD71-4462-A44C-3ED1380FD28C}: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE540F9-19DF-4787-9D7F-6354F2360790}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.09 13:49:38 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Diagnostics
[2014.06.09 13:14:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.06.09 12:54:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014.06.09 12:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.06.09 12:52:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.06.09 12:37:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.09 12:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.06.09 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.09 12:14:50 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Programs
[2014.06.09 12:13:11 | 000,000,000 | ---D | C] -- C:\Malware Analyse 41,4 MB
[2014.05.22 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\ElevatedDiagnostics
[2014.05.20 16:31:29 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\OneNote-Notizbücher
[2014.05.20 16:30:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014.05.20 16:27:31 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\Benutzerdefinierte Office-Vorlagen
[2014.05.20 15:56:03 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2014.05.20 15:52:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014.05.18 09:01:41 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2014.05.18 09:01:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2014.05.18 09:01:40 | 000,257,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014.05.18 09:01:40 | 000,123,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys
[2014.05.18 09:01:40 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014.05.18 09:01:28 | 013,288,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014.05.18 09:01:28 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014.05.18 09:01:28 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.appcore.dll
[2014.05.18 09:01:28 | 000,921,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014.05.18 09:01:28 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014.05.18 09:01:28 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014.05.18 09:01:28 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014.05.18 09:01:28 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.appcore.dll
[2014.05.18 09:01:28 | 000,419,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.appcore.dll
[2014.05.18 09:01:28 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2014.05.18 09:01:27 | 001,705,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014.05.18 09:01:27 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.appcore.dll
[2014.05.18 09:01:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014.05.18 09:01:27 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014.05.18 09:01:27 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014.05.18 09:01:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014.05.18 09:01:27 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014.05.18 09:01:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014.05.18 09:01:27 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014.05.18 09:01:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014.05.18 09:01:27 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSReset.exe
[2014.05.18 09:01:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014.05.18 09:01:27 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014.05.18 09:01:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014.05.18 09:01:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014.05.18 09:01:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014.05.18 09:01:11 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.18 09:01:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.18 08:57:10 | 000,086,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mrt_map.dll
[2014.05.18 08:57:10 | 000,080,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt_map.dll
[2014.05.18 08:57:10 | 000,028,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mrt100.dll
[2014.05.18 08:57:10 | 000,026,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt100.dll
[2014.05.14 20:06:44 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\Waki Leitung
[2014.05.14 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\Waki
[2014.05.14 20:06:43 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\Privat
[2014.05.14 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\Anonym\Documents\Bank
[2014.05.14 19:54:25 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.05.14 14:41:54 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\MediaServer
[2014.05.14 14:32:16 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Ashampoo
[2014.05.14 14:32:12 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Ashampoo
[2014.05.14 14:20:51 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\MAGIX
[2014.05.14 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
[2014.05.14 14:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2014.05.14 14:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2014.05.14 14:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2014.05.14 14:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2014.05.14 14:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014.05.14 14:14:14 | 000,000,000 | R--D | C] -- C:\Users\Anonym\OneDrive
[2014.05.14 14:10:16 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Cyberlink
[2014.05.14 14:10:14 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\CyberLink
[2014.05.14 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Mozilla
[2014.05.14 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Mozilla
[2014.05.14 14:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014.05.14 14:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014.05.14 14:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.05.14 13:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.05.14 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.05.14 13:54:34 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Avira
[2014.05.14 13:53:42 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.05.14 13:53:42 | 000,112,080 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.05.14 13:53:42 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.05.14 13:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.05.14 13:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.05.14 13:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.05.14 13:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.05.14 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.05.14 12:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014.05.14 12:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014.05.14 11:24:46 | 000,000,000 | R--D | C] -- C:\Users\Anonym\OneDrive.old
[2014.05.14 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014.05.14 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\AppData\Local\EmieUserList
[2014.05.14 10:59:09 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\AppData\Local\EmieSiteList
[2014.05.14 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Apple
[2014.05.14 10:52:35 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Macromedia
[2014.05.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Intel Corporation
[2014.05.14 10:50:08 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Apple Computer
[2014.05.14 10:50:06 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Power2Go8
[2014.05.14 10:49:44 | 000,000,000 | R--D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.05.14 10:49:44 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Searches
[2014.05.14 10:49:44 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Contacts
[2014.05.14 10:49:44 | 000,000,000 | R--D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.05.14 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\VirtualStore
[2014.05.14 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Adobe
[2014.05.14 10:49:34 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Packages
[2014.05.14 10:49:29 | 000,000,000 | --SD | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Videos
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Saved Games
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Pictures
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Music
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Links
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Favorites
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Downloads
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Documents
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\Desktop
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.05.14 10:49:29 | 000,000,000 | R--D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Vorlagen
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\AppData\Local\Verlauf
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\AppData\Local\Temporary Internet Files
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Startmenü
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\SendTo
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Recent
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Netzwerkumgebung
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Lokale Einstellungen
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Documents\Eigene Videos
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Documents\Eigene Musik
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Eigene Dateien
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Documents\Eigene Bilder
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Druckumgebung
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Cookies
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\AppData\Local\Anwendungsdaten
[2014.05.14 10:49:29 | 000,000,000 | -HSD | C] -- C:\Users\Anonym\Anwendungsdaten
[2014.05.14 10:49:29 | 000,000,000 | -H-D | C] -- C:\Users\Anonym\AppData
[2014.05.14 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Temp
[2014.05.14 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Local\Microsoft
[2014.05.14 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.05.14 10:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.09 14:24:49 | 001,780,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.09 14:24:49 | 000,765,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.06.09 14:24:49 | 000,723,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.09 14:24:49 | 000,159,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.06.09 14:24:49 | 000,135,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.09 14:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.09 14:20:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.06.09 14:20:34 | 821,641,215 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.09 13:14:18 | 489,001,394 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.06.09 12:47:00 | 000,000,922 | ---- | M] () -- C:\Users\Anonym\Desktop\Malware Analyse.lnk
[2014.06.09 12:17:25 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.06.09 12:17:25 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.05.14 19:54:13 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.05.14 19:42:21 | 000,454,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.14 14:20:41 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
[2014.05.14 14:15:30 | 000,001,123 | ---- | M] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
[2014.05.14 14:02:00 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.14 13:57:52 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.14 13:52:04 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
 
========== Files Created - No Company Name ==========
 
[2014.06.09 13:14:18 | 489,001,394 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.06.09 12:36:18 | 000,000,922 | ---- | C] () -- C:\Users\Anonym\Desktop\Malware Analyse.lnk
[2014.05.14 20:19:54 | 000,000,788 | ---- | C] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk
[2014.05.14 14:20:41 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
[2014.05.14 14:15:30 | 000,001,123 | ---- | C] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
[2014.05.14 14:02:00 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.05.14 14:02:00 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.14 13:57:52 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.14 13:52:04 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.05.14 10:49:43 | 000,001,458 | ---- | C] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.05.14 10:49:41 | 000,001,779 | ---- | C] () -- C:\Users\Anonym\Desktop\MEDION Serviceportal.lnk
[2014.05.14 10:49:29 | 000,000,369 | ---- | C] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014.05.14 10:49:29 | 000,000,369 | ---- | C] () -- C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014.04.25 16:57:23 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014.04.25 14:23:48 | 001,776,918 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.04.25 14:22:28 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.04.25 14:20:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014.04.25 11:48:17 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013.05.11 18:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.27 11:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.27 09:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.05.14 14:32:12 | 000,000,000 | ---D | M] -- C:\Users\Anonym\AppData\Roaming\Ashampoo
[2014.05.14 14:20:53 | 000,000,000 | ---D | M] -- C:\Users\Anonym\AppData\Roaming\MAGIX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Anonym\OneDrive:ms-properties

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2014 14:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Malware Analyse 41,4 MB\OTL
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,74 Gb Available Physical Memory | 79,64% Memory free
11,96 Gb Paging File | 10,67 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 809,91 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 45,38 Gb Free Space | 75,63% Space Free | Partition Type: NTFS
 
Computer Name: ANONYM | User Name: Anonym | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2997412286-1015458257-1311533761-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112443A1-FAFE-47DA-810B-D303ADC51859}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1E4602E6-84C5-46E0-A5FD-AA05BF36DB09}" = rport=139 | protocol=6 | dir=out | app=system | 
"{234440D3-16DF-4210-8A49-C50CCC238EDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2781E15A-2A57-4CE6-BB0A-AC846E59655F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{381082D3-7055-4379-8E6B-C1C3258C56AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3EA86CF5-632D-4C26-9051-9D47880694BC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5088D298-4752-4C1C-99EC-5FD548AED749}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7019AD43-2C31-420E-AD8D-191F677C72BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78AEDFCC-511F-4853-872C-6073A84498F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{79FF79E8-98EF-451B-BD59-7B72D03BD578}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{917546E7-E350-418A-B640-242F93B3C742}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D369ECB-1A7A-411F-A6D9-8523B4016810}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A9C77CDC-A605-4087-B67D-096C70A00463}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB1ACD42-FFDE-4656-9586-593686356CD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC11908C-39F4-441A-805A-56558B4526DC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B99B542D-2CF5-4062-A340-8E1C9676D253}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BC4D6948-3752-4732-A33C-F99930EE785C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BCA8CD42-A713-41F1-AE1B-322C37FA31B1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C3860ED2-EC61-49D8-8C93-C9FA33B84942}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3903FBD-8C2E-4B15-9597-69F7E01E9B7A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D92B517E-8767-4199-868D-797C9FE89ED6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F98150D9-A503-4EC4-981E-338EC4AA9DF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA90DD39-8A28-4B37-B2E5-5D27A53F50A6}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0658EAFF-9423-4E36-B817-0C57C1838544}" = dir=out | name=@{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{0695D3C6-51DB-4558-ACE7-0B421818F898}" = dir=in | name=skype | 
"{0C619D5C-A2AF-491E-B201-19ED3CF0AB9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CDA034A-C0A5-478F-9D6E-C2183D530026}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10DDB864-1520-4FE3-878C-E2EEC924B221}" = dir=out | name=@{yahooinc.yahoomail_1.7.0.23_neutral__xvnatx83ncrvj?ms-resource://yahooinc.yahoomail/resources/str_branding_mail} | 
"{148168A4-DDC4-4F58-93AD-A3FB70943C58}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{1F1D68B2-FC65-4EEA-9BBB-264D832078DF}" = dir=in | app=c:\users\Anonym\appdata\local\microsoft\skydrive\skydrive.exe | 
"{2A9DE6D7-061F-4BA4-BE58-6652F4F12105}" = dir=in | name=onenote | 
"{2E2D1C22-46AA-48C8-9ED0-D3DA9E0230B7}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{3B8ED0D9-B091-4E1A-B039-7D561156A5DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F24F2B3-01FB-4B6E-A0C2-C028C3AAE2E9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3F8870B7-50AE-4DB2-A3D2-F8458C3C242B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4268A17E-A81D-4AE2-8E94-793A47398194}" = dir=out | name=windows_ie_ac_001 | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4B04CB9F-7151-44E9-9C34-7CAE3F17E098}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{548BF733-E706-4E09-B8D1-E3EA72F41F35}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{54C2D333-4CC8-4CE2-85CE-C1AD5D3EB14F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{54EDD102-473B-48FD-943B-25E7BABB5C45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{56679F7C-474A-457A-96BD-6D2ADC2BFF89}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{5B06E7DC-41A1-4BA7-9E52-2C33869F0A6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{617DCA54-7654-4926-BB7B-9076122117B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6250DD0F-9556-46EE-91E7-C4A53CF79D58}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{62DF8195-45FE-4B41-B74B-1BA8A5B9E889}" = protocol=6 | dir=out | app=system | 
"{636DE78E-E64B-40BD-B5E6-B6F5EFF6B536}" = dir=out | name=@{microsoft.zunemusic_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{65F7F3DA-1C4D-45D3-93CC-0BA3F8DCD07F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{719C562F-BB70-445F-B6CF-41D6ACA3E066}" = dir=in | app=c:\program files\cyberlink\powerdirector12\pdr10.exe | 
"{79EF07D1-8990-4C65-A7DE-BC2E27487688}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{852B6CAD-2FB8-4F7D-96E5-AB6D1611FE7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8A8BE6F0-820C-40EC-80D2-C6667B59793B}" = dir=out | name=skype | 
"{8C3B714F-C766-42FC-92D3-F06EE1B9FD11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D9A539A-AAF9-4F76-A234-E0A83F02F757}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{926A8F6F-7298-4D29-BEEE-6DC1A237390C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{928246A1-840D-4A90-A68C-08D28978C458}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{97CABE77-CE64-4D61-922F-A3D761F37306}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{99303455-C00E-4724-AB7D-8F76EDB8E3A4}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A478EB5E-2428-4E75-B1D2-7D5DA76E71DF}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{CEC95AC2-EDA0-4DB0-82FC-C98AF91DD71E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D05A2B5D-0894-4CE8-850F-8D70034CDDE2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{E22AD826-E9FA-4DB5-B426-79B101E1640F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3720A52-EEAA-404E-B671-965414F42FE8}" = dir=out | name=onenote | 
"{E3B7307F-6991-4700-9B01-9360456F3C25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F2097637-D7BE-4D60-8D9E-EB3A18B2FA4A}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F46E844B-7789-49C9-93F8-B2B98AC58399}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6F6A406-3CA3-47FC-871F-F2A292B3DEE5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091AAE2A-BF2C-4C2E-A22B-99173B02E7BC}" = MAGIX Speed burnR (MSI)
"{0EC215D6-C7BC-4C38-8F22-A4B7C7A678CC}" = MAGIX Video easy HD
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27DEA29A-222C-45F8-B70D-0A7B303FC71B}" = Intel(R) Rapid Storage Technology
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 332.35
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 332.35
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0927
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"HomeStudentRetail - de-de" = Microsoft Office Home and Student 2013 - de-de
"NewBlue Video Essentials for Cyberlink" = NewBlue Video Essentials for PowerDirector
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F871304-B886-4270-8D12-072828C423A0}" = Avira
"{41BF4A3B-D60A-4E92-883F-C88C8C157261}" = Fotogalerie
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66233218-CA57-4AB2-BA43-A97AA4635960}" = Windows Live Essentials
"{70C91B91-61E8-4D06-86D6-A9DCC291983A}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}" = Photo Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
"{a7b7cd1e-76a2-4e45-9bed-f735572b2c9e}" = Avira
"{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}" = Photo Common
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A96E8C-FC88-46F5-800E-6845B4ACA459}" = Photo Gallery
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}" = Movie Maker
"{F0AE9B24-416F-4CAA-8519-75CABCDAC61A}" = NVIDIA PhysX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
"{FC071B45-4A5F-408F-92F8-4D9D693E866F}" = Windows Live UX Platform Language Pack
"Avira AntiVir Desktop" = Avira Free Antivirus
"MAGIX_{091AAE2A-BF2C-4C2E-A22B-99173B02E7BC}" = MAGIX Speed burnR (MSI)
"MAGIX_{0EC215D6-C7BC-4C38-8F22-A4B7C7A678CC}" = MAGIX Video easy HD
"Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2997412286-1015458257-1311533761-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2014 07:45:11 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0xffc  Startzeit der fehlerhaften Anwendung: 0x01cf83d843a0e7e8  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Pfad des 
fehlerhaften Moduls: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Berichtskennung:
 82b34c36-efcb-11e3-8277-c03fd54a3ebe  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.06.2014 07:45:18 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: t54t4gsd56.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: t54t4gsd56.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0xe44  Startzeit der fehlerhaften Anwendung: 0x01cf83d8485cf479  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\t54t4gsd56.exe  Pfad des 
fehlerhaften Moduls: C:\Malware Analyse 41,4 MB\GMER\t54t4gsd56.exe  Berichtskennung:
 86db5127-efcb-11e3-8277-c03fd54a3ebe  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.06.2014 07:45:23 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0xe70  Startzeit der fehlerhaften Anwendung: 0x01cf83d84b97b47b  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Pfad des 
fehlerhaften Moduls: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Berichtskennung:
 8a2ddc0e-efcb-11e3-8277-c03fd54a3ebe  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.06.2014 07:45:41 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0xd78  Startzeit der fehlerhaften Anwendung: 0x01cf83d85667de88  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Pfad des 
fehlerhaften Moduls: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Berichtskennung:
 9515e938-efcb-11e3-8277-c03fd54a3ebe  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.06.2014 07:48:15 | Computer Name = ANONYM | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 09.06.2014 07:48:15 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version:
 1.1.13.21221, Zeitstempel: 0x536a0f3b  Name des fehlerhaften Moduls: ccwkrlib.dll,
 Version: 14.0.4.620, Zeitstempel: 0x53610df5  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0004402f  ID des fehlerhaften Prozesses: 0x7b4  Startzeit der fehlerhaften Anwendung:
 0x01cf83d7fde03b04  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\My
 Avira\Avira.OE.ServiceHost.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Avira\AntiVir
 Desktop\ccwkrlib.dll  Berichtskennung: f0bd798b-efcb-11e3-8277-c03fd54a3ebe  Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 09.06.2014 07:48:41 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0x1368  Startzeit der fehlerhaften Anwendung: 0x01cf83d8c1168ff7  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Pfad des 
fehlerhaften Moduls: C:\Malware Analyse 41,4 MB\GMER\Gmer-19357.exe  Berichtskennung:
 ffe453b4-efcb-11e3-8277-c03fd54a3ebe  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.06.2014 07:48:51 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0x794  Startzeit der fehlerhaften Anwendung: 0x01cf83d8c7c6b980  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Pfad des fehlerhaften
 Moduls: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Berichtskennung: 0642b6ca-efcc-11e3-8277-c03fd54a3ebe
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 09.06.2014 07:49:11 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0x1110  Startzeit der fehlerhaften Anwendung: 0x01cf83d8d3288ad2  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Pfad des fehlerhaften
 Moduls: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Berichtskennung: 11e01caf-efcc-11e3-8277-c03fd54a3ebe
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 09.06.2014 07:49:32 | Computer Name = ANONYM | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Name des fehlerhaften Moduls: djntg643.exe, Version: 2.1.19357.0,
 Zeitstempel: 0x52e7ea83  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000011aa  ID des fehlerhaften
 Prozesses: 0xd98  Startzeit der fehlerhaften Anwendung: 0x01cf83d8e017d871  Pfad der
 fehlerhaften Anwendung: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Pfad des fehlerhaften
 Moduls: C:\Malware Analyse 41,4 MB\GMER\djntg643.exe  Berichtskennung: 1e87e51f-efcc-11e3-8277-c03fd54a3ebe
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 09.06.2014 08:20:08 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:08 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:08 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:11 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:12 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:20 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:25 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:25 | Computer Name = ANONYM | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2014 08:20:36 | Computer Name = ANONYM | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\Rtlihvs.dll  Fehlercode: 126  
 
Error - 09.06.2014 08:20:42 | Computer Name = ANONYM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%577
 
 
< End of report >
         
--- --- ---


Unterhalb meines Beitrages sehe ich nun min. 5 Themen die das Problem behandeln. Ich lese sie gerade.

Alt 09.06.2014, 17:02   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.06.2014, 09:49   #6
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Danke.

Alt 21.06.2014, 07:57   #7
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Die E-Mails werden von dem Computer und vom iPhone abgerufen.
Es wurden Spam-Mails an Adressbuch Kontakte aber auch andere Leute gesendet die ich nicht kenne, die aber nicht im Ordner Gesendet zu sehen sind. Teilweise wurde darauf geantwortet.
Ist es erforderlich das Passwort nochmal zu ändern?
heise.de : Spam-Welle rollt über Yahoo-Konten | heise Security

Alt 21.06.2014, 22:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Lass das ZIP bitte mal bei www.virustotal.com scannen.

Erstmal checken wir fertig, dann erst bringt der Wechsel des PW was.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2014, 13:20   #9
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



https://www.virustotal.com/de/file/a8b4aa36a95373d5045cbcce5e6c1199de8beb7ce8797e353b6a3aec4953ff70/analysis/1403439547/

Alt 23.06.2014, 11:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Hat einer der Scanner was gefunden? ich kann die Seite auf Arbeit nicht öffnen. Mittlerweile ist aber bekannt dass das ein Yahoo-problem ist.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2014, 20:48   #11
manne42
 
Yahoo versendet E-Mails trotz Passwortänderung - Frage

Yahoo versendet E-Mails trotz Passwortänderung



Danke. Nein 0/54 Funde. Ist man in so einem Fall dem Freemail-Anbieter ausgeliefert?
Ich hab es noch nicht ganz verstanden: Hatten/haben die Angreifer Zugriff auf den Server und einzelne oder alle Accounts und Adressbücher?
Und wurden die Spam-Mails über den SMTP des Anbieters oder einen anderen versendet? Sind Spam-Mails ein mildes Ausmaß und hätte schlimmeres geschehen können?

Alt 24.06.2014, 17:09   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Yahoo versendet E-Mails trotz Passwortänderung - Standard

Yahoo versendet E-Mails trotz Passwortänderung



Tja, wir müssen alle warten bis Yahoo mal mit der Sprache raus rückt was da abgeht
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Yahoo versendet E-Mails trotz Passwortänderung
andere, anderen, antimalware, c:\windows, combofix, config, datei, gmer, malwarebytes, malwarebytes antimalware, meldung, nichts, passwort, prozess, start, system, system32, trotz, verdächtiges, versendet, verwendet, windows, yahoo, zugreifen, änderung



Ähnliche Themen: Yahoo versendet E-Mails trotz Passwortänderung


  1. Email Adresse versendet Spam (über 4000 Mails) trotz Passwortänderung/Formatierung/Systemwechsel an Kontakte und Fremde (kein Spoofing)
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (9)
  2. Yahoo mail versendet mails zu meinen kontakten
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (37)
  3. Yahoo: Gefälschte Mailadresse versendet Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (5)
  4. Yahoo Account versendet Spam Mails unter .com Adresse
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (7)
  5. Yahoo Konto versendet Spam Mails
    Log-Analyse und Auswertung - 07.09.2014 (3)
  6. Yahoo-Account versendet auch in meinem Namen aber mit .com Endung Mails
    Plagegeister aller Art und deren Bekämpfung - 08.07.2014 (9)
  7. Mein Yahoo-Account versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (13)
  8. Yahoo Konto versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (15)
  9. Yahoo Mailkonto versendet immer wieder Spam Mails, trotz Passwortwechsel
    Log-Analyse und Auswertung - 21.06.2014 (7)
  10. Yahoo versendet Spam Mails mit meinem Mail-Konto
    Log-Analyse und Auswertung - 09.06.2014 (15)
  11. Yahoo-Account versendet automatisch Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  12. Spam Mails werden von yahoo account verschickt - auch nach Passwortänderung
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (14)
  13. Virus? Yahoo versendet Mails
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (11)
  14. Trojaner? Yahoo-Mail versendet automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  15. Yahoo-Mail Account versendet Spam Mails
    Log-Analyse und Auswertung - 25.05.2012 (10)
  16. Yahoo Account versendet ungefragt Mails an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (4)
  17. Trojaner? Yahoo versendet Spam-Mails
    Log-Analyse und Auswertung - 06.04.2011 (11)

Zum Thema Yahoo versendet E-Mails trotz Passwortänderung - Hallo, Yahoo versendet E-Mails trotz Passwortänderung von einem anderen PC aus. Die Progrmme AdwCleaner, aswMBR, ComboFix, FRST, JRT, Malwarebytes AntiMalware haben nichts verdächtiges gefunden. Beim Start von GMER kommt die - Yahoo versendet E-Mails trotz Passwortänderung...
Archiv
Du betrachtest: Yahoo versendet E-Mails trotz Passwortänderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.