| |
| |||||||
Log-Analyse und Auswertung: HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2012, 14:30
| #1 |
 |  HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung HIJACK - auf NETBOOK - und noch - oder nicht mehr? hallo, ich bin Laie und arbeite mich durch Anweisungen aus dem Internet, saniere meine verseuchten Geräte und befürchte, dass ich alles nochmal machen muss, weil ich Eure Anweisungen zu spät gesehen habe. Sowohl mein NETBOOK (das bespreche ich hier) als auch mein RECHNER haben (hatten?) leider Virenbefall. Ich habe von beiden jeweils die Sicherungs- und Antivirenprogramme geladen (nach Antivir-Scan und Malwarebytescheck) Denn mein Linux-Notebook (Arbeit) gewährt mir keine Adminrechte zum Downloaden. Außerdem werden die Dateien bei Linux verfälscht, so dass ich doch immer wieder an den anderen Geräten arbeite, während ich die Anweisungen ansonsten zu befolgen suche und vor allem auch die downloads der ganzen Programm von da oder vom Netbook kommen (Antivir und Eure angegebenen Programme s.u.). Leider habe ich immer vor fast jedem Scan die Programme wieder mit Revo-Uninstaller deinstalliert und dabei vübersehen, dass die Log-Dateien mit verschwinden. Die Reihenfolge war: Antivir (war installiert), Malwarebytes (Hijack-Fund), Eset smart Security, Kaspersky Security 2012 - meist vom Netbook oder auch Rechner geladen, da ich mit Linux auch nicht berechtigt bin, downzuloaden. HIER GEHT ES UM DAS NETBOOK: Netbookfund: Hijack mit Malwarebytes - weiß (s.o.) die genaue Bezeichnung und Ort nicht mehr... Dann habe ich die allgemeine!!! Hilfeseite entdeckt und befolgt. Ich verstehe nicht, ob wirklich bei jedem Scan W-Lan ausgestellt sein muss. Ich hab es nur bei GMER ausgestellt. Malwarebytes habe ich nicht noch mal durchgeführt - da erscheint kein Virus mehr. Ich kann nun diese Daten zeigen: DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:43 on 22/06/2012 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ______________________________________ defogger_enable by jpshortstuff (23.02.10.1) Log created at 20:44 on 22/06/2012 (xxx) Parsing file... -=E.O.F=- ______________________________________ OTL (Ich habe die ausführliche Version gemacht, und nur diese fette Datei bekommen):OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2012 20:55:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = G:\exen Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 609,53 Mb Available Physical Memory | 60,16% Memory free 2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,49% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 29,10 Gb Free Space | 43,83% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,16 Gb Free Space | 26,62% Space Free | Partition Type: FAT32 Drive E: | 7,45 Gb Total Space | 7,34 Gb Free Space | 98,59% Space Free | Partition Type: FAT32 Drive G: | 7,42 Gb Total Space | 5,89 Gb Free Space | 79,35% Space Free | Partition Type: FAT32 Computer Name: \xxx\-30983A | User Name: \xxx\ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 00:47:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\exen\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.04 02:19:44 | 000,023,040 | ---- | M] () -- C:\WINDOWS\system32\kygaLM.dll MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006.10.01 14:37:02 | 000,947,200 | ---- | M] () -- C:\Programme\OpenVPN\bin\libeay32.dll MOD - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 19:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.21 23:45:40 | 000,159,744 | ---- | M] () [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.01 14:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.13 15:28:46 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.07.13 15:28:46 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2008.07.13 15:28:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2008.07.13 15:28:46 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.07.13 15:28:46 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2008.07.13 15:28:46 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.07.13 15:28:45 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.06.10 17:08:00 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.07 19:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.11.15 21:18:20 | 000,572,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 02:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.22 14:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 00:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions [2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com [2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions [2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml [2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml [2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml [2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.18 19:56:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.02 18:03:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 19:56:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:56:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:56:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:56:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:56:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:56:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Automatisch EPSON Stylus DX3800 Series auf ICH-705165CB177] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\Chris\Startmenü\Programme\Autostart\Antroposofischer Seelenkalender.lnk = C:\Programme\AntroVista\Seelenkalender\start.hta () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D758D2-C729-4EF0-8DE2-C31A73771801}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 14:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.22 02:12:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.06.22 02:06:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012 [2012.06.22 02:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2012.06.22 02:03:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.06.22 02:02:47 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2012.06.21 13:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 03:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.21 03:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.19 00:40:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.19 00:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.19 00:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.18 23:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Revo Uninstaller [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.06.22 20:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job [2012.06.22 20:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.22 20:39:39 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job [2012.06.22 16:05:03 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 13:16:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.06.22 09:28:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.22 02:48:59 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.06.22 02:14:19 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.22 00:07:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.19 09:39:00 | 000,451,004 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.19 09:39:00 | 000,434,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.19 09:39:00 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.19 09:39:00 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.19 09:11:39 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.19 03:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.18 23:49:23 | 000,000,879 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Revo Uninstaller.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 02:14:17 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.19 00:40:25 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 10:52:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat ========== LOP Check ========== [2008.07.04 22:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2008.07.04 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 18:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2012.04.30 14:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2008.12.29 23:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.04.17 22:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2008.07.04 22:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 11:42:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: 1gfrp9wt.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\fwlyapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA7C19FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA7C1A8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA7C33AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA7C1AE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA7C1AD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA7C33E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA7C1B056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA7C1B21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA7C19D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA7C1AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA7C1A5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA7C33ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA7C1B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA7C2E084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA7C2F88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA7C1A8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA7C1C53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7C2F088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7C2FA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA7C1B62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA7C2EBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA7C2EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA7C1BB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA7C3230A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA7C1AEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA7C1ADA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA7C1A1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA7C1B97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA7C1AFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA7C1A0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA7C2DEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA7C2F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA7C32500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA7C1BEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA7C2F488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA7C1B7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA7C2E198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA7C2E80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA7C34048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA7C33F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA7C340B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA7C2EA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA7C1C3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA7C2E33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA7C2E4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA7C2E670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA7C33C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA7C1A756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA7C1B3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA7C1C010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA7C2F248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA7C1C104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA7C1C23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA7C1B45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA7C1A392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA7C1A2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA7C1BD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA7C1A47C]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A7C0C9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF92C 5 Bytes JMP A7C0CDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050454C 12 Bytes [06, 3E, C3, A7, 56, B0, C1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [2E, B6, C1, A7, C0, EB, C2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DDC 80504694 4 Bytes CALL C4F80839
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 80504794 16 Bytes [98, E1, C2, A7, 0C, E8, C2, ...] {CWDE ; LOOPZ 0xffffffffffffffc5; CMPSD ; OR AL, 0xe8; RET 0x48a7; INC EAX; RET ; CMPSD ; XCHG ESI, EAX; AAS ; RET ; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 805047C4 4 Bytes [14, EA, C2, A7]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823
---- EOF - GMER 1.0.15 ----
__________________________________________ Leider ging selbst bei GMER einmal das Fenster einer vergessenen E-Plus-Installation auf. Ich hoffe, mich ausreichend ausgedrückt zu haben und warte gespannt auf Hinweise. VIELEN DANK IM VORAUS + Gruß PS: vom Rechner, falls das durch den Transfer von Daten und Downloads zum Netbook eine Rolle spielt - kann ich auch die Antiviren-Datei senden. Es wurden 7 Verschlüsselungs-Trojaner bzw. Viren gefunden. ES IST DER PUM.Hijack im Start Menu (gewesen)! Schade, ich hätte meinen Beitrag gerne editiert, denn nun hab ich doch noch die erste Malbwarebyte Logdatei gefunden... sorry! Ich sende sie jetzt (oder hätte ich das Thema löschen und neu starten sollen?) ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0 w w w . m a l w a r e b y t e s . o r g D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 0 . 0 5 W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2 /xxx/ : : /xxx/ - 7 0 5 1 6 5 C B 1 7 7 [ A d m i n i s t r a t o r ] 2 0 . 0 6 . 2 0 1 2 1 7 : 2 8 : 3 2 m b a m - l o g - 2 0 1 2 - 0 6 - 2 0 ( 1 7 - 2 8 - 3 2 ) . t x t A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P D u r c h s u c h t e O b j e k t e : 3 3 2 1 7 7 L a u f z e i t : 2 S t u n d e ( n ) , 1 1 M i n u t e ( n ) , 9 S e k u n d e ( n ) I n f i z i e r t e S p e i c h e r p r o z e s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e S p e i c h e r m o d u l e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 1 H K C U \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d | S t a r t _ S h o w H e l p ( P U M . H i j a c k . S t a r t M e n u ) - > B ö s a r t i g : ( 0 ) G u t : ( 1 ) - > E r f o l g r e i c h e r s e t z t u n d i n Q u a r a n t ä n e g e s t e l l t . I n f i z i e r t e V e r z e i c h n i s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i e n : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) ( E n d e ) hallo, ich editiere meinen Text von gestern hier nochmal, weil ich einen Logfile doch noch gefunden habe: ich bin Laie und arbeite mich durch Anweisungen aus dem Internet Sowohl mein NETBOOK (das bespreche ich hier) als auch mein RECHNER haben (hatten?) leider Virenbefall (Der Rechner 7 andere Viren als das Netbook). Ich habe von beiden verseuchten Geräten jeweils die Sicherungs- und Antivirenprogramme geladen, mit denen ich auch gescannt habe (nach Antivir-Scan und Malwarebytescheck) (macht das was?) Ich habe entgegen Euren Angaben leider vor fast jedem Scan die Programme wieder mit Revo-Uninstaller deinstalliert und dabei übersehen, dass die Log-Dateien und der VIrus mit verschwinden. Die Reihenfolge war: Antivir (war installiert), Malwarebytes (PlumHijack-Start-Menu-Fund), Eset smart Security, Kaspersky Security 2012 - und dann erst Eure Anweisungen der allgemeinen Hilfe. HIER GEHT ES UM DAS NETBOOK: Ich verstehe nicht, ob wirklich bei jedem Scan W-Lan ausgestellt sein muss. Ich hab es nur bei GMER ausgestellt. Ich kann nun diese Daten zeigen: ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0 w w w . m a l w a r e b y t e s . o r g D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 0 . 0 5 W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2 /xxx/ : : /xxx/ - 7 0 5 1 6 5 C B 1 7 7 [ A d m i n i s t r a t o r ] 2 0 . 0 6 . 2 0 1 2 1 7 : 2 8 : 3 2 m b a m - l o g - 2 0 1 2 - 0 6 - 2 0 ( 1 7 - 2 8 - 3 2 ) . t x t A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P D u r c h s u c h t e O b j e k t e : 3 3 2 1 7 7 L a u f z e i t : 2 S t u n d e ( n ) , 1 1 M i n u t e ( n ) , 9 S e k u n d e ( n ) I n f i z i e r t e S p e i c h e r p r o z e s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e S p e i c h e r m o d u l e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 1 H K C U \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d | S t a r t _ S h o w H e l p ( P U M . H i j a c k . S t a r t M e n u ) - > B ö s a r t i g : ( 0 ) G u t : ( 1 ) - > E r f o l g r e i c h e r s e t z t u n d i n Q u a r a n t ä n e g e s t e l l t . I n f i z i e r t e V e r z e i c h n i s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i e n : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) ( E n d e ) DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:43 on 22/06/2012 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ______________________________________ defogger_enable by jpshortstuff (23.02.10.1) Log created at 20:44 on 22/06/2012 (xxx) Parsing file... -=E.O.F=- ______________________________________ OTL (Ich habe die ausführliche Version gemacht, und nur diese fette Datei bekommen): OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2012 20:55:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = G:\exen Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 609,53 Mb Available Physical Memory | 60,16% Memory free 2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,49% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 29,10 Gb Free Space | 43,83% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,16 Gb Free Space | 26,62% Space Free | Partition Type: FAT32 Drive E: | 7,45 Gb Total Space | 7,34 Gb Free Space | 98,59% Space Free | Partition Type: FAT32 Drive G: | 7,42 Gb Total Space | 5,89 Gb Free Space | 79,35% Space Free | Partition Type: FAT32 Computer Name: \xxx\-30983A | User Name: \xxx\ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 00:47:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\exen\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.04 02:19:44 | 000,023,040 | ---- | M] () -- C:\WINDOWS\system32\kygaLM.dll MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006.10.01 14:37:02 | 000,947,200 | ---- | M] () -- C:\Programme\OpenVPN\bin\libeay32.dll MOD - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 19:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.21 23:45:40 | 000,159,744 | ---- | M] () [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.01 14:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.13 15:28:46 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.07.13 15:28:46 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2008.07.13 15:28:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2008.07.13 15:28:46 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.07.13 15:28:46 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2008.07.13 15:28:46 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.07.13 15:28:45 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.06.10 17:08:00 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.07 19:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.11.15 21:18:20 | 000,572,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 02:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.22 14:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 00:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions [2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com [2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions [2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml [2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml [2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml [2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.18 19:56:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.02 18:03:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 19:56:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:56:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:56:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:56:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:56:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:56:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Automatisch EPSON Stylus DX3800 Series auf ICH-705165CB177] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\Chris\Startmenü\Programme\Autostart\Antroposofischer Seelenkalender.lnk = C:\Programme\AntroVista\Seelenkalender\start.hta () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D758D2-C729-4EF0-8DE2-C31A73771801}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 14:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.22 02:12:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.06.22 02:06:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012 [2012.06.22 02:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2012.06.22 02:03:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.06.22 02:02:47 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2012.06.21 13:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 03:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.21 03:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.19 00:40:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.19 00:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.19 00:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.18 23:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Revo Uninstaller [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.06.22 20:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job [2012.06.22 20:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.22 20:39:39 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job [2012.06.22 16:05:03 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 13:16:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.06.22 09:28:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.22 02:48:59 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.06.22 02:14:19 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.22 00:07:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.19 09:39:00 | 000,451,004 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.19 09:39:00 | 000,434,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.19 09:39:00 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.19 09:39:00 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.19 09:11:39 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.19 03:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.18 23:49:23 | 000,000,879 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Revo Uninstaller.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 02:14:17 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.19 00:40:25 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 10:52:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat ========== LOP Check ========== [2008.07.04 22:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2008.07.04 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 18:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2012.04.30 14:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2008.12.29 23:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.04.17 22:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2008.07.04 22:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 11:42:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: 1gfrp9wt.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\fwlyapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA7C19FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA7C1A8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA7C33AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA7C1AE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA7C1AD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA7C33E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA7C1B056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA7C1B21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA7C19D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA7C1AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA7C1A5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA7C33ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA7C1B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA7C2E084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA7C2F88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA7C1A8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA7C1C53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7C2F088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7C2FA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA7C1B62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA7C2EBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA7C2EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA7C1BB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA7C3230A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA7C1AEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA7C1ADA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA7C1A1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA7C1B97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA7C1AFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA7C1A0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA7C2DEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA7C2F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA7C32500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA7C1BEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA7C2F488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA7C1B7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA7C2E198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA7C2E80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA7C34048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA7C33F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA7C340B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA7C2EA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA7C1C3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA7C2E33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA7C2E4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA7C2E670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA7C33C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA7C1A756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA7C1B3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA7C1C010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA7C2F248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA7C1C104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA7C1C23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA7C1B45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA7C1A392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA7C1A2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA7C1BD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA7C1A47C]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A7C0C9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF92C 5 Bytes JMP A7C0CDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050454C 12 Bytes [06, 3E, C3, A7, 56, B0, C1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [2E, B6, C1, A7, C0, EB, C2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DDC 80504694 4 Bytes CALL C4F80839
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 80504794 16 Bytes [98, E1, C2, A7, 0C, E8, C2, ...] {CWDE ; LOOPZ 0xffffffffffffffc5; CMPSD ; OR AL, 0xe8; RET 0x48a7; INC EAX; RET ; CMPSD ; XCHG ESI, EAX; AAS ; RET ; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 805047C4 4 Bytes [14, EA, C2, A7]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823
---- EOF - GMER 1.0.15 ----
__________________________________________ Leider ging selbst bei GMER einmal das Fenster einer vergessenen E-Plus-Installation auf. Ich hoffe, mich ausreichend ausgedrückt zu haben und warte gespannt auf Hinweise. VIELEN DANK IM VORAUS + Gruß PS: vom Rechner, falls das durch den Transfer von Daten und Downloads zum Netbook eine Rolle spielt - kann ich auch die Antiviren-Datei senden. Es wurden 7 Verschlüsselungs-Trojaner bzw. Viren gefunden. |
|
26.06.2012, 14:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
27.06.2012, 05:56
| #3 |
| |  HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Danke
__________________ :!Ich sende also den bisher noch nicht gesendeten log VOR der jetzt empfohlenen Aktion (und VOR den eingangs beschriebenen Aktionen mit GMER etc) und nachfolgend die, die mir JETZT HIER OBEN als Angabe gemacht wurden (Ich habe noch einen aus 11.2011 und einen aus 09.2010 gefunden, das ist wohl nicht gemeint?): (Zitat:"Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!") m a l w a r e b y t e s vom 21.06.12 Code:
ATTFilter ÿþ d + 0 2 : 2 8 2 1 . 0 6 . 2 0 1 2 0 2 : 2 8 2 1 . 0 6 . 2 0 1 2 0 0 0 M a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0
w w w . m a l w a r e b y t e s . o r g
D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 0 . 0 5
W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S
I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2
(XXX) : : (XXX)- 7 0 5 1 6 5 C B 1 7 7 [ A d m i n i s t r a t o r ]
2 0 . 0 6 . 2 0 1 2 2 2 : 4 0 : 4 3
m b a m - l o g - 2 0 1 2 - 0 6 - 2 0 ( 2 2 - 4 0 - 4 3 ) . t x t
A r t d e s S u c h l a u f s : Q u i c k - S c a n
A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M
D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P
D u r c h s u c h t e O b j e k t e : 2 3 5 3 0 4
L a u f z e i t : 9 M i n u t e ( n ) , 2 8 S e k u n d e ( n )
I n f i z i e r t e S p e i c h e r p r o z e s s e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e S p e i c h e r m o d u l e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e V e r z e i c h n i s s e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e D a t e i e n : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
( E n d e )
Code:
ATTFilter ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0
w w w . m a l w a r e b y t e s . o r g
D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 6 . 0 6
W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S
I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2
(XXX) : : (XXX) - 3 0 9 8 3 A [ A d m i n i s t r a t o r ]
2 6 . 0 6 . 2 0 1 2 1 8 : 1 7 : 5 6
m b a m - l o g - 2 0 1 2 - 0 6 - 2 6 ( 1 8 - 1 7 - 5 6 ) . t x t
A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f
A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M
D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P
D u r c h s u c h t e O b j e k t e : 3 4 1 8 4 5
L a u f z e i t : 1 S t u n d e ( n ) , 2 3 M i n u t e ( n ) , 5 3 S e k u n d e ( n )
I n f i z i e r t e S p e i c h e r p r o z e s s e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e S p e i c h e r m o d u l e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e V e r z e i c h n i s s e : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
I n f i z i e r t e D a t e i e n : 0
( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )
( E n d e )
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c07c2b250219944ba8bae3705fa76cc3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-26 06:55:23
# local_time=2012-06-26 08:55:23 (+0100, Romanische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 552 552 0 0
# scanned=22316
# found=0
# cleaned=0
# scan_time=1514
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c07c2b250219944ba8bae3705fa76cc3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-26 09:36:28
# local_time=2012-06-26 11:36:28 (+0100, Romanische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 2216 2216 0 0
# scanned=112255
# found=0
# cleaned=0
# scan_time=9516
Eventuell hatte ich beim ersten Mal die mobile Festplatte nicht dabei, wann anders einen Stick weniger (?). -Ich habe eine kostenlose Version von Eset - da gab es kein Update-Fenster. Sie wird allerdings aktualisiert beim Laden (?) - den download der Programme als auch das Schreiben erledige ich vom Linux-Rechner, um den anderen nicht nutzen zu müssen. Jetzt kamen mir Bedenken, ob die Daten dabei verändert werden? Zumindest musste ich nach Eset-Scan den Browser zum Trojanerboard im Netbook öffnen, weil ich mir die Kopie der Eingabe nicht vom Linux-Rechner zum Netbook kopieren konnte und mir der Schrägstrich beim manuellen Eintragen des Befehls nicht gelang  Soweit - wäre ja toll, wenn es sich damit erledigt! Andererseits auch ein Hammer, wenn es nur ein kleiner Eset-Irrtum gewesen sein sollte... (Doch besser so, als anders herum...  Danke nochmal! |
|
27.06.2012, 13:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Die Logs von Malwarebytes sind nicht vernünftig zu lesen! Bitte richtig posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.06.2012, 19:47
| #5 |
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung OK, das liegt dann wohl an der Linux/OpenOffice-Version? Dann mach ich es doch übers Netbook - anders geht es nicht. Malwarebytes vom 21.06.12: Code:
ATTFilter d+02:28 21.06.201202:28 21.06.2012000Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 \xxx\ :: \xxx\-705165CB177 [Administrator] 20.06.2012 22:40:43 mbam-log-2012-06-20 (22-40-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235304 Laufzeit: 9 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)  :Malwarebytes vom 26.06.12: [code] Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 \xxx\ :: \xxx\-30983A [Administrator] 26.06.2012 18:17:56 mbam-log-2012-06-26 (18-17-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 341845 Laufzeit: 1 Stunde(n), 23 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [code] Hoffentlich ok so!? |
|
28.06.2012, 12:41
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungZitat:
Unter Linux gibt es schlanke Editoren wie zB gedit, leafpad oder geany Zudem hab ich hier den Eindruck du würfelst hier Logs von verschiedenen Rechnern in einen Strang - soll hier das Chaos ausbrechen?  Pro Rechner machst du bitte einen eigenen Strang auf!
__________________ --> HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung |
|
29.06.2012, 00:48
| #7 |
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung tut mir leid - wie gesagt: ich bin Laie und habe versucht, mit dem Linux-Rechner zu antworten, um nicht auf dem befallenen Netbook zu schreiben. Es war wohl nicht OO sondern KWrite - die alten Logfiles sehen damit allerdings besser aus. Linux ist für mich neu. Beim Hin- und Herstransport verändert sich da wohl auch was. Wenn ich Logfiles vom anderen Rechnern gesendet haben sollte, dann kann das nur durch ein falsches Abspeichern passiert sein und ist leider im Rahmen der Datensicherung von zwei Rechnern auf den dritten mit zwischendurch nicht mehr funktionierender Arbeitsplatte (von windows auf Linux) passiert.  Sorry... am Inhalt erkenne ich es kaum, die log-Dateien sind für mich kryptisch. Die letzte malwarebytelog vom 26.Juni2012 ist jedenfalls vom Netbook. Ich habe da keine mehr vom Rechner gemacht. Andere habe ich nicht mehr. Gruß und Dank! |
|
29.06.2012, 12:14
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungZitat:
Zitat:
Dann klappt es auch mit den Logs Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 16:35
| #9 | |||
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungZitat:
 Zitat:
Zitat:
Code:
ATTFilter OTL logfile created on: 29.06.2012 15:11:10 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = G:\exen Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 662,39 Mb Available Physical Memory | 65,37% Memory free 2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,55% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 29,22 Gb Free Space | 44,01% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,16 Gb Free Space | 26,62% Space Free | Partition Type: FAT32 Drive F: | 698,63 Gb Total Space | 569,08 Gb Free Space | 81,46% Space Free | Partition Type: NTFS Drive G: | 7,42 Gb Total Space | 2,58 Gb Free Space | 34,70% Space Free | Partition Type: FAT32 Computer Name: /xxx/ -30983A | User Name: /xxx/ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 15:02:18 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\exen\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2007.05.04 02:19:44 | 000,023,040 | ---- | M] () -- C:\WINDOWS\system32\kygaLM.dll MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006.10.01 14:37:02 | 000,947,200 | ---- | M] () -- C:\Programme\OpenVPN\bin\libeay32.dll MOD - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 19:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.21 23:45:40 | 000,159,744 | ---- | M] () [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.01 14:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.13 15:28:46 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.07.13 15:28:46 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2008.07.13 15:28:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2008.07.13 15:28:46 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.07.13 15:28:46 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2008.07.13 15:28:46 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.07.13 15:28:45 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.06.10 17:08:00 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.07 19:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.11.15 21:18:20 | 000,572,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198 IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 02:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.22 14:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.26 13:46:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.29 15:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions [2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.29 15:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\staged [2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com [2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions [2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml [2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml [2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml [2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.18 19:56:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.02 18:03:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 19:56:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:56:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:56:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:56:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:56:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:56:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Automatisch EPSON Stylus DX3800 Series auf ICH-705165CB177] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Antroposofischer Seelenkalender.lnk = C:\Programme\AntroVista\Seelenkalender\start.hta () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{611CD1E8-C2F0-4603-BAD8-BA69D9C27AE1}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D758D2-C729-4EF0-8DE2-C31A73771801}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "usnjsvc" MsConfig - Services: "Micro Star SCM" MsConfig - StartUpReg: BullGuard - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\HomeCinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MGSysCtrl - hkey= - key= - C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) MsConfig - StartUpReg: QuickFinder Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 20:20:59 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.06.26 18:14:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.26 18:14:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.26 18:14:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.22 14:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.22 02:12:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.06.22 02:06:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012 [2012.06.22 02:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2012.06.22 02:03:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.06.22 02:02:47 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2012.06.21 13:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 03:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.21 03:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.19 00:40:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.19 00:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.19 00:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.18 23:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Revo Uninstaller [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.29 15:20:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.06.29 14:54:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.29 14:54:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.29 14:54:17 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 20:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job [2012.06.27 20:27:58 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.06.26 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job [2012.06.26 18:14:18 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.26 14:54:51 | 000,000,251 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\KYGA.dat [2012.06.26 13:16:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.06.22 21:15:55 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.22 16:05:03 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 09:28:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.22 02:14:19 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.19 09:39:00 | 000,451,004 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.19 09:39:00 | 000,434,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.19 09:39:00 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.19 09:39:00 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.19 03:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.18 23:49:23 | 000,000,879 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Revo Uninstaller.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 18:14:18 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 02:14:17 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.19 00:40:25 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 10:52:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2008.07.03 08:51:08 | 000,000,238 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Default.PLS [2008.07.03 08:51:08 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mdb.bin [2008.07.03 08:51:06 | 000,051,712 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2008.07.04 22:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2008.07.04 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 18:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2012.04.30 14:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2008.12.29 23:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.04.17 22:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2008.07.04 22:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.04.29 14:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2009.10.24 19:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Verbindungsassistent [2012.05.02 13:46:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FileZilla [2012.04.29 19:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2012.05.26 22:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2012.06.29 15:20:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2012.06.22 02:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Kaspersky Lab < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.03 21:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe [2010.04.04 23:54:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Apple Computer [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2008.07.04 22:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\COREL [2010.03.06 17:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CyberLink [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2008.12.31 15:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Google [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.05.24 11:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Identities [2008.06.10 12:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\InstallShield [2008.05.24 14:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia [2012.06.21 03:16:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.22 11:14:39 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft [2008.07.04 00:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2012.06.29 15:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype [2011.04.13 10:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\skypePM [2008.05.24 16:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sun [2008.07.04 00:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Talkback [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2009.11.26 10:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3 [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.06.22 15:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vlc [2008.08.26 12:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\0876820C4E821102\cleanup.exe [2007.10.23 10:22:56 | 003,350,528 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\0876820C4E821102\Launchpad Removal.exe [2007.10.23 11:14:38 | 004,632,576 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\0876820C4E821102\LaunchPad.exe [2007.10.23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\0876820C4E821102\U3AccessGrant.exe [2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\cleanup.exe [2007.10.23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe [2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\Del_CD_ROM.exe [2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\InstallWTGService.exe [2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\OSU.exe [2010.04.09 22:11:31 | 001,148,368 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\Setup.exe [2010.04.09 22:11:31 | 001,091,024 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\Uninstaller.exe [2010.04.09 22:11:31 | 007,226,832 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\Verbindungsassistent.exe [2009.10.24 19:29:19 | 000,472,528 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\WTGService.exe [2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent\BackUp\WTGVistaUtil.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\I386\IASTOR.SYS [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\OEMDRV\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.05.24 13:09:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.05.24 13:09:10 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.05.24 13:09:10 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > Das Netbook ist übrigens anfangs nicht angesprungen - erst nachdem ich den Akku einmal rausgenommen, um sich selbst gedreht und wieder eingelegt habe. Ist das wichtig? Danke !!! |
|
01.07.2012, 13:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.startup.homepage: "http://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
[2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.29 15:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\staged
[2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com
[2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions
[2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml
[2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml
[2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml
[2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
[2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun
O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - File not found
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
:Files
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar
C:\Programme\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 14:57
| #11 | |
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Du schriebst: Zitat:
hier der/die/das OTL-Fix-log: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352EFF94-F89E-46B0-8F49-AD92FA714380}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ecosia" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\staged\ not found.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-TW folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-CN folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\uk folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\tr-TR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sv-SE folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sl folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sk-SK folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ru-RU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ro folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-PT folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-BR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pl-PL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nl-NL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nb-NO folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\lt folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ko-KR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ja-JP folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\it-IT folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\hu-HU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\he-IL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fr-FR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fi-FI folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\es-ES folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-GB folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\el folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\da-DK folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\cs-CZ folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ca folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ar folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions folder moved successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@gmx.net.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Öffnen mit WordPerfect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\toolbar_eula_launcher\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar\APNU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxx
->Temp folder emptied: 1322071537 bytes
->Temporary Internet Files folder emptied: 10228752 bytes
->Java cache emptied: 2800500 bytes
->FireFox cache emptied: 361461938 bytes
->Flash cache emptied: 17948 bytes
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 591836 bytes
->Temporary Internet Files folder emptied: 102881 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 280440 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47615997 bytes
User: Neuer Ordner
User: xxx
->Temporary Internet Files folder emptied: 18520674 bytes
->Java cache emptied: 2483839 bytes
->FireFox cache emptied: 14515906 bytes
->Google Chrome cache emptied: 152006746 bytes
->Flash cache emptied: 3490 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61641190 bytes
RecycleBin emptied: 99970793 bytes
Total Files Cleaned = 1.997,00 mb
[EMPTYFLASH]
User: All Users
User: xxx
->Flash cache emptied: 0 bytes
User: Default User
User: Gast
User: LocalService
User: NetworkService
User: Neuer Ordner
User: xxx
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\driverscAll processes killed
========== OTL ==========
HKU\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\Software\Microsoft\Internet Explorer\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{352EFF94-F89E-46B0-8F49-AD92FA714380}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ecosia" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\staged\ not found.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-TW folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-CN folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\uk folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\tr-TR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sv-SE folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sl folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sk-SK folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ru-RU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ro folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-PT folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-BR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pl-PL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nl-NL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nb-NO folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\lt folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ko-KR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ja-JP folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\it-IT folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\hu-HU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\he-IL folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fr-FR folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fi-FI folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\es-ES folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-GB folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\el folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\da-DK folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\cs-CZ folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ca folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ar folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions folder moved successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@gmx.net.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3134294254-2874434923-681666218-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Öffnen mit WordPerfect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01f60914-301c-11de-9be8-0015af9f372a}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f31-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f34-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f36-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a573f37-80e5-11de-9c2e-0015af9f372a}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\toolbar_eula_launcher\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar\APNU folder moved successfully.
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxx
->Temp folder emptied: 1322071537 bytes
->Temporary Internet Files folder emptied: 10228752 bytes
->Java cache emptied: 2800500 bytes
->FireFox cache emptied: 361461938 bytes
->Flash cache emptied: 17948 bytes
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 591836 bytes
->Temporary Internet Files folder emptied: 102881 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 280440 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47615997 bytes
User: Neuer Ordner
User: xxx
->Temporary Internet Files folder emptied: 18520674 bytes
->Java cache emptied: 2483839 bytes
->FireFox cache emptied: 14515906 bytes
->Google Chrome cache emptied: 152006746 bytes
->Flash cache emptied: 3490 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61641190 bytes
RecycleBin emptied: 99970793 bytes
Total Files Cleaned = 1.997,00 mb
[EMPTYFLASH]
User: All Users
User: xxx
->Flash cache emptied: 0 bytes
User: Default User
User: Gast
User: LocalService
User: NetworkService
User: Neuer Ordner
User: xxx
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_153057
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_153057
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- ich habe die OTl.exe nun nicht nochmal upgedatet. Hätte ich sollen ? - Spielt es eine Rolle, ob ich die Speichermedien noch dranhängen habe? Ich habe lange überlegt, wo ich sie letztens eingesteckt hatte (G+F). - windows xp hat beim Neustart das Dateysystem auf F Typ NTFS auf Konsistenz überprüft (mobiler Speicher) und nu? DANKE! |
|
01.07.2012, 16:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 23:09
| #13 | |
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungZitat:
Code:
ATTFilter 23:47:03.0703 3108 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
23:47:04.0046 3108 ============================================================
23:47:04.0046 3108 Current date / time: 2012/07/01 23:47:04.0046
23:47:04.0046 3108 SystemInfo:
23:47:04.0046 3108
23:47:04.0046 3108 OS Version: 5.1.2600 ServicePack: 3.0
23:47:04.0046 3108 Product type: Workstation
23:47:04.0046 3108 ComputerName: xxx-30983A
23:47:04.0046 3108 UserName: xxx
23:47:04.0046 3108 Windows directory: C:\WINDOWS
23:47:04.0046 3108 System windows directory: C:\WINDOWS
23:47:04.0046 3108 Processor architecture: Intel x86
23:47:04.0046 3108 Number of processors: 2
23:47:04.0046 3108 Page size: 0x1000
23:47:04.0046 3108 Boot type: Normal boot
23:47:04.0046 3108 ============================================================
23:47:04.0906 3108 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:47:04.0906 3108 Drive \Device\Harddisk1\DR3 - Size: 0xAEA8A00000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x16440, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:47:04.0921 3108 Drive \Device\Harddisk2\DR4 - Size: 0x1DC400000 (7.44 Gb), SectorSize: 0x200, Cylinders: 0x3CB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:47:04.0921 3108 ============================================================
23:47:04.0921 3108 \Device\Harddisk0\DR0:
23:47:04.0921 3108 MBR partitions:
23:47:04.0921 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x84CCE9D
23:47:04.0921 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x84CCEDC, BlocksNum 0x10415E5
23:47:04.0921 3108 \Device\Harddisk1\DR3:
23:47:04.0921 3108 MBR partitions:
23:47:04.0921 3108 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57544800
23:47:04.0921 3108 \Device\Harddisk2\DR4:
23:47:04.0921 3108 MBR partitions:
23:47:04.0921 3108 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEE0000
23:47:04.0921 3108 ============================================================
23:47:04.0937 3108 C: <-> \Device\Harddisk0\DR0\Partition0
23:47:04.0968 3108 D: <-> \Device\Harddisk0\DR0\Partition1
23:47:05.0312 3108 F: <-> \Device\Harddisk1\DR3\Partition0
23:47:05.0312 3108 ============================================================
23:47:05.0312 3108 Initialize success
23:47:05.0312 3108 ============================================================
23:47:47.0640 2732 ============================================================
23:47:47.0640 2732 Scan started
23:47:47.0640 2732 Mode: Manual; SigCheck; TDLFS;
23:47:47.0640 2732 ============================================================
23:47:47.0937 2732 Abiosdsk - ok
23:47:47.0937 2732 abp480n5 - ok
23:47:48.0015 2732 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:47:49.0828 2732 ACPI - ok
23:47:49.0843 2732 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:47:50.0109 2732 ACPIEC - ok
23:47:50.0109 2732 adpu160m - ok
23:47:50.0203 2732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:47:50.0468 2732 aec - ok
23:47:50.0609 2732 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:47:50.0687 2732 AFD - ok
23:47:50.0703 2732 Aha154x - ok
23:47:50.0703 2732 aic78u2 - ok
23:47:50.0718 2732 aic78xx - ok
23:47:50.0750 2732 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:47:50.0984 2732 Alerter - ok
23:47:51.0015 2732 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:47:51.0125 2732 ALG - ok
23:47:51.0140 2732 AliIde - ok
23:47:51.0140 2732 amsint - ok
23:47:51.0156 2732 AppMgmt - ok
23:47:51.0171 2732 asc - ok
23:47:51.0171 2732 asc3350p - ok
23:47:51.0187 2732 asc3550 - ok
23:47:51.0281 2732 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:47:51.0343 2732 aspnet_state - ok
23:47:51.0359 2732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:47:51.0578 2732 AsyncMac - ok
23:47:51.0625 2732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
23:47:51.0859 2732 atapi - ok
23:47:51.0859 2732 Atdisk - ok
23:47:51.0875 2732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:47:52.0093 2732 Atmarpc - ok
23:47:52.0109 2732 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:47:52.0343 2732 AudioSrv - ok
23:47:52.0390 2732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:47:52.0593 2732 audstub - ok
23:47:52.0734 2732 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
23:48:07.0968 2732 AVP - ok
23:48:08.0031 2732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:48:08.0250 2732 Beep - ok
23:48:08.0312 2732 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:48:08.0593 2732 BITS - ok
23:48:08.0625 2732 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:48:08.0859 2732 Browser - ok
23:48:08.0890 2732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:48:09.0140 2732 cbidf2k - ok
23:48:09.0171 2732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:48:09.0390 2732 CCDECODE - ok
23:48:09.0406 2732 cd20xrnt - ok
23:48:09.0531 2732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:48:09.0750 2732 Cdaudio - ok
23:48:09.0796 2732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:48:10.0015 2732 Cdfs - ok
23:48:10.0078 2732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:48:10.0328 2732 Cdrom - ok
23:48:10.0328 2732 Changer - ok
23:48:10.0359 2732 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:48:10.0593 2732 CiSvc - ok
23:48:10.0609 2732 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:48:10.0843 2732 ClipSrv - ok
23:48:10.0921 2732 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:48:11.0031 2732 clr_optimization_v2.0.50727_32 - ok
23:48:11.0062 2732 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:48:11.0296 2732 CmBatt - ok
23:48:11.0296 2732 CmdIde - ok
23:48:11.0312 2732 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:48:11.0562 2732 Compbatt - ok
23:48:11.0562 2732 COMSysApp - ok
23:48:11.0593 2732 Cpqarray - ok
23:48:11.0640 2732 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:48:11.0859 2732 CryptSvc - ok
23:48:11.0875 2732 dac2w2k - ok
23:48:11.0875 2732 dac960nt - ok
23:48:11.0937 2732 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:48:12.0093 2732 DcomLaunch - ok
23:48:12.0125 2732 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:48:12.0375 2732 Dhcp - ok
23:48:12.0390 2732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:48:12.0609 2732 Disk - ok
23:48:12.0625 2732 dmadmin - ok
23:48:12.0734 2732 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:48:13.0031 2732 dmboot - ok
23:48:13.0078 2732 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:48:13.0312 2732 dmio - ok
23:48:13.0343 2732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:48:13.0578 2732 dmload - ok
23:48:13.0609 2732 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:48:13.0828 2732 dmserver - ok
23:48:13.0859 2732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:48:14.0093 2732 DMusic - ok
23:48:14.0109 2732 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:48:14.0203 2732 Dnscache - ok
23:48:14.0250 2732 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:48:14.0515 2732 Dot3svc - ok
23:48:14.0531 2732 dpti2o - ok
23:48:14.0562 2732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:48:14.0781 2732 drmkaud - ok
23:48:14.0796 2732 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:48:15.0031 2732 EapHost - ok
23:48:15.0062 2732 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:48:15.0296 2732 ERSvc - ok
23:48:15.0343 2732 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:48:15.0421 2732 Eventlog - ok
23:48:15.0484 2732 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:48:15.0562 2732 EventSystem - ok
23:48:15.0609 2732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:48:15.0843 2732 Fastfat - ok
23:48:15.0906 2732 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:48:16.0000 2732 FastUserSwitchingCompatibility - ok
23:48:16.0078 2732 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
23:48:16.0312 2732 Fax - ok
23:48:16.0359 2732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:48:16.0578 2732 Fdc - ok
23:48:16.0593 2732 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:48:16.0812 2732 Fips - ok
23:48:16.0828 2732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:48:17.0031 2732 Flpydisk - ok
23:48:17.0078 2732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:48:17.0312 2732 FltMgr - ok
23:48:17.0421 2732 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:48:17.0453 2732 FontCache3.0.0.0 - ok
23:48:17.0484 2732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:48:17.0703 2732 Fs_Rec - ok
23:48:17.0812 2732 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:48:18.0031 2732 Ftdisk - ok
23:48:18.0046 2732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:48:18.0281 2732 Gpc - ok
23:48:18.0343 2732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:48:18.0562 2732 HDAudBus - ok
23:48:18.0625 2732 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:48:18.0843 2732 helpsvc - ok
23:48:18.0890 2732 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
23:48:19.0109 2732 HidServ - ok
23:48:19.0171 2732 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:48:19.0375 2732 HidUsb - ok
23:48:19.0406 2732 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:48:19.0625 2732 hkmsvc - ok
23:48:19.0625 2732 hpn - ok
23:48:19.0671 2732 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:48:19.0812 2732 HPZid412 - ok
23:48:19.0843 2732 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:48:19.0906 2732 HPZipr12 - ok
23:48:19.0937 2732 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:48:20.0031 2732 HPZius12 - ok
23:48:20.0093 2732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:48:20.0171 2732 HTTP - ok
23:48:20.0234 2732 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:48:20.0468 2732 HTTPFilter - ok
23:48:20.0515 2732 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:48:20.0609 2732 hwdatacard - ok
23:48:20.0625 2732 i2omgmt - ok
23:48:20.0625 2732 i2omp - ok
23:48:20.0671 2732 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:48:20.0906 2732 i8042prt - ok
23:48:21.0531 2732 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:48:22.0031 2732 ialm - ok
23:48:22.0234 2732 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:48:22.0281 2732 iaStor - ok
23:48:22.0453 2732 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:48:22.0562 2732 idsvc - ok
23:48:22.0609 2732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:48:22.0843 2732 Imapi - ok
23:48:22.0921 2732 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:48:23.0187 2732 ImapiService - ok
23:48:23.0187 2732 ini910u - ok
23:48:23.0687 2732 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:48:24.0171 2732 IntcAzAudAddService - ok
23:48:24.0312 2732 IntelIde - ok
23:48:24.0343 2732 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:48:24.0593 2732 intelppm - ok
23:48:24.0687 2732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:48:24.0937 2732 Ip6Fw - ok
23:48:25.0015 2732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:48:25.0234 2732 IpFilterDriver - ok
23:48:25.0250 2732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:48:25.0500 2732 IpInIp - ok
23:48:25.0515 2732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:48:25.0750 2732 IpNat - ok
23:48:25.0781 2732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:48:26.0031 2732 IPSec - ok
23:48:26.0062 2732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:48:26.0171 2732 IRENUM - ok
23:48:26.0218 2732 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:48:26.0437 2732 isapnp - ok
23:48:26.0484 2732 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:48:26.0703 2732 Kbdclass - ok
23:48:26.0734 2732 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:48:26.0968 2732 kbdhid - ok
23:48:27.0015 2732 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
23:48:27.0046 2732 KL1 - ok
23:48:27.0062 2732 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
23:48:27.0093 2732 kl2 - ok
23:48:27.0171 2732 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
23:48:27.0250 2732 KLIF - ok
23:48:27.0296 2732 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
23:48:27.0328 2732 klim5 - ok
23:48:27.0343 2732 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
23:48:27.0375 2732 klmouflt - ok
23:48:27.0437 2732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:48:27.0671 2732 kmixer - ok
23:48:27.0703 2732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:48:27.0781 2732 KSecDD - ok
23:48:27.0828 2732 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:48:27.0937 2732 LanmanServer - ok
23:48:28.0015 2732 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:48:28.0109 2732 lanmanworkstation - ok
23:48:28.0109 2732 lbrtfdc - ok
23:48:28.0187 2732 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:48:28.0437 2732 LmHosts - ok
23:48:28.0468 2732 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
23:48:28.0531 2732 massfilter - ok
23:48:28.0546 2732 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:48:28.0781 2732 Messenger - ok
23:48:28.0875 2732 Micro Star SCM (fef6d2d708cceea9fe7a335a745f8f5c) C:\Programme\System Control Manager\MSIService.exe
23:48:28.0906 2732 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
23:48:28.0906 2732 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
23:48:28.0937 2732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:48:29.0171 2732 mnmdd - ok
23:48:29.0218 2732 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:48:29.0437 2732 mnmsrvc - ok
23:48:29.0484 2732 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:48:29.0718 2732 Modem - ok
23:48:29.0750 2732 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:48:29.0953 2732 Mouclass - ok
23:48:30.0000 2732 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:48:30.0218 2732 mouhid - ok
23:48:30.0234 2732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:48:30.0468 2732 MountMgr - ok
23:48:30.0515 2732 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:48:30.0562 2732 MozillaMaintenance - ok
23:48:30.0562 2732 mraid35x - ok
23:48:30.0593 2732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:48:30.0812 2732 MRxDAV - ok
23:48:30.0906 2732 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:48:31.0046 2732 MRxSmb - ok
23:48:31.0078 2732 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:48:31.0296 2732 MSDTC - ok
23:48:31.0312 2732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:48:31.0531 2732 Msfs - ok
23:48:31.0546 2732 MSIServer - ok
23:48:31.0578 2732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:48:31.0796 2732 MSKSSRV - ok
23:48:31.0812 2732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:48:32.0031 2732 MSPCLOCK - ok
23:48:32.0062 2732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:48:32.0281 2732 MSPQM - ok
23:48:32.0328 2732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:48:32.0546 2732 mssmbios - ok
23:48:32.0546 2732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:48:32.0781 2732 MSTEE - ok
23:48:32.0812 2732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:48:32.0875 2732 Mup - ok
23:48:32.0921 2732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:48:33.0125 2732 NABTSFEC - ok
23:48:33.0187 2732 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:48:33.0437 2732 napagent - ok
23:48:33.0484 2732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:48:33.0718 2732 NDIS - ok
23:48:33.0781 2732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:48:34.0000 2732 NdisIP - ok
23:48:34.0062 2732 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:48:34.0140 2732 NdisTapi - ok
23:48:34.0203 2732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:48:34.0406 2732 Ndisuio - ok
23:48:34.0453 2732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:48:34.0687 2732 NdisWan - ok
23:48:34.0734 2732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:48:34.0812 2732 NDProxy - ok
23:48:34.0843 2732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:48:35.0078 2732 NetBIOS - ok
23:48:35.0109 2732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:48:35.0328 2732 NetBT - ok
23:48:35.0359 2732 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:48:35.0593 2732 NetDDE - ok
23:48:35.0593 2732 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:48:35.0828 2732 NetDDEdsdm - ok
23:48:35.0843 2732 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:48:36.0093 2732 Netlogon - ok
23:48:36.0156 2732 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:48:36.0390 2732 Netman - ok
23:48:36.0531 2732 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:48:36.0562 2732 NetTcpPortSharing - ok
23:48:36.0640 2732 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:48:36.0703 2732 Nla - ok
23:48:36.0718 2732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:48:36.0937 2732 Npfs - ok
23:48:37.0015 2732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:48:37.0281 2732 Ntfs - ok
23:48:37.0281 2732 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:48:37.0515 2732 NtLmSsp - ok
23:48:37.0609 2732 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:48:37.0843 2732 NtmsSvc - ok
23:48:37.0890 2732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:48:38.0109 2732 Null - ok
23:48:38.0156 2732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:48:38.0375 2732 NwlnkFlt - ok
23:48:38.0375 2732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:48:38.0609 2732 NwlnkFwd - ok
23:48:38.0828 2732 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:48:38.0890 2732 odserv - ok
23:48:38.0953 2732 OpenVPNService (cec6fd00b96e05ec0f3a0a99f138182c) C:\Programme\OpenVPN\bin\openvpnserv.exe
23:48:38.0984 2732 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
23:48:38.0984 2732 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
23:48:39.0031 2732 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:48:39.0078 2732 ose - ok
23:48:39.0109 2732 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
23:48:39.0328 2732 Parport - ok
23:48:39.0359 2732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:48:39.0609 2732 PartMgr - ok
23:48:39.0703 2732 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:48:39.0921 2732 ParVdm - ok
23:48:39.0953 2732 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:48:40.0203 2732 PCI - ok
23:48:40.0203 2732 PCIDump - ok
23:48:40.0218 2732 PCIIde - ok
23:48:40.0265 2732 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:48:40.0500 2732 Pcmcia - ok
23:48:40.0500 2732 PDCOMP - ok
23:48:40.0515 2732 PDFRAME - ok
23:48:40.0515 2732 PDRELI - ok
23:48:40.0531 2732 PDRFRAME - ok
23:48:40.0546 2732 perc2 - ok
23:48:40.0546 2732 perc2hib - ok
23:48:40.0656 2732 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:48:40.0703 2732 PlugPlay - ok
23:48:40.0734 2732 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:48:40.0953 2732 PolicyAgent - ok
23:48:40.0968 2732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:48:41.0187 2732 PptpMiniport - ok
23:48:41.0203 2732 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:48:41.0421 2732 ProtectedStorage - ok
23:48:41.0531 2732 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\WINDOWS\system32\PSIService.exe
23:48:41.0562 2732 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
23:48:41.0562 2732 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
23:48:41.0578 2732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:48:41.0796 2732 PSched - ok
23:48:41.0828 2732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:48:42.0046 2732 Ptilink - ok
23:48:42.0046 2732 ql1080 - ok
23:48:42.0062 2732 Ql10wnt - ok
23:48:42.0062 2732 ql12160 - ok
23:48:42.0078 2732 ql1240 - ok
23:48:42.0093 2732 ql1280 - ok
23:48:42.0109 2732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:48:42.0359 2732 RasAcd - ok
23:48:42.0390 2732 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:48:42.0593 2732 RasAuto - ok
23:48:42.0625 2732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:48:42.0859 2732 Rasl2tp - ok
23:48:42.0921 2732 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:48:43.0171 2732 RasMan - ok
23:48:43.0187 2732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:48:43.0406 2732 RasPppoe - ok
23:48:43.0421 2732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:48:43.0640 2732 Raspti - ok
23:48:43.0687 2732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:48:43.0921 2732 Rdbss - ok
23:48:43.0953 2732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:48:44.0156 2732 RDPCDD - ok
23:48:44.0218 2732 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:48:44.0281 2732 RDPWD - ok
23:48:44.0343 2732 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:48:44.0578 2732 RDSessMgr - ok
23:48:44.0609 2732 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:48:44.0828 2732 redbook - ok
23:48:44.0859 2732 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:48:45.0078 2732 RemoteAccess - ok
23:48:45.0171 2732 RichVideo (2af094b1ce4725e4551f38fda2348637) C:\Programme\Cyberlink\Shared files\RichVideo.exe
23:48:45.0203 2732 RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:48:45.0203 2732 RichVideo - detected UnsignedFile.Multi.Generic (1)
23:48:45.0250 2732 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:48:45.0453 2732 ROOTMODEM - ok
23:48:45.0500 2732 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:48:45.0718 2732 RpcLocator - ok
23:48:45.0796 2732 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:48:45.0875 2732 RpcSs - ok
23:48:45.0937 2732 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys
23:48:46.0000 2732 RSUSBSTOR - ok
23:48:46.0031 2732 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:48:46.0281 2732 RSVP - ok
23:48:46.0359 2732 RT80x86 (aebf31765a926746dd7946fa14c52297) C:\WINDOWS\system32\DRIVERS\RT2860.sys
23:48:46.0453 2732 RT80x86 - ok
23:48:46.0500 2732 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:48:46.0578 2732 RTLE8023xp - ok
23:48:46.0609 2732 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
23:48:46.0640 2732 s0016bus - ok
23:48:46.0687 2732 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
23:48:46.0718 2732 s0016mdfl - ok
23:48:46.0750 2732 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
23:48:46.0781 2732 s0016mdm - ok
23:48:46.0812 2732 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
23:48:46.0843 2732 s0016mgmt - ok
23:48:46.0859 2732 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
23:48:46.0890 2732 s0016nd5 - ok
23:48:46.0906 2732 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
23:48:46.0937 2732 s0016obex - ok
23:48:46.0968 2732 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
23:48:47.0000 2732 s0016unic - ok
23:48:47.0046 2732 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
23:48:47.0078 2732 s125bus - ok
23:48:47.0125 2732 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
23:48:47.0156 2732 s125mdfl - ok
23:48:47.0203 2732 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
23:48:47.0234 2732 s125mdm - ok
23:48:47.0312 2732 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
23:48:47.0328 2732 s125mgmt - ok
23:48:47.0390 2732 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
23:48:47.0421 2732 s125obex - ok
23:48:47.0468 2732 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:48:47.0703 2732 SamSs - ok
23:48:47.0750 2732 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:48:47.0984 2732 SCardSvr - ok
23:48:48.0046 2732 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:48:48.0265 2732 Schedule - ok
23:48:48.0296 2732 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
23:48:48.0328 2732 SE27bus ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0328 2732 SE27bus - detected UnsignedFile.Multi.Generic (1)
23:48:48.0359 2732 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
23:48:48.0375 2732 SE27mdfl ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0375 2732 SE27mdfl - detected UnsignedFile.Multi.Generic (1)
23:48:48.0406 2732 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
23:48:48.0437 2732 SE27mdm ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0437 2732 SE27mdm - detected UnsignedFile.Multi.Generic (1)
23:48:48.0468 2732 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
23:48:48.0484 2732 SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0484 2732 SE27mgmt - detected UnsignedFile.Multi.Generic (1)
23:48:48.0515 2732 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
23:48:48.0546 2732 se27nd5 ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0546 2732 se27nd5 - detected UnsignedFile.Multi.Generic (1)
23:48:48.0578 2732 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
23:48:48.0593 2732 SE27obex ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0593 2732 SE27obex - detected UnsignedFile.Multi.Generic (1)
23:48:48.0625 2732 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
23:48:48.0640 2732 se27unic ( UnsignedFile.Multi.Generic ) - warning
23:48:48.0640 2732 se27unic - detected UnsignedFile.Multi.Generic (1)
23:48:48.0656 2732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:48:48.0765 2732 Secdrv - ok
23:48:48.0812 2732 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:48:49.0031 2732 seclogon - ok
23:48:49.0062 2732 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:48:49.0281 2732 SENS - ok
23:48:49.0296 2732 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:48:49.0515 2732 Serenum - ok
23:48:49.0546 2732 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:48:49.0750 2732 Serial - ok
23:48:49.0781 2732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:48:50.0000 2732 Sfloppy - ok
23:48:50.0046 2732 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:48:50.0312 2732 SharedAccess - ok
23:48:50.0390 2732 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:48:50.0421 2732 ShellHWDetection - ok
23:48:50.0421 2732 Simbad - ok
23:48:50.0531 2732 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
23:48:50.0562 2732 SkypeUpdate - ok
23:48:50.0609 2732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:48:50.0828 2732 SLIP - ok
23:48:50.0875 2732 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:48:51.0093 2732 SONYPVU1 - ok
23:48:51.0109 2732 Sparrow - ok
23:48:51.0171 2732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:48:51.0390 2732 splitter - ok
23:48:51.0437 2732 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:48:51.0500 2732 Spooler - ok
23:48:51.0546 2732 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:48:51.0671 2732 sr - ok
23:48:51.0703 2732 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:48:51.0812 2732 srservice - ok
23:48:51.0859 2732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:48:51.0953 2732 Srv - ok
23:48:52.0000 2732 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:48:52.0125 2732 SSDPSRV - ok
23:48:52.0171 2732 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:48:52.0187 2732 ssmdrv - ok
23:48:52.0265 2732 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:48:52.0531 2732 stisvc - ok
23:48:52.0562 2732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:48:52.0781 2732 streamip - ok
23:48:52.0828 2732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:48:53.0046 2732 swenum - ok
23:48:53.0093 2732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:48:53.0312 2732 swmidi - ok
23:48:53.0328 2732 SwPrv - ok
23:48:53.0343 2732 symc810 - ok
23:48:53.0343 2732 symc8xx - ok
23:48:53.0359 2732 sym_hi - ok
23:48:53.0375 2732 sym_u3 - ok
23:48:53.0515 2732 SynTP (a9ad7fad373975d4dbeabb0ead240bb1) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:48:53.0609 2732 SynTP - ok
23:48:53.0640 2732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:48:53.0859 2732 sysaudio - ok
23:48:53.0890 2732 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:48:54.0109 2732 SysmonLog - ok
23:48:54.0171 2732 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\WINDOWS\system32\DRIVERS\tap0801.sys
23:48:54.0187 2732 tap0801 ( UnsignedFile.Multi.Generic ) - warning
23:48:54.0187 2732 tap0801 - detected UnsignedFile.Multi.Generic (1)
23:48:54.0234 2732 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:48:54.0468 2732 TapiSrv - ok
23:48:54.0546 2732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:48:54.0625 2732 Tcpip - ok
23:48:54.0656 2732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:48:54.0859 2732 TDPIPE - ok
23:48:54.0875 2732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:48:55.0078 2732 TDTCP - ok
23:48:55.0109 2732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:48:55.0328 2732 TermDD - ok
23:48:55.0375 2732 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:48:55.0593 2732 TermService - ok
23:48:55.0656 2732 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:48:55.0687 2732 Themes - ok
23:48:55.0687 2732 TosIde - ok
23:48:55.0734 2732 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:48:55.0953 2732 TrkWks - ok
23:48:56.0000 2732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:48:56.0203 2732 Udfs - ok
23:48:56.0343 2732 UI Assistant Service (13bff97e926bf8d9c1230cecc371a0c0) C:\Programme\1&1 Surf-Stick\AssistantServices.exe
23:48:56.0390 2732 UI Assistant Service - ok
23:48:56.0390 2732 ultra - ok
23:48:56.0468 2732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:48:56.0734 2732 Update - ok
23:48:56.0765 2732 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:48:56.0906 2732 upnphost - ok
23:48:56.0937 2732 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:48:57.0156 2732 UPS - ok
23:48:57.0203 2732 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:48:57.0421 2732 usbaudio - ok
23:48:57.0531 2732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:48:57.0765 2732 usbccgp - ok
23:48:57.0796 2732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:48:58.0015 2732 usbehci - ok
23:48:58.0062 2732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:48:58.0281 2732 usbhub - ok
23:48:58.0328 2732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:48:58.0546 2732 usbprint - ok
23:48:58.0578 2732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:48:58.0796 2732 usbscan - ok
23:48:58.0812 2732 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:48:59.0031 2732 usbstor - ok
23:48:59.0078 2732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:48:59.0296 2732 usbuhci - ok
23:48:59.0343 2732 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:48:59.0546 2732 usbvideo - ok
23:48:59.0609 2732 usnjsvc (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Programme\MSN Messenger\usnsvc.exe
23:48:59.0640 2732 usnjsvc - ok
23:48:59.0671 2732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:48:59.0890 2732 VgaSave - ok
23:48:59.0890 2732 ViaIde - ok
23:48:59.0921 2732 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:49:00.0140 2732 VolSnap - ok
23:49:00.0203 2732 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:49:00.0328 2732 VSS - ok
23:49:00.0375 2732 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:49:00.0609 2732 W32Time - ok
23:49:00.0640 2732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:49:00.0875 2732 Wanarp - ok
23:49:00.0875 2732 WDICA - ok
23:49:00.0921 2732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:49:01.0140 2732 wdmaud - ok
23:49:01.0187 2732 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:49:01.0406 2732 WebClient - ok
23:49:01.0484 2732 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:49:01.0703 2732 winmgmt - ok
23:49:01.0828 2732 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:49:01.0921 2732 WmdmPmSN - ok
23:49:01.0953 2732 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:49:02.0156 2732 WmiAcpi - ok
23:49:02.0203 2732 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:49:02.0421 2732 WmiApSrv - ok
23:49:02.0562 2732 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:49:02.0687 2732 WMPNetworkSvc - ok
23:49:02.0703 2732 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:49:02.0734 2732 WpdUsb - ok
23:49:02.0796 2732 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:49:03.0031 2732 wscsvc - ok
23:49:03.0078 2732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:49:03.0281 2732 WSTCODEC - ok
23:49:03.0390 2732 WTGService (534c2d3d81b066fa24a075c224045654) C:\Programme\Verbindungsassistent\wtgservice.exe
23:49:03.0437 2732 WTGService - ok
23:49:03.0484 2732 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:49:03.0718 2732 wuauserv - ok
23:49:03.0750 2732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:49:03.0828 2732 WudfPf - ok
23:49:03.0859 2732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:49:03.0906 2732 WudfRd - ok
23:49:03.0921 2732 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:49:03.0953 2732 WudfSvc - ok
23:49:04.0046 2732 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:49:04.0281 2732 WZCSVC - ok
23:49:04.0328 2732 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:49:04.0562 2732 xmlprov - ok
23:49:04.0609 2732 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
23:49:04.0703 2732 ZTEusbmdm6k - ok
23:49:04.0734 2732 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
23:49:04.0765 2732 ZTEusbnmea - ok
23:49:04.0796 2732 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
23:49:04.0828 2732 ZTEusbser6k - ok
23:49:04.0890 2732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:49:05.0734 2732 \Device\Harddisk0\DR0 - ok
23:49:05.0750 2732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
23:49:06.0203 2732 \Device\Harddisk1\DR3 - ok
23:49:06.0218 2732 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
23:49:06.0468 2732 \Device\Harddisk2\DR4 - ok
23:49:06.0468 2732 Boot (0x1200) (5312b5e8858e57d02ca36b64a60d6aa1) \Device\Harddisk0\DR0\Partition0
23:49:06.0468 2732 \Device\Harddisk0\DR0\Partition0 - ok
23:49:06.0515 2732 Boot (0x1200) (4b052bd065cd28e04c42313985552918) \Device\Harddisk0\DR0\Partition1
23:49:06.0515 2732 \Device\Harddisk0\DR0\Partition1 - ok
23:49:06.0531 2732 Boot (0x1200) (091124a2d8e12c45a0c2e0cfe9d4c240) \Device\Harddisk1\DR3\Partition0
23:49:06.0531 2732 \Device\Harddisk1\DR3\Partition0 - ok
23:49:06.0531 2732 Boot (0x1200) (21f9406001e52863e20f5d8ddbf76029) \Device\Harddisk2\DR4\Partition0
23:49:06.0531 2732 \Device\Harddisk2\DR4\Partition0 - ok
23:49:06.0546 2732 ============================================================
23:49:06.0546 2732 Scan finished
23:49:06.0546 2732 ============================================================
23:49:06.0703 0468 Detected object count: 12
23:49:06.0703 0468 Actual detected object count: 12
23:51:13.0031 0468 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0031 0468 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0031 0468 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0031 0468 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0031 0468 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0031 0468 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0046 0468 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0046 0468 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0046 0468 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0046 0468 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0046 0468 SE27mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0046 0468 SE27mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0046 0468 SE27mdm ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0046 0468 SE27mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0046 0468 SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0046 0468 SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0062 0468 se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0062 0468 se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0062 0468 SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0062 0468 SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0062 0468 se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0062 0468 se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:13.0062 0468 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:13.0062 0468 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke - guteN8! Geändert von Tinevni (01.07.2012 um 23:15 Uhr) |
|
02.07.2012, 13:07
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 20:17
| #15 | |
| | HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungZitat:
- diesmal habe ich ohne mobile Festplatte und USB-Stick (F + G) gescannt. - Der Rechner war (nach Installation der Wiederherstellungskonsole und dem Scan) ausgeschaltet - ich hatte den Hinweisen nach verstanden, dass nun alles beendet ist und hätte auch keine Wahl mehr gehabt: beim Neustart (manuell) gingen Kaspersky, Skype und Antrovista im Autostart auf. ComboFix erschien nun erst wieder und meldete, dass keine Programme gestartet werden sollen und ich hab sie so schnell wie möglich geschlossen. Später erst kam der log.txt Ich weiß nicht, wie ich Kaspersky und Skype beenden soll, ohne dass sie beim Neustart wieder hochfahren (bei Kaspersky ist es mir noch am deutlichsten) und hatte nicht damit gerechnet. hoffentlich kein Schaden dadurch? Hier der log.txt [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - xxx 02.07.2012 20:09:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1013.646 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
.
.
2012-06-26 18:20 . 2012-06-26 18:20 -------- d-----w- c:\programme\ESET
2012-06-26 16:14 . 2012-06-26 16:14 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-06-26 16:14 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 00:06 . 2012-06-22 00:06 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-06-22 00:06 . 2012-06-22 00:06 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-06-22 00:03 . 2012-06-22 00:03 -------- d-----w- c:\programme\Kaspersky Lab
2012-06-22 00:03 . 2012-07-02 18:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-06-21 11:30 . 2012-06-21 11:30 -------- d-----w- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET
2012-06-21 11:30 . 2012-06-21 11:30 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\ESET
2012-06-21 11:28 . 2012-06-21 11:28 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET
2012-06-21 01:16 . 2012-06-21 01:16 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2012-06-21 01:15 . 2012-06-21 01:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-18 22:39 . 2012-06-21 10:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-06-18 17:56 . 2012-06-18 17:56 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-18 17:56 . 2012-06-18 17:56 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-18 17:26 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2008-05-24 10:38 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-05-24 10:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-05-24 09:20 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-05-24 09:20 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-05-24 09:20 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-05-24 10:38 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-05-24 10:38 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-05-24 09:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-05-24 09:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-05-24 10:38 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-05-24 09:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-05-24 09:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-08-11 08:35 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-08-11 08:35 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-08-11 08:35 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2008-04-14 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 07:30 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 16:03 . 2012-05-02 16:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2008-05-24 09:18 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-18 17:56 . 2012-02-19 00:10 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 1028096]
"UCam_Menu"="c:\programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"openvpn-gui"="c:\programme\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"UIExec"="c:\programme\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\xxx\Startmenü\Programme\Autostart\
Antroposofischer Seelenkalender.lnk - c:\programme\AntroVista\Seelenkalender\start.hta [2009-6-24 12180]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 -c--a-w- c:\programme\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-06-10 13:38 782336 -c--a-w- c:\programme\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 -c--a-w- c:\programme\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Micro Star SCM"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R2 UI Assistant Service;UI Assistant Service;c:\programme\1&1 Surf-Stick\AssistantServices.exe [23.01.2011 22:51 253264]
R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [04.08.2009 12:58 329168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [10.06.2008 12:32 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [24.05.2008 12:19 572416]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01.10.2006 14:37 26624]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 08:50 158856]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [23.01.2011 22:51 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [29.04.2012 19:32 113120]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.04.2009 16:19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.04.2009 16:19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.04.2009 16:19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.04.2009 16:19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.04.2009 16:19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.04.2009 16:19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.04.2009 16:19 115752]
S4 Micro Star SCM;Micro Star SCM;c:\programme\System Control Manager\MSIService.exe [10.06.2008 12:34 159744]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job
- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-04-29 17:34]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job
- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-04-29 17:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-BullGuard - c:\programme\BullGuard Software\BullGuard\bullguard.exe
MSConfigStartUp-Google Desktop Search - c:\programme\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-QuickFinder Scheduler - c:\programme\WordPerfect Office X3\Programs\QFSCHD130.EXE
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\programme\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-02 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(652)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\PSIService.exe
c:\programme\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02 20:32:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-02 18:32
.
Vor Suchlauf: 11 Verzeichnis(se), 33.130.917.888 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.139.744.768 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 79E567B680CDDCBFAEBDD168BBB10762
DANKE! |
|
| Themen zu HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung |
| alternate, avira, avira searchfree toolbar, bho, desktop, einstellungen, error, eset smart security, exe, explorer, firefox, firefox 13.0.1, format, ftp, hijack, home, internet, kaspersky, logfile, mozilla, ntdll.dll, programme, realtek, registry, revo-uninstaller, searchscopes, security, software, suche, tastatur, udp, virus |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
