|
Plagegeister aller Art und deren Bekämpfung: Claro-Search (Virus) hat die Kontrolle übernommenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.10.2012, 11:36 | #1 |
| Claro-Search (Virus) hat die Kontrolle übernommen Claro-Search verhindert: - die Installation von Anti-Spyware wie z.b. Spy-Hunter - die Aktualisierung meiner Sicherheitssoftware - installiert sich in allen Browsern bisher von mir durchgeführte Maßnahmen: - Deinstallation der Software Claro-Search über Systemsteuerung - Deinstallation von Firefox und Google Crome - händische Bereinigung der Registrierung - Durchlauf einer Rettungs-Cd von f-secure (haben mir das Tools zur Verfügung gestellt - jedoch ohne Erfolg) - Installation vo Malwarebytes und Scan (Quick und vollständig) Ergebnis: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.30.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 XXX :: XXX [Administrator] Schutz: Aktiviert 30.10.2012 22:14:47 mbam-log-2012-10-30 (23-20-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 358634 Laufzeit: 1 Stunde(n), 1 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Daten: 4279f01f213d873e2c9fa900d1adbb5e -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wie soll ich nun weiter verfahren? Ich habe heute nochmals Firefox installiert und siehe da Claro-Seach war wieder da. |
02.11.2012, 17:31 | #2 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex netsvcs msconfig drivers32 safebootminimal safebootnetwork hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
03.11.2012, 20:18 | #3 | |||
| Claro-Search (Virus) hat die Kontrolle übernommen Hallo *Matthias*,
__________________Danke das Du Dich meines Problems annimmst. Ich habe alles gem. Deinen Anweisungen durchgeführt. War mit Schwierigkeiten verbunden da *aswMBR* immer wieder zum Abbruch führte. Erst der 8.Anlauf klappte. Bevor ich Dir die Log-Dateien poste möchte ich noch 3 Auffälligkeiten beschreiben die ich in den letzten Tagen festgestellt habe: 1. Die Datei *2.temp.exe* versuchte immer wieder mit dem Internet Verbindung aufzunehmen - habe sie einfach gelöscht dann war Ruhe 2. das gleiche versucht die Datei bprotect.exe - die habe ich beibehalten 3. Es taucht ab und zu eine Checkbox auf die da heißt: Zitat:
*Schritt 1* OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.11.2012 17:51:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\All Users\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,60% Memory free 3,85 Gb Paging File | 3,39 Gb Available in Paging File | 88,10% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 59,98 Gb Free Space | 68,24% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 3,26 Gb Free Space | 61,92% Space Free | Partition Type: FAT32 Computer Name: ICH | User Name: Büro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe PRC - [2012.11.01 00:53:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.27 10:52:32 | 001,011,408 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe PRC - [2012.09.27 10:52:32 | 000,593,616 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32.exe PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.05.08 12:23:43 | 000,221,864 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe PRC - [2011.05.08 12:23:40 | 000,189,096 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2011.05.08 12:23:40 | 000,078,504 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure Internet Security\Common\FSLAUNCHER0.EXE PRC - [2009.07.20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.07.11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2008.07.11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.25 20:05:34 | 000,311,296 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2004.02.23 01:05:00 | 001,515,599 | ---- | M] (The Firebird Project) -- C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe PRC - [2004.02.23 01:05:00 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe PRC - [2000.03.29 07:34:16 | 005,021,968 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\SQLSERVR.exe PRC - [2000.03.29 07:34:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll MOD - [2011.06.09 06:45:03 | 000,030,888 | ---- | M] () -- C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\hashlib_x86.dll MOD - [2011.05.08 12:24:09 | 000,238,248 | ---- | M] () -- \\?\c:\programme\f-secure internet security\hips\fsumi.dll MOD - [2011.05.08 12:24:01 | 000,201,384 | ---- | M] () -- C:\Programme\F-Secure Internet Security\Spam Control\fsas.dll MOD - [2009.07.20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.04.10 16:43:50 | 000,116,224 | R--- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2002.12.21 17:21:38 | 000,118,784 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [1998.11.13 04:22:18 | 000,020,480 | ---- | M] () -- C:\MSSQL7\Binn\sqlrgstr.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\AWD\AngWin\rk\idl\IPOSCalcRep.exe -- (IPOSCalcRep) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\DWRCS.exe -- (DWMRCS) SRV - File not found [Disabled | Stopped] -- C:\ARAG\DB\abacus\fp\HsqlService.exe -- (ARAGHSQL) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager) SRV - [2012.10.08 23:58:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.05.23 11:55:00 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011.05.08 12:23:51 | 000,529,064 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Programme\F-Secure Internet Security\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2011.05.08 12:23:43 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2011.05.08 12:23:40 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2008.07.11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005.12.28 12:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.02.23 01:05:00 | 001,515,599 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2004.02.23 01:05:00 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2000.03.29 07:34:16 | 005,021,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\SQLSERVR.exe -- (MSSQLServer) SRV - [2000.03.29 07:34:16 | 000,348,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.EXE -- (SQLServerAgent) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.27 10:53:33 | 000,144,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.08.15 14:59:14 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts) DRV - [2011.06.06 15:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.05.08 12:24:09 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2011.05.08 12:23:51 | 000,082,824 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW) DRV - [2010.02.16 16:55:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.07.11 06:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2008.04.25 16:14:23 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008.04.25 16:14:23 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007.11.12 10:41:53 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2007.11.12 10:41:53 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2007.11.12 10:41:48 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2007.02.15 18:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006.06.14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2006.04.06 00:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.03.24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.02.09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.01.20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006.01.11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2005.12.28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) DRV - [2005.11.22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.10.03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB) DRV - [2005.09.15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2005.04.06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.09.16 01:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2004.09.16 01:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.08.04 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 3A 70 30 E9 B5 CD 01 [binary data] IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Programme\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2012.10.08 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.03 14:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.24 17:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 20:19:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.29 20:19:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles/g6hi8gwt.default\extensions\specialsavings@superfish.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.03 12:11:54 | 000,000,000 | ---D | M] [2009.12.22 00:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Extensions [2009.12.22 00:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.31 10:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\extensions [2012.10.31 10:31:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 17:15:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.08.29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\mozilla firefox\plugins\npbittorrent.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 11:30:59 | 000,006,522 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 11:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dienst-Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208803862140 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game12.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325DC46A-FFA7-4F24-BAC3-799DC2C317A5}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.13 19:59:12 | 000,000,069 | ---- | M] () - C:\autoexec.001 -- [ NTFS ] O32 - AutoRun File - [2007.01.22 15:26:23 | 000,000,069 | ---- | M] () - C:\autoexec.002 -- [ NTFS ] O32 - AutoRun File - [2007.06.01 19:08:53 | 000,000,069 | ---- | M] () - C:\autoexec.003 -- [ NTFS ] O32 - AutoRun File - [2007.09.03 19:14:25 | 000,000,069 | ---- | M] () - C:\autoexec.004 -- [ NTFS ] O32 - AutoRun File - [2007.11.12 11:49:45 | 000,000,069 | ---- | M] () - C:\autoexec.005 -- [ NTFS ] O32 - AutoRun File - [2008.01.21 20:45:44 | 000,000,069 | ---- | M] () - C:\autoexec.006 -- [ NTFS ] O32 - AutoRun File - [2008.05.19 10:23:01 | 000,000,069 | ---- | M] () - C:\autoexec.007 -- [ NTFS ] O32 - AutoRun File - [2008.05.19 13:08:26 | 000,000,069 | ---- | M] () - C:\autoexec.008 -- [ NTFS ] O32 - AutoRun File - [2008.08.04 11:06:04 | 000,000,069 | ---- | M] () - C:\autoexec.009 -- [ NTFS ] O32 - AutoRun File - [2008.11.09 11:36:58 | 000,000,069 | ---- | M] () - C:\autoexec.010 -- [ NTFS ] O32 - AutoRun File - [2009.02.17 10:19:43 | 000,000,069 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.11.10 21:54:57 | 000,000,000 | ---- | M] () - C:\autoexec.r2 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: AutorunsDisabled - NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk - - File not found MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 00:57:07 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Büro\Desktop\tdsskiller.exe [2012.11.01 00:56:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Büro\Desktop\aswMBR.exe [2012.11.01 00:53:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\OTL.exe [2012.10.31 10:31:08 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.31 10:29:54 | 018,317,256 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\Firefox Setup 16.0_de.exe [2012.10.31 10:15:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.30 21:32:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Malwarebytes [2012.10.30 21:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.30 21:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.30 21:31:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.30 21:31:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.30 21:30:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\mbam-setup-1.65.1.1000.exe [2012.10.30 01:19:54 | 000,843,320 | ---- | C] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\is2013_dc_upgrade_forcer.exe [2012.10.29 23:48:39 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-installer.com [2012.10.29 23:04:09 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-Installer.exe [2012.10.29 23:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Opera [2012.10.29 23:01:45 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2012.10.29 20:19:41 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.29 17:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Horland Scan2Pdf [2012.10.29 17:07:42 | 000,000,000 | ---D | C] -- C:\Programme\Horland Scan2Pdf [2012.10.29 14:25:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Desktop\Alte Firefox-Daten [2012.10.28 11:28:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Scan2PDF [2012.10.28 11:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Babylon [2012.10.28 11:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.10.28 11:27:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService [2012.10.28 11:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager [2012.10.28 10:11:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\.swt [2012.10.25 20:59:30 | 000,000,000 | ---D | C] -- C:\Programme\KingsIsle Entertainment [2012.10.25 20:59:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\KingsIsle Entertainment [2012.10.24 17:15:12 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.21 14:01:10 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012.10.21 14:01:10 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012.10.21 14:01:10 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012.10.17 12:47:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\eSmoker [2012.10.15 12:22:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\IHK [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 17:55:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.11.03 17:13:57 | 000,060,500 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.11.03 17:13:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.03 17:12:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml [2012.11.03 17:12:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.03 15:58:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.03 15:11:08 | 000,016,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.03 14:01:23 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.03 01:29:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.01 10:28:13 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\defogger_reenable [2012.11.01 00:57:09 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Büro\Desktop\tdsskiller.exe [2012.11.01 00:56:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Büro\Desktop\aswMBR.exe [2012.11.01 00:56:41 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\Desktop\Defogger.exe [2012.11.01 00:53:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\OTL.exe [2012.10.31 10:29:57 | 018,317,256 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\Firefox Setup 16.0_de.exe [2012.10.30 21:31:19 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.30 21:30:37 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\mbam-setup-1.65.1.1000.exe [2012.10.30 01:19:54 | 000,843,320 | ---- | M] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\is2013_dc_upgrade_forcer.exe [2012.10.29 23:48:39 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-installer.com [2012.10.29 23:04:09 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-Installer.exe [2012.10.29 23:01:51 | 000,001,456 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.29 17:09:42 | 000,000,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Horland Scan2Pdf.lnk [2012.10.28 14:51:14 | 000,060,500 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012.10.25 20:59:30 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pirate101.lnk [2012.10.18 21:39:02 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.08 23:58:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.08 23:58:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 14:01:23 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.11.03 14:01:23 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.03 12:11:59 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job [2012.11.01 10:28:02 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\defogger_reenable [2012.11.01 00:56:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Desktop\Defogger.exe [2012.10.30 21:31:19 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.29 23:01:51 | 000,001,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk [2012.10.29 23:01:51 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.29 17:07:46 | 000,000,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Horland Scan2Pdf.lnk [2012.10.25 20:59:30 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pirate101.lnk [2012.05.02 13:01:48 | 000,002,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\.recently-used.xbel [2012.04.20 18:02:41 | 000,002,495 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.02.15 09:50:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.07 19:18:59 | 000,007,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Text.gif [2011.08.07 19:18:59 | 000,001,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\BWSmartClientAppRes.WinRisk_AboutBox.html [2011.06.18 13:51:13 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.12.09 12:27:34 | 000,000,252 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\default.pls [2010.12.09 12:27:11 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.11.17 22:03:10 | 000,001,511 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml [2010.06.14 12:12:54 | 000,000,035 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\.junitsession [2009.12.29 18:20:02 | 000,070,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Background.jpg [2009.12.29 18:20:02 | 000,009,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Logo.gif [2009.12.29 18:20:02 | 000,005,345 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\BWSmartClientAppRes.WinRisk_Login.html [2009.12.29 18:20:02 | 000,001,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\IR_LoginBtn.gif [2009.12.29 18:20:02 | 000,000,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Smile.gif [2009.12.29 18:20:02 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\bullet.gif [2009.05.06 14:05:08 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.13 20:17:04 | 000,086,016 | ---- | C] () -- C:\Programme\uninstgs.exe ========== ZeroAccess Check ========== [2006.11.11 14:05:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Programme\Opera\Opera.exe" /ShowIconsCommand [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Programme\Opera\Opera.exe" /HideIconsCommand [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Programme\Opera\Opera.exe" /ReInstallBrowser [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Programme\Opera\Opera.exe" [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: C:\Programme\Opera\Opera.exe [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.06 04:22:49 | 000,891,776 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.08.28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Programme\Opera\Opera.exe" /ShowIconsCommand [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Programme\Opera\Opera.exe" /HideIconsCommand [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Programme\Opera\Opera.exe" /ReInstallBrowser [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Programme\Opera\Opera.exe" [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: C:\Programme\Opera\Opera.exe [2012.10.29 23:01:46 | 000,874,896 | ---- | M] (Opera Software) < > ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4673E9EA @Alternate Data Stream - 131 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FDDD8917 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 17:51:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\All Users\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,60% Memory free 3,85 Gb Paging File | 3,39 Gb Available in Paging File | 88,10% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 59,98 Gb Free Space | 68,24% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 3,26 Gb Free Space | 61,92% Space Free | Partition Type: FAT32 Computer Name: ICH | User Name: Büro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "5010:TCP" = 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP" = 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP" = 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP" = 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP" = 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP" = 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP" = 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP" = 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP" = 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP" = 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP" = 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP" = 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP" = 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP" = 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP" = 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP" = 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP" = 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP" = 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP" = 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP" = 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP" = 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP" = 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP" = 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004 "5000:TCP" = 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP" = 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5010:TCP" = 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP" = 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP" = 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP" = 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP" = 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP" = 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP" = 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP" = 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP" = 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP" = 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP" = 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP" = 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP" = 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP" = 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP" = 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP" = 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP" = 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP" = 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP" = 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP" = 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP" = 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP" = 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP" = 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004 "5000:TCP" = 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP" = 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 "6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\java.exe" = C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\java.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:java "C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\tnameserv.exe" = C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\tnameserv.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:tnameserv "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\Msdtc.exe" = C:\WINDOWS\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC -- (Microsoft Corporation) "C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\java.exe" = C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\java.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:java "C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\tnameserv.exe" = C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\tnameserv.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:tnameserv "C:\AWD\AngWin\rk\skn\TISKernel.exe" = C:\AWD\AngWin\rk\skn\TISKernel.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:TISKernel "C:\WINDOWS\system32\dbeng8.exe" = C:\WINDOWS\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 -- (iAnywhere Solutions, Inc.) "C:\WINDOWS\system32\DWRCS.exe" = C:\WINDOWS\system32\DWRCS.exe:*:Enabled:DWRCS "C:\AWD\AV-Butler\VM\bin\javaw.exe" = C:\AWD\AV-Butler\VM\bin\javaw.exe:*:Enabled:javaw "C:\AWD\AV-Butler\VM\bin\java.exe" = C:\AWD\AV-Butler\VM\bin\java.exe:*:Enabled:java "C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine "C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Java\jre1.5.0_14\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_14\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\Msdtc.exe" = C:\WINDOWS\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC -- (Microsoft Corporation) "C:\WINDOWS\system32\dbeng8.exe" = C:\WINDOWS\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 -- (iAnywhere Solutions, Inc.) "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc) "C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.) "C:\Programme\JRE_160_e\bin\java.exe" = C:\Programme\JRE_160_e\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AWDVERTRIEB) "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1DE22109-B91A-4292-986B-DCB622FEA45F}" = RSA ACE/Agent "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{27FE29F5-FE09-4AF0-A61D-2797A76AF8B3}" = BIS 2.0 "{30701DC5-B400-4D3B-BC12-8FAB40D3D96F}" = "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A0D715-8509-45E9-A39E-691F19666FD7}" = OpticSlim M12 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C1DB370-E30E-11D4-A853-0050DAC651B9}" = DBV-Winterthur Angebotssoftware Win'As/tel'ass "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8320AEC-2E97-4C78-81EC-43CF6D248B01}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DB_Firebird 1.5.0.4306" = DB_Firebird 1.5.0.4306 "ElsterFormular 13.2.0.8623p" = ElsterFormular "FreePDF_XP" = FreePDF XP (Remove only) "F-Secure Product 444" = F-Secure Internet Security 2011 "Horlands Scan2Pdf_is1" = Horland's Scan2Pdf "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSDE" = MSDE "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Opera 12.02.1578" = Opera 12.02 "ProInst" = Intel(R) PROSet/Wireless Software "Redirection Port Monitor" = RedMon - Redirection Port Monitor "True DBGrid Pro 6.0" = APEX True DBGrid Pro 6.0 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Wizard101(DE)_is1" = Wizard101(DE) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.10.2012 06:28:23 | Computer Name = ICH | Source = Chrome | ID = 1 Description = Error - 28.10.2012 06:44:04 | Computer Name = ICH | Source = Chrome | ID = 1 Description = Error - 28.10.2012 06:44:31 | Computer Name = ICH | Source = Chrome | ID = 1 Description = Error - 28.10.2012 06:45:27 | Computer Name = ICH | Source = Chrome | ID = 1 Description = Error - 29.10.2012 04:59:13 | Computer Name = ICH | Source = F-Secure Management Agent | ID = 103 Description = 1 2012-10-29 09:59:10+02:00 ich ICH\Büro F-Secure Management Agent F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products. Error - 29.10.2012 05:19:28 | Computer Name = ICH | Source = FirebirdGuardianDefaultInstance | ID = 212 Description = Error - 01.11.2012 05:48:59 | Computer Name = ICH | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung aswmbr.exe, Version 0.9.9.1665, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689. Error - 03.11.2012 07:15:10 | Computer Name = ICH | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x02fab980. [ System Events ] Error - 30.10.2012 13:12:00 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 30.10.2012 16:12:09 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 31.10.2012 18:43:35 | Computer Name = ICH | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 31.19.103.29 über die Netzwerkkarte mit der Netzwerkadresse 0015C5AA71CE ist verloren gegangen. Error - 01.11.2012 05:15:57 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 01.11.2012 05:31:14 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 01.11.2012 18:08:08 | Computer Name = ICH | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 31.19.103.29 über die Netzwerkkarte mit der Netzwerkadresse 0015C5AA71CE ist verloren gegangen. Error - 02.11.2012 05:16:58 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 02.11.2012 20:29:37 | Computer Name = ICH | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 31.19.103.29 über die Netzwerkkarte mit der Netzwerkadresse 0015C5AA71CE ist verloren gegangen. Error - 03.11.2012 07:06:23 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 03.11.2012 12:13:43 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. < End of report > *Schritt 2* Zitat:
Zitat:
|
03.11.2012, 20:21 | #4 | |
| Claro-Search (Virus) hat die Kontrolle übernommen *Schritt 4* Zitat:
|
04.11.2012, 13:56 | #5 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommen Servus, na dann fangen wir mal an. Schritt 1 Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall BitTorrent DNA. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software / Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 2 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall TuneUp Utilities 2011, TuneUp Utilities Language Pack (de-DE). Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Bitte poste mit deiner nächsten Antwort
|
04.11.2012, 16:42 | #6 | |
| Claro-Search (Virus) hat die Kontrolle übernommen Moin Moin, so ich habe alles durchgeführt. 1. Deinstallation - der Eintrag von BitTorrentDNA war zwar noch in der SysSteuerung vorhanden, meldete aber das die Software bereits deinstalliert ist - es wurde dann nur noch der Eintrag entfernt - TuneUp ist deinstalliert. Ich möchte aber dazu sagen das dieses Tools in den letzten 4 Jahren keinen Schaden verursacht hat. Ich nutze es im wesentlichen zu Win-Einstellungen, Verbindungsprobs, Visuelle Darstellungen, Verlauflisten löschen usw.. Ich kann das zwar auch alles händisch lösen - dauert aber wesentlich länger und ist bedeutend aufwendiger. 2. LogDatei AdwCleaner Zitat:
Combofix Logfile: Code:
ATTFilter ComboFix 12-11-04.01 - Büro 04.11.2012 16:13:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1535 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\B³ro\Desktop\ComboFix.exe AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Internet Security 2011 10.51 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\windows\IsUn0407.exe c:\windows\ST6UNST.000 c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\zip32.dll c:\windows\unin0407.exe . Infizierte Kopie von c:\windows\system32\kernel32.dll wurde gefunden und desinfiziert Kopie von - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-04 bis 2012-11-04 )))))))))))))))))))))))))))))) . . 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-04 10:48 . 2012-11-04 10:48 -------- d-----w- c:\programme\BillP Studios 2012-10-31 09:31 . 2012-11-03 16:12 -------- d-----w- c:\programme\Mozilla Maintenance Service 2012-10-30 20:32 . 2012-10-30 20:32 -------- d-----w- c:\dokumente und einstellungen\Büro\Anwendungsdaten\Malwarebytes 2012-10-30 20:31 . 2012-10-30 20:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-10-29 22:01 . 2012-11-02 15:07 -------- d-----w- c:\programme\Opera 2012-10-29 19:19 . 2012-11-02 13:23 -------- d-----w- c:\programme\Mozilla Thunderbird 2012-10-29 16:07 . 2012-10-29 16:09 -------- d-----w- c:\programme\Horland Scan2Pdf 2012-10-28 10:28 . 2012-10-28 10:30 -------- d-----w- c:\dokumente und einstellungen\Büro\Anwendungsdaten\Scan2PDF 2012-10-28 10:27 . 2012-11-03 16:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Browser Manager 2012-10-28 09:11 . 2012-10-28 09:11 -------- d-----w- c:\dokumente und einstellungen\Büro\.swt . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 22:58 . 2012-04-07 07:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 22:58 . 2011-05-16 09:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 13:32 . 2012-06-16 21:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-04-15 22:22 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 11:51 . 2012-06-16 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:05 . 2006-03-04 03:34 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:05 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:26 . 2005-03-30 17:36 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-23 06:26 . 2005-03-30 17:36 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-15 13:59 . 2009-05-07 15:26 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2006-04-10 16:00 . 2006-11-13 19:17 86016 ----a-w- c:\programme\uninstgs.exe 2012-10-06 02:14 . 2012-11-03 13:01 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-04-25 311296] "F-Secure Manager"="c:\programme\F-Secure Internet Security\Common\FSM32.EXE" [2011-05-08 201384] "F-Secure TNB"="c:\programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2011-05-08 1655464] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Dienst-Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2006-11-13 110592] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2011-9-5 813584] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 02:23 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\programme\Skype\\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "TrueImageMonitor.exe"=c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "SigmatelSysTrayApp"=stsystra.exe "nwiz"=nwiz.exe /installquiet "IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NVHotkey"=rundll32.exe nvHotkey.dll,Start . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Java\\jre1.5.0_14\\bin\\javaw.exe"= "c:\windows\system32\Msdtc.exe"= c:\windows\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC "c:\windows\system32\dbeng8.exe"= c:\windows\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Programme\\JRE_160_e\\bin\\java.exe"= "c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5010:TCP"= 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP"= 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP"= 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP"= 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP"= 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP"= 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP"= 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP"= 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP"= 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP"= 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP"= 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP"= 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP"= 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP"= 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP"= 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP"= 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP"= 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP"= 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP"= 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP"= 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP"= 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP"= 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP"= 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002 "139:TCP"= 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004 "5000:TCP"= 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP"= 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 "6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundPacketTooBig"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [07.05.2009 16:26 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07.05.2009 16:19 82824] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.02.2007 18:00 26624] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\F-Secure Internet Security\HIPS\drivers\fshs.sys [07.05.2009 16:18 72520] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s [?] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [05.09.2011 10:17 10384] R2 MSSQL$AWDVERTRIEB;SQL Server (AWDVERTRIEB);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.12.2010 17:29 29293408] R2 SentinelKeysServer;Sentinel Keys Server;c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.07.2008 00:02 328992] R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [11.11.2006 13:37 53248] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07.05.2009 16:18 144592] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s [?] R3 FSORSPClient;F-Secure ORSP Client;c:\programme\F-Secure Internet Security\ORSP Client\fsorsp.exe [07.05.2009 16:18 61088] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [06.08.2008 12:41 264704] S3 FXUSBASE;Eumex 5520PC (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [11.11.2006 13:37 547968] S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000] S4 ARAGHSQL;ARAGHSQL;c:\arag\DB\abacus\fp\HsqlService.exe --> c:\arag\DB\abacus\fp\HsqlService.exe [?] S4 IPOSCalcRep;IPOSCalcRep;c:\awd\AngWin\rk\idl\IPOSCalcRep.exe --> c:\awd\AngWin\rk\idl\IPOSCalcRep.exe [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.02.2010 16:55 691696] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:58] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ LSP: c:\programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 83.169.185.161 83.169.185.225 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\dokumente und einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\ FF - prefs.js: browser.search.selectedEngine - Claro Search FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=114508&tt=4312_5&babsrc=KW_clro&mntrId=b00ce8500000000000000016419e7661&q= FF - ExtSQL: 2012-10-08 11:42; litmus-ff@f-secure.com; c:\programme\F-Secure Internet Security\NRS\litmus-ff@f-secure.com FF - ExtSQL: 2012-10-24 18:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-MSDE - c:\windows\IsUn0407.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-04 16:19 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Micro Focus] @Denied: (C D) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "7040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(1512) c:\programme\f-secure internet security\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(1568) c:\programme\f-secure internet security\hips\fshook32.dll . - - - - - - - > 'explorer.exe'(1276) c:\programme\f-secure internet security\hips\fshook32.dll c:\programme\F-Secure Internet Security\Spam Control\fsscoepl.dll c:\programme\Logitech\SetPoint\GameHook.dll c:\programme\Logitech\SetPoint\lgscroll.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Intel\Wireless\Bin\EvtEng.exe c:\programme\Intel\Wireless\Bin\S24EvMon.exe c:\programme\Intel\Wireless\Bin\WLKeeper.exe c:\windows\system32\brss01a.exe c:\windows\System32\SCardSvr.exe c:\programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe c:\programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE c:\programme\F-Secure Internet Security\Common\FSMA32.EXE c:\programme\Java\jre6\bin\jqs.exe c:\programme\F-Secure Internet Security\Common\FSHDLL32.EXE c:\windows\system32\rundll32.exe c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE c:\mssql7\binn\sqlservr.exe c:\windows\system32\nvsvc32.exe c:\programme\Intel\Wireless\Bin\RegSrvc.exe c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe c:\programme\F-Secure Internet Security\Anti-Virus\fssm32.exe c:\programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programme\F-Secure Internet Security\Anti-Virus\fsav32.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-11-04 16:27:00 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-11-04 15:26 . Vor Suchlauf: 13 Verzeichnis(se), 67.196.956.672 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 67.576.102.912 Bytes frei . WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 54485FFCE3F3818154F9D845AF3FCBF6 Hallo Matthias, der Rechner läuft nach den Maßnahmen stabil, störungsfrei und ich kann wieder alles durchführen. Dafür schon mal meinen Dank. Die Internet Security Software konnte sich nun auf die Version 2013 updaten. Da ich das Problem auch an f-secure herangetragen hatte (bereits bevor ich hier gepostet hatte), die mich mich einem Tool abgespeist haben was nichts gebracht hat und sich dann nach meiner Rückmeldung tot gestellt haben, werde ich diese mit einer "netten" Stellungnahme zum Service noch gehörig auf den Zahn fühlen. Leider habe ich mit denen einen langfristigen Vertrag, aber mal sehen wie ich das deichsle. Aus dieser ganzen Aktion, welche nicht nur Euch viel Zeit gekostet hat und mir noch viel Ärger, muss ich mich irgendwie gegen diese Bedrohung schützen. Für einen Tipp und den Hinweis auf noch andere Software wäre ich sehr dankbar. MfG Jürgen |
05.11.2012, 17:25 | #7 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommen Servus, Tipps gebe ich dir am Ende der Bereinigung mit auf dem Weg. Wir sind noch nicht fertig. Schritt 1 Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder:: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Browser Manager Firefox:: FF - ProfilePath - c:\dokumente und einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\ FF - prefs.js: browser.search.selectedEngine - Claro Search FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=114508&tt=4312_5&babsrc=KW_clro&mntrId=b00ce8500000000000000016419e7661&q= Wichtig:
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste mit deiner nächsten Antwort
|
05.11.2012, 23:50 | #8 |
| Claro-Search (Virus) hat die Kontrolle übernommen Hallo Matthias, ich war wohl ein wenig voreilig :-). Habe alle Arbeiten gem. der Anweisung erledigt. zu Schritt 1 Combofix Logfile: Code:
ATTFilter ComboFix 12-11-05.03 - Büro 05.11.2012 23:25:25.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1430 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Büro\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Büro\Desktop\CFScript.txt AV: Computer Security *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\Browser Manager c:\dokumente und einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll c:\dokumente und einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.settings . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-05 bis 2012-11-05 )))))))))))))))))))))))))))))) . . 2012-11-04 16:21 . 2012-11-04 16:26 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-11-04 15:53 . 2012-11-04 15:53 -------- d-----w- c:\dokumente und einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\F-Secure 2012-11-04 15:52 . 2012-11-04 15:52 -------- d-----w- c:\programme\F-Secure 2012-11-04 15:49 . 2012-11-04 19:00 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\boost_interprocess 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-04 10:48 . 2012-11-04 10:48 -------- d-----w- c:\programme\BillP Studios 2012-10-31 09:31 . 2012-11-03 16:12 -------- d-----w- c:\programme\Mozilla Maintenance Service 2012-10-30 20:32 . 2012-10-30 20:32 -------- d-----w- c:\dokumente und einstellungen\Büro\Anwendungsdaten\Malwarebytes 2012-10-30 20:31 . 2012-10-30 20:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-10-29 22:01 . 2012-11-02 15:07 -------- d-----w- c:\programme\Opera 2012-10-29 19:19 . 2012-11-02 13:23 -------- d-----w- c:\programme\Mozilla Thunderbird 2012-10-29 16:07 . 2012-10-29 16:09 -------- d-----w- c:\programme\Horland Scan2Pdf 2012-10-28 10:28 . 2012-10-28 10:30 -------- d-----w- c:\dokumente und einstellungen\Büro\Anwendungsdaten\Scan2PDF 2012-10-28 09:11 . 2012-10-28 09:11 -------- d-----w- c:\dokumente und einstellungen\Büro\.swt . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 22:58 . 2012-04-07 07:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 22:58 . 2011-05-16 09:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 13:32 . 2012-06-16 21:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-04-15 22:22 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 11:51 . 2012-06-16 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:05 . 2006-03-04 03:34 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:05 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:26 . 2005-03-30 17:36 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-23 06:26 . 2005-03-30 17:36 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2006-04-10 16:00 . 2006-11-13 19:17 86016 ----a-w- c:\programme\uninstgs.exe 2012-10-06 02:14 . 2012-11-03 13:01 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-04-25 311296] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896] "F-Secure Hoster (666)"="c:\programme\F-Secure\fshoster32.exe" [2012-08-27 167632] "F-Secure Manager"="c:\programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2012-07-03 310992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Dienst-Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2006-11-13 110592] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2011-9-5 813584] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 02:23 110592 -c--a-w- c:\windows\system32\bthprops.cpl . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\programme\Skype\\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "TrueImageMonitor.exe"=c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "SigmatelSysTrayApp"=stsystra.exe "nwiz"=nwiz.exe /installquiet "IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NVHotkey"=rundll32.exe nvHotkey.dll,Start . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Java\\jre1.5.0_14\\bin\\javaw.exe"= "c:\windows\system32\Msdtc.exe"= c:\windows\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC "c:\windows\system32\dbeng8.exe"= c:\windows\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Programme\\Gemeinsame Dateien\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"= "c:\\Programme\\JRE_160_e\\bin\\java.exe"= "c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5010:TCP"= 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP"= 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP"= 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP"= 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP"= 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP"= 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP"= 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP"= 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP"= 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP"= 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP"= 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP"= 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP"= 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP"= 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP"= 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP"= 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP"= 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP"= 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP"= 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP"= 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP"= 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP"= 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP"= 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002 "139:TCP"= 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004 "5000:TCP"= 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP"= 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 "6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundPacketTooBig"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [04.11.2012 17:21 44240] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.02.2007 18:00 26624] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [04.11.2012 17:24 73360] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s [?] R2 fshoster;F-Secure Dll Hoster;c:\programme\F-Secure\fshoster32.exe -hosterid:0 --> c:\programme\F-Secure\fshoster32.exe -hosterid:0 [?] R2 FSORSPClient;F-Secure ORSP Client;c:\programme\F-Secure\apps\CCF_Reputation\fsorsp.exe [25.05.2012 12:00 61152] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [05.09.2011 10:17 10384] R2 MSSQL$AWDVERTRIEB;SQL Server (AWDVERTRIEB);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.12.2010 17:29 29293408] R2 SentinelKeysServer;Sentinel Keys Server;c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.07.2008 00:02 328992] R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [11.11.2006 13:37 53248] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [04.11.2012 17:20 144440] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s [?] R3 fsni;fsni;c:\programme\F-Secure\apps\CCF_Scanning\fsnixp32.sys [27.08.2012 14:04 48328] R3 fsnitdi;fsnitdi;c:\programme\F-Secure\apps\CCF_Scanning\fsnitdi32.sys [27.08.2012 14:04 22728] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [06.08.2008 12:41 264704] S3 FXUSBASE;Eumex 5520PC (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [11.11.2006 13:37 547968] S4 ARAGHSQL;ARAGHSQL;c:\arag\DB\abacus\fp\HsqlService.exe --> c:\arag\DB\abacus\fp\HsqlService.exe [?] S4 IPOSCalcRep;IPOSCalcRep;c:\awd\AngWin\rk\idl\IPOSCalcRep.exe --> c:\awd\AngWin\rk\idl\IPOSCalcRep.exe [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.02.2010 16:55 691696] . Inhalt des "geplante Tasks" Ordners . 2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:58] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ TCP: DhcpNameServer = 83.169.185.161 83.169.185.225 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\dokumente und einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\ FF - ExtSQL: 2012-10-24 18:15; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-24 18:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-03 14:01; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\dokumente und einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-05 23:31 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fshoster] "ImagePath"="c:\programme\F-Secure\fshoster32.exe -hosterid:0" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\F-Secure\My Services Agent\Protected] @Denied: ) (Everyone) "AgentIdentifier"="f307e2f2-bf77-462a-b7cd-6f694568dc41" "AuthorizationCode"="XRGiXTzR2vgwm1lqkEp3yYOOsuSEh8HoZggwDNUj3tVnIVN0Mu7hwA" "666_AgentIdentifier"="f307e2f2-bf77-462a-b7cd-6f694568dc41" "666_AuthorizationCode"="XRGiXTzR2vgwm1lqkEp3yYOOsuSEh8HoZggwDNUj3tVnIVN0Mu7hwA" . [HKEY_LOCAL_MACHINE\software\Micro Focus] @Denied: (C D) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "7040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(1420) c:\programme\f-secure\apps\computersecurity\hips\fshook32.dll . Zeit der Fertigstellung: 2012-11-05 23:32:39 ComboFix-quarantined-files.txt 2012-11-05 22:32 ComboFix2.txt 2012-11-04 15:27 . Vor Suchlauf: 14 Verzeichnis(se), 67.719.426.048 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 67.713.843.200 Bytes frei . - - End Of File - - 2D4444B647BD97F78B002860DD010531 zu Schritt 2 OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.11.2012 23:35:24 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Büro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,83% Memory free 3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,69% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 63,09 Gb Free Space | 71,79% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 4,36 Gb Free Space | 82,92% Space Free | Partition Type: FAT32 Computer Name: ICH | User Name: Büro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.05 23:17:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Büro\Desktop\OTL.exe PRC - [2012.11.04 17:23:51 | 001,011,256 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe PRC - [2012.11.04 17:23:51 | 000,605,752 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.08.27 16:06:56 | 000,167,632 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\fshoster32.exe PRC - [2012.07.03 17:40:00 | 000,310,992 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE PRC - [2012.07.03 17:40:00 | 000,212,688 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE PRC - [2012.05.25 12:00:44 | 000,061,152 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.07.20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.07.11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2008.07.11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.25 20:05:34 | 000,311,296 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2005.12.28 12:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2005.12.28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2004.02.23 01:05:00 | 001,515,599 | ---- | M] (The Firebird Project) -- C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe PRC - [2004.02.23 01:05:00 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe PRC - [2000.03.29 07:34:16 | 005,021,968 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\SQLSERVR.exe PRC - [2000.03.29 07:34:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.04 17:24:13 | 000,030,888 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll MOD - [2012.11.04 17:23:51 | 000,768,712 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll MOD - [2012.11.04 17:23:51 | 000,221,904 | ---- | M] () -- \\?\c:\programme\f-secure\apps\computersecurity\hips\fsumi.dll MOD - [2012.10.30 01:20:55 | 010,706,624 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtWebKit4.dll MOD - [2012.10.30 01:20:55 | 003,051,200 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtXmlPatterns4.dll MOD - [2012.10.30 01:20:55 | 000,372,416 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtXml4.dll MOD - [2012.10.30 01:20:53 | 000,986,816 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtNetwork4.dll MOD - [2012.10.30 01:20:53 | 000,622,272 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtSql4.dll MOD - [2012.10.30 01:20:53 | 000,450,240 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtHelp4.dll MOD - [2012.10.30 01:20:52 | 008,347,328 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtGui4.dll MOD - [2012.10.30 01:20:51 | 002,256,576 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtCore4.dll MOD - [2012.10.30 01:20:51 | 001,076,928 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.2.680_x-ww_5bf632f0\QtCLucene4.dll MOD - [2012.08.27 16:06:54 | 000,241,360 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qmng4.dll MOD - [2012.08.27 16:06:54 | 000,143,056 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qjpeg4.dll MOD - [2012.08.27 16:06:54 | 000,036,048 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qico4.dll MOD - [2012.08.27 16:06:54 | 000,034,000 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qgif4.dll MOD - [2012.07.03 17:40:02 | 000,200,400 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll MOD - [2012.07.03 17:39:54 | 000,086,016 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng MOD - [2012.07.03 17:39:54 | 000,049,152 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng MOD - [2012.07.03 17:39:48 | 000,038,400 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsavhres.eng MOD - [2009.07.20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.04.10 16:43:50 | 000,116,224 | R--- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2005.12.28 12:11:34 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll MOD - [2005.12.28 12:11:34 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.12.28 12:11:34 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [1998.11.13 04:22:18 | 000,020,480 | ---- | M] () -- C:\MSSQL7\Binn\sqlrgstr.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\AWD\AngWin\rk\idl\IPOSCalcRep.exe -- (IPOSCalcRep) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\DWRCS.exe -- (DWMRCS) SRV - File not found [Disabled | Stopped] -- C:\ARAG\DB\abacus\fp\HsqlService.exe -- (ARAGHSQL) SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.10.08 23:58:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.06 03:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.27 16:06:56 | 000,167,632 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure\fshoster32.exe -- (fshoster) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 17:40:00 | 000,212,688 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA) SRV - [2012.05.25 12:00:44 | 000,061,152 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2008.07.11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2005.12.28 12:04:56 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.02.23 01:05:00 | 001,515,599 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2004.02.23 01:05:00 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2000.03.29 07:34:16 | 005,021,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\SQLSERVR.exe -- (MSSQLServer) SRV - [2000.03.29 07:34:16 | 000,348,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.EXE -- (SQLServerAgent) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Running] -- C:\DOKUME~1\BRO~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.11.04 17:26:29 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts) DRV - [2012.11.04 17:24:13 | 000,144,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.11.04 17:23:51 | 000,073,360 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2012.08.27 14:04:16 | 000,048,328 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Programme\F-Secure\apps\CCF_Scanning\fsnixp32.sys -- (fsni) DRV - [2012.08.27 14:04:16 | 000,022,728 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Programme\F-Secure\apps\CCF_Scanning\fsnitdi32.sys -- (fsnitdi) DRV - [2010.02.16 16:55:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.07.11 06:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) DRV - [2008.04.25 16:14:23 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008.04.25 16:14:23 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007.02.15 18:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006.06.14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2006.04.06 00:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.03.24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.02.09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006.01.20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006.01.11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2005.12.28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.12.05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) DRV - [2005.11.22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.10.03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB) DRV - [2005.09.15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2005.04.06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.09.16 01:00:00 | 000,547,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2004.09.16 01:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.08.04 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 3A 70 30 E9 B5 CD 01 [binary data] IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-602162358-688789844-725345543-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Programme\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.03 14:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.24 17:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.29 20:19:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.29 20:19:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2009.12.22 00:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Extensions [2009.12.22 00:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.05 10:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\extensions [2012.11.05 10:23:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Mozilla\Firefox\Profiles\6g2nnge9.default-1351517095843\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 17:15:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 17:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.11.03 14:01:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.08.29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\mozilla firefox\plugins\npbittorrent.dll [2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.05 23:31:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dienst-Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208803862140 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game12.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Oracle Technology Network for Java Developers (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C92E195-314A-4D79-B2F1-D6F8CBD86CDC}: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325DC46A-FFA7-4F24-BAC3-799DC2C317A5}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.13 19:59:12 | 000,000,069 | ---- | M] () - C:\autoexec.001 -- [ NTFS ] O32 - AutoRun File - [2007.01.22 15:26:23 | 000,000,069 | ---- | M] () - C:\autoexec.002 -- [ NTFS ] O32 - AutoRun File - [2007.06.01 19:08:53 | 000,000,069 | ---- | M] () - C:\autoexec.003 -- [ NTFS ] O32 - AutoRun File - [2007.09.03 19:14:25 | 000,000,069 | ---- | M] () - C:\autoexec.004 -- [ NTFS ] O32 - AutoRun File - [2007.11.12 11:49:45 | 000,000,069 | ---- | M] () - C:\autoexec.005 -- [ NTFS ] O32 - AutoRun File - [2008.01.21 20:45:44 | 000,000,069 | ---- | M] () - C:\autoexec.006 -- [ NTFS ] O32 - AutoRun File - [2008.05.19 10:23:01 | 000,000,069 | ---- | M] () - C:\autoexec.007 -- [ NTFS ] O32 - AutoRun File - [2008.05.19 13:08:26 | 000,000,069 | ---- | M] () - C:\autoexec.008 -- [ NTFS ] O32 - AutoRun File - [2008.08.04 11:06:04 | 000,000,069 | ---- | M] () - C:\autoexec.009 -- [ NTFS ] O32 - AutoRun File - [2008.11.09 11:36:58 | 000,000,069 | ---- | M] () - C:\autoexec.010 -- [ NTFS ] O32 - AutoRun File - [2009.02.17 10:19:43 | 000,000,069 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.11.10 21:54:57 | 000,000,000 | ---- | M] () - C:\autoexec.r2 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.05 23:17:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Büro\Desktop\OTL.exe [2012.11.05 23:11:56 | 004,997,488 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Büro\Desktop\ComboFix.exe [2012.11.05 00:07:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\Pflegetagegeld [2012.11.04 16:53:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\F-Secure [2012.11.04 16:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\F-Secure [2012.11.04 16:52:45 | 000,000,000 | ---D | C] -- C:\Programme\F-Secure [2012.11.04 16:49:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.11.04 16:11:26 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.04 16:07:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.04 16:07:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.04 16:07:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.04 16:07:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.04 16:06:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.04 16:06:35 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Büro\Startmenü\Programme\Verwaltung [2012.11.04 16:06:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.04 11:48:13 | 000,000,000 | ---D | C] -- C:\Programme\BillP Studios [2012.11.04 10:49:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.10.31 10:31:08 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.10.31 10:29:54 | 018,317,256 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\Firefox Setup 16.0_de.exe [2012.10.30 21:32:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Malwarebytes [2012.10.30 21:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.30 21:30:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\mbam-setup-1.65.1.1000.exe [2012.10.30 01:19:54 | 000,843,320 | ---- | C] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\is2013_dc_upgrade_forcer.exe [2012.10.29 23:48:39 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-installer.com [2012.10.29 23:04:09 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-Installer.exe [2012.10.29 23:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Opera [2012.10.29 23:01:45 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2012.10.29 20:19:41 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.10.29 17:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Horland Scan2Pdf [2012.10.29 17:07:42 | 000,000,000 | ---D | C] -- C:\Programme\Horland Scan2Pdf [2012.10.28 11:28:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Anwendungsdaten\Scan2PDF [2012.10.28 10:11:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\.swt [2012.10.24 17:15:12 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.21 14:01:10 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012.10.21 14:01:10 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012.10.21 14:01:10 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012.10.17 12:47:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\eSmoker [2012.10.15 12:22:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\IHK [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.05 23:31:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.05 23:17:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Büro\Desktop\OTL.exe [2012.11.05 23:11:59 | 004,997,488 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Büro\Desktop\ComboFix.exe [2012.11.05 23:08:11 | 000,060,500 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.11.05 19:58:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.05 19:04:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml [2012.11.05 19:04:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.05 19:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.04 17:26:29 | 000,044,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.11.04 17:20:37 | 000,019,540 | ---- | M] () -- C:\WINDOWS\prodsett_copy.ini [2012.11.04 16:57:17 | 000,494,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.04 16:57:17 | 000,092,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.04 16:57:16 | 000,523,306 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.04 16:57:16 | 000,111,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.04 16:52:54 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\F-Secure.lnk [2012.11.04 16:11:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.04 15:28:27 | 000,540,977 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\Desktop\adwcleaner.exe [2012.11.03 15:11:08 | 000,016,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.03 14:01:23 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.03 01:29:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.11.01 10:28:13 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Büro\defogger_reenable [2012.10.31 10:29:57 | 018,317,256 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\Firefox Setup 16.0_de.exe [2012.10.30 21:30:37 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\mbam-setup-1.65.1.1000.exe [2012.10.30 01:19:54 | 000,843,320 | ---- | M] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\is2013_dc_upgrade_forcer.exe [2012.10.29 23:48:39 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-installer.com [2012.10.29 23:04:09 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Büro\Eigene Dateien\SpyHunter-Installer.exe [2012.10.29 23:01:51 | 000,001,456 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.29 17:09:42 | 000,000,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Horland Scan2Pdf.lnk [2012.10.28 14:51:14 | 000,060,500 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012.10.18 21:39:02 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.08 23:58:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.08 23:58:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Büro\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.04 17:21:07 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.11.04 17:20:37 | 000,019,540 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini [2012.11.04 16:52:54 | 000,001,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\F-Secure.lnk [2012.11.04 16:11:32 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2012.11.04 16:11:29 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.04 16:07:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.04 16:07:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.04 16:07:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.04 16:07:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.04 16:07:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.04 15:28:27 | 000,540,977 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Desktop\adwcleaner.exe [2012.11.03 14:01:23 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.11.03 14:01:23 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.11.01 10:28:02 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\defogger_reenable [2012.10.29 23:01:51 | 000,001,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk [2012.10.29 23:01:51 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.29 17:07:46 | 000,000,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Horland Scan2Pdf.lnk [2012.05.02 13:01:48 | 000,002,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\.recently-used.xbel [2012.04.20 18:02:41 | 000,002,495 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.02.15 09:50:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.07 19:18:59 | 000,007,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Text.gif [2011.08.07 19:18:59 | 000,001,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\BWSmartClientAppRes.WinRisk_AboutBox.html [2011.06.18 13:51:13 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.12.09 12:27:34 | 000,000,252 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\default.pls [2010.12.09 12:27:11 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.11.17 22:03:10 | 000,001,511 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml [2010.06.14 12:12:54 | 000,000,035 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\.junitsession [2009.12.29 18:20:02 | 000,070,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Background.jpg [2009.12.29 18:20:02 | 000,009,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Logo.gif [2009.12.29 18:20:02 | 000,005,345 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\BWSmartClientAppRes.WinRisk_Login.html [2009.12.29 18:20:02 | 000,001,961 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\IR_LoginBtn.gif [2009.12.29 18:20:02 | 000,000,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\WinRisk_Smile.gif [2009.12.29 18:20:02 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\bullet.gif [2009.05.06 14:05:08 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Büro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.13 20:17:04 | 000,086,016 | ---- | C] () -- C:\Programme\uninstgs.exe ========== ZeroAccess Check ========== [2006.11.11 14:05:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Die 2.LogDatei (weiß nicht ob Du sie sehen willst) OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.11.2012 23:35:24 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Büro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,83% Memory free 3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,69% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 63,09 Gb Free Space | 71,79% Space Free | Partition Type: NTFS Drive D: | 5,26 Gb Total Space | 4,36 Gb Free Space | 82,92% Space Free | Partition Type: FAT32 Computer Name: ICH | User Name: Büro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "5010:TCP" = 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP" = 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP" = 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP" = 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP" = 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP" = 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP" = 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP" = 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP" = 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP" = 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP" = 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP" = 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP" = 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP" = 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP" = 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP" = 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP" = 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP" = 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP" = 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP" = 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP" = 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP" = 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP" = 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004 "5000:TCP" = 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP" = 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5010:TCP" = 5010:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5010 "5011:TCP" = 5011:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5011 "5012:TCP" = 5012:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5012 "5013:TCP" = 5013:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5013 "5014:TCP" = 5014:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5014 "5015:TCP" = 5015:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5015 "5016:TCP" = 5016:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5016 "5017:TCP" = 5017:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5017 "5018:TCP" = 5018:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5018 "5019:TCP" = 5019:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5019 "5020:TCP" = 5020:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5020 "5021:TCP" = 5021:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5021 "5022:TCP" = 5022:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5022 "5023:TCP" = 5023:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5023 "5024:TCP" = 5024:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5024 "5025:TCP" = 5025:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5025 "5026:TCP" = 5026:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5026 "5027:TCP" = 5027:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5027 "5028:TCP" = 5028:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5028 "5029:TCP" = 5029:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5029 "5030:TCP" = 5030:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Port 5030 "135:TCP" = 135:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.0.0/255.255.0.0:Enabled:RPC EndpointMapper - Port 135 "137:UDP" = 137:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002 "139:TCP" = 139:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004 "5000:TCP" = 5000:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5000 "5001:TCP" = 5001:TCP:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:Exchange - Port 5001 "6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\java.exe" = C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\java.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:java "C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\tnameserv.exe" = C:\AWD\AngWin\rk\skn\tiscorba\jre131\bin\tnameserv.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:tnameserv "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\Msdtc.exe" = C:\WINDOWS\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC -- (Microsoft Corporation) "C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\java.exe" = C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\java.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:java "C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\tnameserv.exe" = C:\AWD\Angwin\RK\SKN\tiscorba\jre\bin\tnameserv.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:tnameserv "C:\AWD\AngWin\rk\skn\TISKernel.exe" = C:\AWD\AngWin\rk\skn\TISKernel.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:TISKernel "C:\WINDOWS\system32\dbeng8.exe" = C:\WINDOWS\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 -- (iAnywhere Solutions, Inc.) "C:\WINDOWS\system32\DWRCS.exe" = C:\WINDOWS\system32\DWRCS.exe:*:Enabled:DWRCS "C:\AWD\AV-Butler\VM\bin\javaw.exe" = C:\AWD\AV-Butler\VM\bin\javaw.exe:*:Enabled:javaw "C:\AWD\AV-Butler\VM\bin\java.exe" = C:\AWD\AV-Butler\VM\bin\java.exe:*:Enabled:java "C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine "C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Java\jre1.5.0_14\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_14\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\Msdtc.exe" = C:\WINDOWS\system32\Msdtc.exe:LocalSubNet,10.10.10.0/255.255.255.0,129.129.100.0/255.255.255.0,129.129.190.0/255.255.255.0:Enabled:MSDTC -- (Microsoft Corporation) "C:\WINDOWS\system32\dbeng8.exe" = C:\WINDOWS\system32\dbeng8.exe:LocalSubNet,127.0.0.0/255.255.255.0:Enabled:dbeng8 -- (iAnywhere Solutions, Inc.) "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc) "C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.) "C:\Programme\JRE_160_e\bin\java.exe" = C:\Programme\JRE_160_e\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AWDVERTRIEB) "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1DE22109-B91A-4292-986B-DCB622FEA45F}" = RSA ACE/Agent "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{30701DC5-B400-4D3B-BC12-8FAB40D3D96F}" = "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{47746266-C19F-40B4-9355-C60A285C2A7D}" = F-Secure Network CCF 1.02.115 "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C4D6B1-6430-444B-9186-3781B9AAAFB6}" = F-Secure CCF Scanning 1.06.137.5589 (release) "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.62.109.0 (release) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A0D715-8509-45E9-A39E-691F19666FD7}" = OpticSlim M12 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{7FECD05A-0927-471D-AEF8-6D657D6577F0}" = F-Secure "{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C1DB370-E30E-11D4-A853-0050DAC651B9}" = DBV-Winterthur Angebotssoftware Win'As/tel'ass "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8320AEC-2E97-4C78-81EC-43CF6D248B01}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DC213574-F9C7-4A65-BE84-20F4079BD1C3}" = Online Safety 2.63.170.284 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DB_Firebird 1.5.0.4306" = DB_Firebird 1.5.0.4306 "ElsterFormular 13.2.0.8623p" = ElsterFormular "FreePDF_XP" = FreePDF XP (Remove only) "F-Secure ServiceEnabler 666" = F-Secure "Horlands Scan2Pdf_is1" = Horland's Scan2Pdf "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Opera 12.02.1578" = Opera 12.02 "ProInst" = Intel(R) PROSet/Wireless Software "Redirection Port Monitor" = RedMon - Redirection Port Monitor "True DBGrid Pro 6.0" = APEX True DBGrid Pro 6.0 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-602162358-688789844-725345543-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Wizard101(DE)_is1" = Wizard101(DE) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.11.2012 05:48:59 | Computer Name = ICH | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung aswmbr.exe, Version 0.9.9.1665, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689. Error - 03.11.2012 07:15:10 | Computer Name = ICH | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x02fab980. [ System Events ] Error - 04.11.2012 12:03:53 | Computer Name = ICH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Acronis Scheduler2 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 04.11.2012 12:50:01 | Computer Name = ICH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Acronis Scheduler2 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 04.11.2012 17:18:20 | Computer Name = ICH | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 31.19.99.75 über die Netzwerkkarte mit der Netzwerkadresse 0015C5AA71CE ist verloren gegangen. Error - 05.11.2012 05:16:31 | Computer Name = ICH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Acronis Scheduler2 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 05.11.2012 05:17:09 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 05.11.2012 11:28:43 | Computer Name = ICH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Acronis Scheduler2 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 05.11.2012 11:29:21 | Computer Name = ICH | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 05.11.2012 14:03:04 | Computer Name = ICH | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Acronis Scheduler2 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 05.11.2012 18:08:02 | Computer Name = ICH | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 31.19.111.94 über die Netzwerkkarte mit der Netzwerkadresse 0015C5AA71CE ist verloren gegangen. Error - 05.11.2012 18:25:28 | Computer Name = ICH | Source = Service Control Manager | ID = 7016 Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet: 0 < End of report > |
06.11.2012, 15:58 | #9 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommen Servus, sieht schon viel besser aus. Jetzt noch ein paar Kontrollsuchläufe. Schritt 1
Code:
ATTFilter :OTL FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension :Commands [emptytemp]
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
06.11.2012, 17:58 | #10 | ||||
| Claro-Search (Virus) hat die Kontrolle übernommen Hallo Matthias, alle Arbeiten durchgeführt. Ergebnis: Schritt 1 Zitat:
Zitat:
Zitat:
Zitat:
Gruß Jürgen |
06.11.2012, 20:21 | #11 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommen Servus, die Toolbar befindet sich "nur" in der Systemwiederherstellung. Darum kümmern wir uns abschließend. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 4 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster. Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe" Schritt 6 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 7
Schritt 8 Starte bitte OTL und klicke auf Bereinigung. Du wirst zu einem Neustart aufgefordert. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte ein verwendetes Programm nach dem Neustart noch verhanden sein, bitte mit Rechtsklick --> Löschen manuell entfernen. Schritt 9 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
07.11.2012, 13:24 | #12 |
| Claro-Search (Virus) hat die Kontrolle übernommen Moin Moin Matthias, das war großartiger Job den Du da gemacht hast - Chapeau! Alle Arbeiten sind ausgeführt, im einzelnen: Schritt 1 - 4: problemlos Schritt 5: ich behalte ESET, also nicht deinstalliert Schritt 6 - 9: problemlos - Secunia ist installiert - alles ist uptoDate Anti-Viren-Software ist installiert und uptoDate Malwarebytes ist installiert WinPatrol ist installiert SpyWareBlaster ist installiert MVPs hosts file muss ich erst noch verstehen - nicht installiert, ebenso WOT Opera und Firefox sind installiert. NoScript als Add On in Firefox wird noch installiert TFC ist installiert funktioniert aber nicht bzw. friert den Laptop ein. Das Programm öffnet sich, killt die Arbeitsfläche und dann steht in dem Processfenster nach 2 sec. die Meldung: "Stopping running processes" und das war es dann es geht nichts mehr - keinerlei Zugriff mehr möglich - auch nicht nach 1 Std Wartezeit. Werde deshalb TFC wieder deinstallieren. Ich bedanke mich für die hervorrangende Arbeit und werde mich selbstverständlich erkenntlich zeigen. Gruß Jürgen |
07.11.2012, 18:02 | #13 |
/// TB-Ausbilder | Claro-Search (Virus) hat die Kontrolle übernommen Das Problem mit TFC höre ich zum ersten Mal. Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Claro-Search (Virus) hat die Kontrolle übernommen |
administrator, aktion, anti-malware, autostart, browser, crossrider, dateien, deinstallation, explorer, firefox, gen, google, heute, installation, installiert, malwarebytes, microsoft, scan, service, service pack 3, speicher, test, tools, verhindert, version, virus |