|
Plagegeister aller Art und deren Bekämpfung: ihavenet.com IIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.12.2012, 08:20 | #1 |
| ihavenet.com II Hallo zusammen, ich halte mich einfach mal an die erste Regel und erstelle zu meinem Problem ein eigenes Topic. Suchanfragen bei Google werden auf andere Seiten weitergeleitet, egal ob IE oder Firefox. OS ist Win7 Prof, als Virenschutz ist die aktuelle Symantec Endpoint Protection installiert. Bevor ich hier die Anleitungen im Board gefunden hatte, habe ich bereits mit Malwarebytes und Spybot einen Scan durchlaufen lassen, ohne Erfolg. Mag mich jemand von Euch zum Freitag durch das Problem leiten? Vielen Dank |
14.12.2012, 13:14 | #2 |
/// Malware-holic | ihavenet.com II Hi
__________________gabs funde bei Malwarebytes bzw Spybot? falls ja, posten. http://www.trojaner-board.de/125889-...en-posten.html dann: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
15.12.2012, 17:16 | #3 |
| ihavenet.com II Hi,
__________________danke für die Rückmeldung, ich komme leider erst Montag an das betroffene System. Melde mich dann mit den entsprechenden Log-Dateien. Schönes Wochenende noch! |
15.12.2012, 18:48 | #4 |
/// Malware-holic | ihavenet.com II Dir auch :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.12.2012, 10:30 | #5 |
| ihavenet.com II Hallo, nun zu den Logs: 1) Malwarebytes und Spybot S&D haben nichts interessantes gefunden, habe leider keine Logs mehr. Wenn gewünscht, liefer ich diese aber gerne nach. 2) OTL: Ich habe den Benutzernamen durch "Benutzer" ersetzt, da er einen relativ eindeutigen Klarnamen enthält. Eine extra.txt habe ich nicht gefunden. OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.12.2012 10:05:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benutzer\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,90 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,50% Memory free 3,81 Gb Paging File | 2,49 Gb Available in Paging File | 65,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 414,18 Gb Free Space | 88,93% Space Free | Partition Type: NTFS Drive F: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS Drive K: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS Drive P: | 248,84 Mb Total Space | 135,14 Mb Free Space | 54,31% Space Free | Partition Type: NTFS Drive Q: | 248,84 Mb Total Space | 135,14 Mb Free Space | 54,31% Space Free | Partition Type: NTFS Drive S: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS Drive U: | 120,00 Gb Total Space | 51,17 Gb Free Space | 42,64% Space Free | Partition Type: NTFS Drive Z: | 109,95 Gb Total Space | 31,91 Gb Free Space | 29,02% Space Free | Partition Type: NTFS Computer Name: PC009 | User Name: Benutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.17 10:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe PRC - [2012.12.14 14:37:45 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.03 10:20:06 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2011.05.13 09:14:48 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2011.05.13 09:14:46 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2011.05.13 09:14:46 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2011.05.13 09:14:46 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2011.03.21 17:35:14 | 000,091,648 | ---- | M] (Sage Software, Inc) -- C:\Programme\ACT\Act for Windows\Act.Outlook.Sync.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.15 18:13:12 | 000,017,920 | ---- | M] (Sage Software, Inc.) -- C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe PRC - [2010.08.12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe PRC - [2009.11.30 04:28:22 | 000,084,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\IntelITDirector\itdirectorservice.exe PRC - [2009.11.30 04:28:14 | 000,509,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\IntelITDirector\itdirector.exe PRC - [2009.10.16 04:29:52 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2009.10.16 04:29:44 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2009.07.24 15:24:48 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.02.08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.12.14 17:20:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.12.14 17:20:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.12.14 17:19:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.12.14 17:19:58 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012.12.14 17:19:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.12.14 17:19:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.12.14 17:19:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.12.14 17:19:07 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.12.14 17:18:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.12.14 17:18:47 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll MOD - [2012.12.14 17:18:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.12.14 17:18:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.12.14 17:18:40 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.12.14 17:18:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.12.14 14:37:45 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.02.16 08:54:48 | 000,120,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Integration.dll MOD - [2012.02.16 08:54:47 | 000,678,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Sync.Common\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Sync.Common.dll MOD - [2012.02.16 08:54:47 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll MOD - [2012.02.16 08:54:45 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Win32\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Win32.dll MOD - [2012.02.16 08:54:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Utilities\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll MOD - [2012.02.16 08:54:43 | 003,391,488 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Framework\13.1.111.0__ebf6b2ff4d0a08aa\Act.Framework.dll MOD - [2012.02.16 08:54:42 | 000,136,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll MOD - [2011.05.16 09:55:58 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.dll MOD - [2011.05.16 09:55:58 | 000,076,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder2\2.2.0.0__31bf3856ad364e35\Microsoft.Practices.ObjectBuilder2.dll MOD - [2011.05.16 09:55:58 | 000,052,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.Unity.Configuration\1.2.0.0__31bf3856ad364e35\Microsoft.Practices.Unity.Configuration.dll MOD - [2011.05.16 09:55:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.ADChronopher\1.0.0.0__ebf6b2ff4d0a08aa\Interop.ADChronopher.dll MOD - [2011.05.16 09:55:56 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\GAC\Genghis\0.3.958.30739__f595a82b5e5c871c\Genghis.dll MOD - [2011.05.16 09:55:53 | 001,110,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.UI.SyncSetup\13.1.111.0__ebf6b2ff4d0a08aa\Act.UI.SyncSetup.dll MOD - [2011.05.16 09:55:49 | 002,134,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Windows.Forms\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Windows.Forms.dll MOD - [2011.05.16 09:55:48 | 005,144,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Images\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Images.dll MOD - [2011.05.16 09:55:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll MOD - [2011.05.16 09:55:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Shared.Config\13.1.111.0__ebf6b2ff4d0a08aa\Act.Shared.Config.dll MOD - [2011.05.16 09:55:47 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll MOD - [2011.05.16 09:55:47 | 000,072,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Win.Integration\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Win.Integration.dll MOD - [2011.05.16 09:55:47 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll MOD - [2011.05.16 09:55:47 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\13.1.111.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 16:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.04 16:58:10 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010.11.04 16:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2010.11.04 16:52:40 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2010.11.04 16:52:32 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2010.11.04 16:52:28 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2010.11.04 16:52:28 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2009.09.30 11:29:57 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2012.12.14 14:37:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.12 10:37:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2011.05.13 09:14:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2011.05.13 09:14:46 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2011.05.13 09:14:46 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011.05.13 09:14:46 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2010.11.20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009.11.30 04:28:22 | 000,084,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\IntelITDirector\itdirectorservice.exe -- (ITDirectorService) SRV - [2009.10.16 04:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) SRV - [2009.10.16 04:29:44 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) SRV - [2009.07.24 15:24:48 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.02.08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TEICHI~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.09.13 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121216.007\NAVEX15.SYS -- (NAVEX15) DRV - [2012.09.13 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121216.007\NAVENG.SYS -- (NAVENG) DRV - [2012.08.08 09:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.08 09:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.11.24 22:23:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.11.24 22:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.05.25 16:04:15 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.05.13 09:14:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2011.05.13 09:14:49 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2011.05.13 09:14:49 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2011.05.13 09:14:39 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2011.05.13 09:14:39 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2011.05.13 09:14:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2010.11.20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.01 21:26:30 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2010.04.05 23:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.06.24 04:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2007.04.11 22:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV) DRV - [2007.04.11 22:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP) DRV - [2007.04.11 22:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEFB2D7A-E9AD-48FD-B163-2BDDDFA266D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9E 8F DF A6 85 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE410 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/web?q=test&qsrc=0&o=312&l=dir" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.14 14:37:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.08 11:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions [2012.07.03 11:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\94xeaual.default\extensions [2012.12.13 11:21:27 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\firefox\profiles\94xeaual.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.14 14:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.14 14:37:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.12.13 16:22:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.13 16:22:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.12.13 16:22:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.12.13 16:22:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.13 16:22:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.13 16:22:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.13 16:17:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.) O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" File not found O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.247.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Domäne.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531F45CF-FF7B-406D-BD12-15E178B6A93D}: DhcpNameServer = 192.168.247.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{531F45CF-FF7B-406D-BD12-15E178B6A93D}: NameServer = 192.168.247.14 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe () MsConfig - StartUpReg: ToshibaGLDocMon - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe (Toshiba America Information Systems) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 10:04:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2012.12.14 14:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.14 07:15:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\ABV [2012.12.14 07:15:51 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\WINDOWS [2012.12.13 16:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.12.13 16:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.13 16:20:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.13 16:20:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.13 16:10:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.13 16:10:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.13 16:10:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.13 16:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.13 16:08:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.13 15:46:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\ihavenet [2012.12.13 11:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.13 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.13 11:34:54 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2012.12.13 11:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012.12.13 11:34:18 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\Programs [2012.12.13 11:24:22 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Malwarebytes [2012.12.13 11:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.13 11:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.13 11:24:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.13 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.29 07:34:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\PDF24 ========== Files - Modified Within 30 Days ========== [2012.12.17 10:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2012.12.17 09:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.17 07:19:09 | 000,010,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 07:19:09 | 000,010,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 07:15:55 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.12.17 07:11:07 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\LYOYQ.job [2012.12.17 07:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 07:09:59 | 1532,379,136 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 17:15:14 | 000,411,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.14 08:46:45 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.14 08:46:45 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.14 08:46:45 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.14 08:46:45 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.14 07:17:13 | 000,000,008 | RHS- | M] () -- C:\ProgramData\FD6854015D.sys [2012.12.13 16:17:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () -- C:\Windows\System32\sk-SKT.dll ========== Files Created - No Company Name ========== [2012.12.14 07:17:13 | 000,000,008 | RHS- | C] () -- C:\ProgramData\FD6854015D.sys [2012.12.13 16:10:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.13 16:10:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.13 16:10:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.13 16:10:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.13 16:10:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.13 11:35:01 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.07 11:14:01 | 000,118,784 | RHS- | C] () -- C:\Windows\System32\sk-SKT.dll [2012.12.07 11:14:01 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\LYOYQ.job [2011.10.12 10:56:41 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\TempSel.dat [2011.10.12 10:56:41 | 000,000,000 | ---- | C] () -- C:\Users\Benutzer\TempGrpSel.dat [2011.05.19 13:12:23 | 000,000,008 | RHS- | C] () -- C:\Users\Benutzer\ntuser.pol [2011.05.16 10:23:21 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.12 15:17:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.11 08:16:50 | 000,007,231 | ---- | C] () -- C:\Windows\I2_7.ini [2011.05.11 08:15:15 | 000,135,168 | ---- | C] () -- C:\Windows\snmp_pp.dll [2011.05.11 08:13:37 | 000,008,272 | ---- | C] () -- C:\Windows\I1_7.ini [2011.05.10 13:08:35 | 000,079,360 | ---- | C] () -- C:\Windows\SIDUnins.exe [2011.05.10 13:08:35 | 000,004,308 | ---- | C] () -- C:\Windows\SIDUNINS.INI [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.10.15 09:37:59 | 000,051,096 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.02.16 08:54:47 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.05.19 13:04:54 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ACT [2011.08.22 10:06:46 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Foxit Software [2011.05.19 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\IsolatedStorage [2011.05.23 08:53:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Windows Small Business Server ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.13 16:20:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.10.15 08:18:40 | 000,000,000 | ---D | M] -- C:\actdiag [2010.10.15 08:18:55 | 000,000,000 | ---D | M] -- C:\Anja Veith [2011.05.19 13:08:26 | 000,000,000 | ---D | M] -- C:\Backup [2011.05.13 06:18:15 | 000,000,000 | ---D | M] -- C:\Boot [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.14 12:26:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.10.05 21:57:40 | 000,000,000 | ---D | M] -- C:\Driver [2010.10.15 08:19:08 | 000,000,000 | ---D | M] -- C:\GLWEB [2010.10.15 08:26:41 | 000,000,000 | ---D | M] -- C:\Hicad [2010.10.15 08:28:12 | 000,000,000 | ---D | M] -- C:\I386 [2010.10.19 07:43:15 | 000,000,000 | ---D | M] -- C:\Inst [2010.10.05 12:19:03 | 000,000,000 | ---D | M] -- C:\Intel [2010.10.15 08:28:19 | 000,000,000 | ---D | M] -- C:\KAT [2010.10.15 10:08:58 | 000,000,000 | ---D | M] -- C:\Mail [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.14 15:48:19 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.14 07:17:13 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.10.14 12:26:11 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.13 16:20:19 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.10.14 12:26:12 | 000,000,000 | ---D | M] -- C:\Recovery [2010.10.15 08:31:47 | 000,000,000 | ---D | M] -- C:\scaneingang1 [2008.05.26 09:20:42 | 000,000,000 | ---D | M] -- C:\scaneingang2 [2011.10.28 09:14:15 | 000,000,000 | ---D | M] -- C:\Sicherung [2012.12.17 10:07:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.05.26 06:18:34 | 000,000,000 | ---D | M] -- C:\TEMP [2010.10.15 08:31:54 | 000,000,000 | ---D | M] -- C:\TOSHIBA [2011.05.06 07:16:37 | 000,000,000 | ---D | M] -- C:\TOSHIBA Kalkulation [2010.10.15 08:31:55 | 000,000,000 | ---D | M] -- C:\TOSHIBA Projektanträge [2009.05.25 12:50:41 | 000,000,000 | ---D | M] -- C:\TOSHIBA Projekte [2010.10.15 08:38:10 | 000,000,000 | ---D | M] -- C:\tradepilot [2010.10.15 08:38:48 | 000,000,000 | ---D | M] -- C:\Treiber [2011.06.15 09:27:41 | 000,000,000 | R--D | M] -- C:\Users [2012.12.13 16:20:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.08.13 15:25:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.07 11:14:01 | 000,000,308 | ---- | C] () -- C:\Windows\Tasks\LYOYQ.job < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 03:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\Disk\NvAtaBus.sys [2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\Win2K\NvAtaBus.sys [2004.11.04 04:58:20 | 000,086,144 | ---- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\Treiber\WinXP\MB\nVidia\A8N-SLI\Chipset_XP&2K\IDE\WinXP\NvAtaBus.sys < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 03:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll [2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 03:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.07.06 22:45:36 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\2003IA32\viamraid.sys [2004.07.06 22:45:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Win2000\viamraid.sys [2004.07.06 22:45:42 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Winxp\viamraid.sys [2004.07.06 22:45:36 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\2003IA32\viamraid.sys [2004.07.06 22:45:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Win2000\viamraid.sys [2004.07.06 22:45:42 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Winxp\viamraid.sys [2004.07.06 22:45:40 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\DriverDisk\RAID\Winnt40\viamraid.sys [2004.07.06 22:45:40 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Treiber\WinXP\Cont\VIA_RAID_V410a\VIARaid\driver\Winnt40\viamraid.sys < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe [2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 03:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.13 09:14:57 | 000,087,408 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\FwsVpn.dll [2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\sk-SKT.dll [2011.05.13 09:14:57 | 000,107,888 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\SymVPN.dll < %USERPROFILE%\*.* > [2012.12.17 10:20:43 | 003,670,016 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT [2012.12.17 10:20:43 | 000,262,144 | -HS- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG1 [2011.05.19 13:04:13 | 000,000,000 | -HS- | M] () -- C:\Users\Benutzer\ntuser.dat.LOG2 [2011.05.19 13:12:21 | 000,065,536 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011.05.19 13:12:21 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011.05.19 13:12:21 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.12.14 21:00:43 | 000,000,250 | -HS- | M] () -- C:\Users\Benutzer\ntuser.ini [2012.03.13 15:56:08 | 000,000,008 | RHS- | M] () -- C:\Users\Benutzer\ntuser.pol [2011.10.12 10:56:41 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\TempGrpSel.dat [2011.10.12 10:56:41 | 000,000,000 | ---- | M] () -- C:\Users\Benutzer\TempSel.dat < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Schönen Gruß, Simon EDIT: Konkrete Domäne durch "Domäne" ausgetauscht. Geändert von Pingo (17.12.2012 um 11:04 Uhr) |
17.12.2012, 11:03 | #6 |
/// Malware-holic | ihavenet.com II Hi poste die logs bitte. Welche Funde interssant sind, oder nicht, entscheide ich schon gern selbst :-) hab dir ja deswegen den Link gepostet, wie du die Logs, zumindest von Malwarebytes, einsehen kannst.
__________________ --> ihavenet.com II |
17.12.2012, 11:30 | #7 |
| ihavenet.com II MBAM-Log Reicht dieser Log? Spybot lasse ist jetzt grade laufen, den Log liefere ich nach. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.13.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 teichinger :: PC009 [administrator] 17.12.2012 11:12:58 mbam-log-2012-12-17 (11-12-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 278890 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Search results from Spybot - Search & Destroy 17.12.2012 11:55:20 Scan took 00:21:20. 114 items found. Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\aka-cdn-ns.adtech.de\movad.sol Properties.size=67 Properties.md5=FD66CB86C7709029097AD4F66B8106F5 Properties.filedate=1347520155 Properties.filedatetext=2012-09-13 08:09:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.flashtalking.com\ftLocalComms.sol Properties.size=62 Properties.md5=A15E322651F4CCAB47BD036E02815E38 Properties.filedate=1353916330 Properties.filedatetext=2012-11-26 08:52:10 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.flashtalking.com\FT_cookie.sol Properties.size=43 Properties.md5=610E87C4C012C7ABEDEF6BA1BEF999B6 Properties.filedate=1352305155 Properties.filedatetext=2012-11-07 17:19:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.unicast.msn.com\skin.sol Properties.size=40 Properties.md5=362FB198F25797ABC6410C659F7FEDEF Properties.filedate=1351774118 Properties.filedatetext=2012-11-01 13:48:37 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.unicast.msn.com\XMenExp_skin_data.sol Properties.size=51 Properties.md5=3E98AC91CE9EC94A358AE2668E9D8AD2 Properties.filedate=1333438977 Properties.filedatetext=2012-04-03 08:42:56 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\cdn.voodoovideo.com\voodoo_video.sol Properties.size=117 Properties.md5=E93DF1807530A9F4CCE6D239B337F5C1 Properties.filedate=1337852236 Properties.filedatetext=2012-05-24 10:37:16 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\databroker.coremotives.com\flCookie_4249248b-1d57-e111-9de0-00155d323f61.sol Properties.size=484 Properties.md5=B557946E49ED4A156875E05C37ABC88E Properties.filedate=1333358625 Properties.filedatetext=2012-04-02 10:23:44 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\divaag.vo.llnwd.net\US_FARM_viewster_STREMING_CLIENT_ID_COOKIE.sol Properties.size=81 Properties.md5=57A06D16CBBD0E24076EDCD853380CD3 Properties.filedate=1355147209 Properties.filedatetext=2012-12-10 14:46:49 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\images.philips.com\s7_storage_tracker.sol Properties.size=184 Properties.md5=DFD5BFFE6831516D3D675A6C605B382E Properties.filedate=1325154583 Properties.filedatetext=2011-12-29 11:29:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\imagesrv.adition.com\movad.sol Properties.size=67 Properties.md5=6511D641B734FE584A16C948FA22BCB4 Properties.filedate=1346765057 Properties.filedatetext=2012-09-04 14:24:17 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\AdModel.sol Properties.size=173 Properties.md5=CACA426E69C3C218B108DF80650813E3 Properties.filedate=1352447915 Properties.filedatetext=2012-11-09 08:58:35 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\CountryCode.sol Properties.size=112 Properties.md5=0F87AA14F6E9F85D4838C4AB032B5C5C Properties.filedate=1352447907 Properties.filedatetext=2012-11-09 08:58:26 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\PlaylistModel.sol Properties.size=132 Properties.md5=6C1399D2F472C00B35FACAC157E712DD Properties.filedate=1352447915 Properties.filedatetext=2012-11-09 08:58:35 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\img.widgets.video.s-msn.com\reportingSegment.sol Properties.size=83 Properties.md5=60E5ACB15A624AD673F8983B05A31332 Properties.filedate=1352447907 Properties.filedatetext=2012-11-09 08:58:26 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\meitetsu.m-pathy.com\mPathyUserData.sol Properties.size=65 Properties.md5=87E675DFCA4C3F9F4AC027E7E63102D6 Properties.filedate=1353315258 Properties.filedatetext=2012-11-19 09:54:17 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\s.ytimg.com\soundData.sol Properties.size=49 Properties.md5=F2945B8419B125F71FC8FD7CDDB59948 Properties.filedate=1316429386 Properties.filedatetext=2011-09-19 11:49:45 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\s.ytimg.com\videostats.sol Properties.size=275 Properties.md5=5D388D03B8C1857EC653A43DA06AE06B Properties.filedate=1352964008 Properties.filedatetext=2012-11-15 08:20:07 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10314235.sol Properties.size=56 Properties.md5=BAC03C958F7860F5EFD93AD66B6D6F3A Properties.filedate=1343899509 Properties.filedatetext=2012-08-02 10:25:08 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10372911.sol Properties.size=56 Properties.md5=F647E0B9730110DD5E58E7242BD00FE4 Properties.filedate=1345797421 Properties.filedatetext=2012-08-24 09:37:00 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\10631444.sol Properties.size=56 Properties.md5=8040A313324F69200918D041055157F6 Properties.filedate=1347001856 Properties.filedatetext=2012-09-07 08:10:55 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11747667.sol Properties.size=56 Properties.md5=B0515DEF4919E1C70067873005057AFA Properties.filedate=1352963995 Properties.filedatetext=2012-11-15 08:19:55 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11892909.sol Properties.size=56 Properties.md5=A45D6367AB19CC2ACAEE52E019A9805B Properties.filedate=1354624408 Properties.filedatetext=2012-12-04 13:33:28 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\11951567.sol Properties.size=56 Properties.md5=941D5ED7F3A2045C8555B5FA915F5E6F Properties.filedate=1355145163 Properties.filedatetext=2012-12-10 14:12:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\12078118.sol Properties.size=56 Properties.md5=12D0B02B8AED3C0C62E3DFA0F14033D5 Properties.filedate=1355145264 Properties.filedatetext=2012-12-10 14:14:23 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\8767846.sol Properties.size=55 Properties.md5=1987EE8843C1D69149DF2B6080DE7EE9 Properties.filedate=1334043159 Properties.filedatetext=2012-04-10 08:32:39 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9495163.sol Properties.size=55 Properties.md5=6E7F0436DFDCFD8214752676551425BC Properties.filedate=1340007195 Properties.filedatetext=2012-06-18 09:13:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9929379.sol Properties.size=55 Properties.md5=E93D35BE21CD7718E2D96809DFC19CCD Properties.filedate=1341821623 Properties.filedatetext=2012-07-09 09:13:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\serving-sys.com\9955479.sol Properties.size=55 Properties.md5=BA0D34F64C7C3F6F784C26C961C59997 Properties.filedate=1342168881 Properties.filedatetext=2012-07-13 09:41:20 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\ssl.hurra.com\restore.hurra.com.sol Properties.size=178 Properties.md5=0BED82899533D0B6EFE1E046E6D3EEF6 Properties.filedate=1342707758 Properties.filedatetext=2012-07-19 15:22:37 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\vtracy.de\loC.sol Properties.size=54 Properties.md5=A90556E131B40BCB7CF53F9EED91BD8E Properties.filedate=1340032141 Properties.filedatetext=2012-06-18 16:09:00 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.baur.de\REGISTRY.sol Properties.size=42 Properties.md5=F10611AA2C3676CBFB75469623E46626 Properties.filedate=1337151448 Properties.filedatetext=2012-05-16 07:57:27 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.baur.de\sol.sol Properties.size=374 Properties.md5=D8576C370F104FE8A45F68EE3859AFAB Properties.filedate=1337151448 Properties.filedatetext=2012-05-16 07:57:27 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.xatech.com\chat.sol Properties.size=66 Properties.md5=FFE8C55E28EEFAEE8F3FDBFBB2C23DD5 Properties.filedate=1333379264 Properties.filedatetext=2012-04-02 16:07:44 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www1.belboon.de\000015274.sol Properties.size=138 Properties.md5=FCFE4752FF6D6DD08AB47078627EEEE1 Properties.filedate=1313657092 Properties.filedatetext=2011-08-18 09:44:51 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.apendics.de\apx.swf\v.sol Properties.size=101 Properties.md5=52A28F277E90DFC6C60D1D1EB37CF5D2 Properties.filedate=1339506143 Properties.filedatetext=2012-06-12 14:02:22 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e9832.sol Properties.size=82 Properties.md5=748FDF5E958B3DF9228E0A6F18875492 Properties.filedate=1306848086 Properties.filedatetext=2011-05-31 14:21:26 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e98388.sol Properties.size=83 Properties.md5=950A9057D9F2CBC4E3816298BDF912DD Properties.filedate=1306768751 Properties.filedatetext=2011-05-30 16:19:10 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e984.sol Properties.size=81 Properties.md5=9B96A27B7508763911E95E4E320D5292 Properties.filedate=1315466773 Properties.filedatetext=2011-09-08 08:26:12 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e98500.sol Properties.size=83 Properties.md5=59155AA4890997FEA1E135F341E03A6F Properties.filedate=1349968153 Properties.filedatetext=2012-10-11 16:09:12 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\asp.zone-secure.net\v2\index.swf\Webpublication_BkMarks0xf4f5f50x004e9860.sol Properties.size=82 Properties.md5=773BC63095D0EC54E863D69D5A00A7E0 Properties.filedate=1306848223 Properties.filedatetext=2011-05-31 14:23:43 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\franca-luca.com\flash\website.swf\volumeStatus.sol Properties.size=44 Properties.md5=21EEC96950F847E2CA0A351073098CAC Properties.filedate=1344867598 Properties.filedatetext=2012-08-13 15:19:58 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\heias.com\x\heias_sc.swf\heias.sol Properties.size=62 Properties.md5=C910E017E359B29518D6A66D833C045D Properties.filedate=1306762921 Properties.filedatetext=2011-05-30 14:42:01 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\nm.wetter.com\flash\radar_gm_2.0.6.2.swf\wettercomgooglemap.sol Properties.size=114 Properties.md5=F1F6EE64BFC1EC543B4CAE7743411649 Properties.filedate=1314369491 Properties.filedatetext=2011-08-26 15:38:11 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Benutzer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8ZK9CZEY\www.weinrich.de\katalog2012\elkat.swf\elkat108734.sol Properties.size=46 Properties.md5=6763AE903E484D8139E23B20718AE9A1 Properties.filedate=1346854741 Properties.filedatetext=2012-09-05 15:19:00 DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Benutzer) (Browser: Cookie, nothing done) WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Adviva: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) CoreMetrics: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Right Media: [SBI $8E73A7FB] Tracking cookie (Firefox: Benutzer (default)) (Browser: Cookie, nothing done) Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done) C:\Windows\setupact.log Properties.size=224 Properties.md5=640DAD2C12AB9C0D0D3070666B6CCF80 Properties.filedate=1355724657 Properties.filedatetext=2012-12-17 07:10:56 Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Internet Explorer\Download Directory Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\WinRAR\ArcHistory WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1037240086-1561017433-616728914-1147\Software\WinRAR\General\LastFolder Cookie: [SBI $49804B54] Browser: Cookie (21) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (306) (Browser: Cache, nothing done) History: [SBI $49804B54] Browser: History (42) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (11) (Browser: Cookie, nothing done) History: [SBI $49804B54] Browser: History (25) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (11) (Browser: Cookie, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (5565) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) --- 2012-11-13 blindman.exe (2.0.12.151) 2012-11-13 explorer.exe (2.0.12.173) 2012-11-13 SDBootCD.exe (2.0.12.109) 2012-11-13 SDCleaner.exe (2.0.12.110) 2012-11-13 SDDelFile.exe (2.0.12.94) 2012-11-13 SDFiles.exe (2.0.12.135) 2012-11-13 SDFileScanHelper.exe (2.0.12.1) 2012-11-13 SDFSSvc.exe (2.0.12.205) 2012-11-13 SDImmunize.exe (2.0.12.130) 2012-11-13 SDLogReport.exe (2.0.12.107) 2012-11-13 SDPESetup.exe (2.0.12.3) 2012-11-13 SDPEStart.exe (2.0.12.86) 2012-11-13 SDPhoneScan.exe (2.0.12.27) 2012-11-13 SDPRE.exe (2.0.12.13) 2012-11-13 SDPrepPos.exe (2.0.12.10) 2012-11-13 SDQuarantine.exe (2.0.12.103) 2012-11-13 SDRootAlyzer.exe (2.0.12.116) 2012-11-13 SDSBIEdit.exe (2.0.12.39) 2012-11-13 SDScan.exe (2.0.12.173) 2012-11-13 SDScript.exe (2.0.12.53) 2012-11-13 SDSettings.exe (2.0.12.130) 2012-11-13 SDShred.exe (2.0.12.105) 2012-11-13 SDSysRepair.exe (2.0.12.101) 2012-11-13 SDTools.exe (2.0.12.150) 2012-11-13 SDTray.exe (2.0.12.127) 2012-11-13 SDUpdate.exe (2.0.12.89) 2012-11-13 SDUpdSvc.exe (2.0.12.76) 2012-11-13 SDWelcome.exe (2.0.12.126) 2012-11-13 SDWSCSvc.exe (2.0.12.2) 2012-12-13 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98) 2012-11-13 SDECon32.dll (2.0.12.113) 2012-11-13 SDEvents.dll (2.0.12.2) 2012-11-13 SDFileScanLibrary.dll (2.0.12.9) 2012-11-13 SDHelper.dll (2.0.12.88) 2012-11-13 SDImmunizeLibrary.dll (2.0.12.2) 2012-11-13 SDLists.dll (2.0.12.4) 2012-11-13 SDResources.dll (2.0.12.7) 2012-11-13 SDScanLibrary.dll (2.0.12.131) 2012-11-13 SDTasks.dll (2.0.12.15) 2012-11-13 SDWinLogon.dll (2.0.12.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2012-11-13 Tools.dll (2.0.12.36) 2012-11-13 UninsSrv.dll (2.0.12.52) 2012-11-20 Includes\Adware.sbi (*) 2012-12-11 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2012-11-14 Includes\Dialer.sbi (*) 2012-11-14 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2012-11-14 Includes\Hijackers.sbi (*) 2012-11-14 Includes\HijackersC.sbi (*) 2012-11-14 Includes\iPhone.sbi (*) 2012-11-14 Includes\Keyloggers.sbi (*) 2012-11-14 Includes\KeyloggersC.sbi (*) 2012-11-21 Includes\Malware.sbi (*) 2012-12-11 Includes\MalwareC.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2012-12-11 Includes\PUPSC.sbi (*) 2012-11-14 Includes\Security.sbi (*) 2012-11-14 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2012-11-14 Includes\Spyware.sbi (*) 2012-11-14 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2012-12-11 Includes\Trojans.sbi (*) 2012-11-14 Includes\TrojansC-02.sbi (*) 2012-12-11 Includes\TrojansC-03.sbi (*) 2012-11-29 Includes\TrojansC-04.sbi (*) 2012-11-14 Includes\TrojansC-05.sbi (*) 2012-12-03 Includes\TrojansC.sbi (*) |
17.12.2012, 18:18 | #8 |
/// Malware-holic | ihavenet.com II Hi, also lesen musst du schon bitte, ich habe jetzt, zum zweiten mal gefragt, ob es alte Logs von Malwarebytes und Spybot gibt, habe dir auch genannt wo sie zu finden sind. Was du gepostet hast, ist ein neues Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.12.2012, 19:02 | #9 |
| ihavenet.com II Sorry, stehe etwas auf dem Schlauch. Du meinst Logs vor der Infektion oder den Log als ich das erste Mal nach der Infektion gescant habe? Ersteres habe ich nicht, letzteres kann ich zumindest bei Malwarebytes morgen nachreichen. Danke für deine Hilfe. Hier ist der Log von Malwarebytes direkt nach der Infektion: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.13.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 teichinger :: PC009 [Administrator] 13.12.2012 11:26:57 mbam-log-2012-12-13 (11-26-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271800 Laufzeit: 5 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
18.12.2012, 16:05 | #10 |
/// Malware-holic | ihavenet.com II Hi weis nicht, wie ichs deutlicher sagen soll, ich hab jetzt einige male geschrieben, was ich will. ich möchte die Berichte sehen, wo es Funde gab. Dann: dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.12.07 11:14:01 | 000,118,784 | RHS- | M] () -- C:\Windows\System32\sk-SKT.dll O4 - HKCU..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" File not found O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found [2012.12.17 07:11:07 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\LYOYQ.job :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.12.2012, 08:22 | #11 |
| ihavenet.com II Hallo, Danke für die Antwort. habe leider keine Berichte mit Funden. Ist auch nicht mein PC, deshalb bin ich auf Aussagen meines Benutzers angewiesen, der natürlich nichts gemacht hat Software wurde als letztes lt. Systemsteuerung installiert: 12.12.12 Adobe Flash Player 11 Plugin 12.12.12. Adobe Flash Player 11 Active X den Rest führe ich jetzt direkt durch. Code:
ATTFilter All processes killed ========== OTL ========== C:\Windows\System32\sk-SKT.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Synchronizer deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully. C:\Windows\Tasks\LYOYQ.job moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: administrator.Domäne User: administrator.Domäne.000 ->Flash cache emptied: 456 bytes User: All Users User: Default User: Default User User: mjahn ->Flash cache emptied: 456 bytes User: Public User: Benutzer ->Flash cache emptied: 24403 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: administrator.Domäne ->Temp folder emptied: 0 bytes User: administrator.Domäne.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 294871 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mjahn ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Benutzer ->Temp folder emptied: 52728191 bytes ->Temporary Internet Files folder emptied: 15701240 bytes ->Java cache emptied: 1280759 bytes ->FireFox cache emptied: 118205745 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17500 bytes RecycleBin emptied: 137618447 bytes Total Files Cleaned = 311,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12192012_082349 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Dateien als Zip im Upload-Channel hochgeladen: Datei: MovedFiles.zip_1 empfangen Vorgang erfolgreich abgeschlossen. **** Hier der Inhalt von GetInfo Code:
ATTFilter System volume information: dwHighDateTime = 0x1cb647d,dwLowDateTime = 0xdc821f4 System32: dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b dwSerialNumber = 0x32c65baf Geändert von Pingo (19.12.2012 um 08:39 Uhr) |
19.12.2012, 14:05 | #12 |
/// Malware-holic | ihavenet.com II Danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu ihavenet.com II |
.com, aktuelle, andere, board, eigenes, einfach, frage, fragen, freitag, google, hallo zusammen, malwarebytes, problem, protection, scan, schutz, seite, seiten, spybot, symantec, virenschutz, weitergeleitet, win, win7, zusammen |