![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Hallo Community, folgendes ist bei meiner/n Freundin/Schwiegereltern passiert: Die Telekom hat einen Brief geschrieben wo drin steht, das über Ihren Internetzugang unerwünschte Zugriffe (Hacking) stattgefunden haben. Eventuell sollen auch Passwörter und sonstige Daten ausgelesen worden sein. Diesen Hinweis hat die Telekom von Sicherheitsexperten bekommen die mit ihnen zusammenarbeiten... Also das Schreiben ist auf jeden Fall echt. Da besteht kein Zweifel... Allerdings weis ich überhaupt nicht wie wir dieses Problem in den griff bekommen sollen. Hier mal ein paar Fakten: - der Haushalt besitzt einen Router wo 3 PCs dranhängen (2x Laptop 1x Tower) - alle Lämpchen am Router (bezüglich Internetverbindung) gehen aus wenn die Geräte abgeschaltet werden, außer beim Tower PC da leuchtet immer die Lampe beim Eingang 4 auch wenn er aus ist, allerdings geht sie aus wenn der Tower vom Netz genommen wird (weis nicht ob das wichtig ist)... - beim Tower hat das Microsoft Vierenprogramm verschiedene Trojaner gefunden (auch einer der Passwörter ausliest!!!) aber leider habe ich dort nicht mehr den Bericht da meine Freundin dies aus er Quarantäne entfernt hat, bei einem 2. Suchdurchlauf hat das Programm aber nix weiter gefunden... - jetzt ein wichtiger Punkt: Beim Laptop meiner Schwiegermutter habe ich gesehen das die IP-Adresse nicht automantisch bezogen wird sondern eine fest eingegebene da stand. Dort habe ich wieder automatisch beziehen lassen. ???kann es sein das die Telekom gedacht hat das dieser PC, der Fremdcomputer war der sich eingeloggt hat??? - beim PC des großvaters denke ich nicht das was los ist da dieser relativ neu und sicher ist... Ich glaube eher das das Problem im PC meiner Freundin Steckt... - Sollte man vom Router die aktuellen Passwörter neu machen? wäre das sinnvol? Wenn ja dann natürlich von einen Vieren freien PC aus... Ich hab den PC meiner Freundin mal mit Malware durchsucht und folgendes gefunden: Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2013.06.05.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Ich :: PC [Administrator] 05.06.2013 23:35:42 mbam-log-2013-06-05 (23-35-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204278 Laufzeit: 10 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ogmosiorl (Trojan.Zbot.FV) -> Daten: "C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Ubog\luuqm.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Ubog\luuqm.exe (Trojan.Zbot.FV) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielleicht kann mir ja jemand helfen... Mfg Florian |
Hi,
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
![]() | #3 |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Hey, Hab OTL scanen lassen und hier sind die beiden Logfiles:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2013 22:36:27 - Run 1 OTL by OldTimer - Version Folder = D:\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 493,71 Mb Available Physical Memory | 48,29% Memory free 2,40 Gb Paging File | 1,97 Gb Available in Paging File | 82,10% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 56,75 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterBase.dll () MOD - C:\Programme\MyTomTom 3\QtGui4.dll () MOD - C:\Programme\MyTomTom 3\QtNetwork4.dll () MOD - C:\Programme\MyTomTom 3\DeviceDetection.dll () MOD - C:\Programme\MyTomTom 3\QtCore4.dll () MOD - C:\Programme\MyTomTom 3\QtXml4.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NTACCESS) -- E:\NTACCESS.sys File not found DRV - (MSICPL) -- E:\install4\MSICPL.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (RSUSBVSTOR) -- C:\WINDOWS\system32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {EE54B545-F474-4220-B58C-47C89A8FB5CF} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie8_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.tu-chemnitz.de/hxxp:// [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\..\SearchScopes,DefaultScope = {EE54B545-F474-4220-B58C-47C89A8FB5CF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1DA15C8F-BEE4-48F7-B234-5DBAE5E310D7}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{3D8A67A8-3223-4DD3-9040-5AB98CBA68A9}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{50454A4B-F594-4162-8358-0812B35C50DE}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE534 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.03.17 15:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: ProductView (Enabled) = C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickFinder Scheduler] D:\Programme\Word Perfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe () O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe () O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) O4 - HKCU..\Run: [BloatFish] C:\Programme\Freetec\BloatFish\BloatFish.Ui.exe File not found O4 - HKCU..\Run: [Fizeokvy] "C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uhpiif\zaucy.exe" File not found O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [Ogmosiorl] "C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Ubog\luuqm.exe" File not found O4 - Startup: C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E898833D-59DB-41CD-AF29-D5F28CC80D51}: DhcpNameServer = O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.12.07 23:21:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.18 17:02:36 | 000,000,084 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.11.20 17:54:30 | 001,003,520 | R--- | M] (JoWooD Software Productions AG) - F:\autorun.exe -- [ CDFS ] O33 - MountPoints2\{e4e86f1a-bfaf-11e2-9424-001a9206c2a5}\Shell - "" = AutoRun O33 - MountPoints2\{e4e86f1a-bfaf-11e2-9424-001a9206c2a5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e4e86f1a-bfaf-11e2-9424-001a9206c2a5}\Shell\AutoRun\command - "" = K:\start.exe O33 - MountPoints2\{e4e86f1c-bfaf-11e2-9424-001a9206c2a5}\Shell - "" = AutoRun O33 - MountPoints2\{e4e86f1c-bfaf-11e2-9424-001a9206c2a5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e4e86f1c-bfaf-11e2-9424-001a9206c2a5}\Shell\AutoRun\command - "" = K:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 22:34:44 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Downloads [2013.05.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\sun [2013.05.27 13:07:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1 [2013.05.27 12:52:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.26 14:54:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JoWooD [2013.05.26 14:52:00 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD [2013.05.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2013.05.08 10:29:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Zyego [2013.05.08 10:29:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Ubog [2013.05.08 10:29:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Arhui [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.06 22:32:56 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater Ui.job [2013.06.06 22:32:50 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater.job [2013.06.06 22:32:38 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk [2013.06.06 22:32:36 | 000,000,053 | ---- | M] () -- C:\biosinfo [2013.06.06 22:32:25 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.06 22:32:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.06 17:01:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2013.06.06 17:01:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2013.06.06 16:06:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.06 14:04:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2013.06.06 14:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2013.06.06 11:31:02 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.06.05 23:12:06 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.06.05 23:08:34 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.05 20:40:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2013.06.05 10:10:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013.06.05 09:50:51 | 000,013,714 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.30 17:49:40 | 000,015,360 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.28 09:11:27 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.27 13:13:21 | 000,000,842 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:47 | 152,249,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:44:40 | 000,017,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.21 20:00:14 | 000,434,808 | ---- | M] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:05 | 000,905,386 | ---- | M] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | M] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.15 23:20:17 | 000,449,236 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 23:20:17 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 23:20:17 | 000,080,544 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 23:20:17 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 23:18:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.05 23:08:34 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 13:13:21 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:18 | 152,249,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:43:23 | 000,017,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.22 11:15:47 | 000,001,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.05.21 20:00:14 | 000,434,808 | ---- | C] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:04 | 000,905,386 | ---- | C] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | C] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.03 10:30:12 | 000,002,588 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.03.17 21:10:54 | 000,143,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.07.15 14:03:35 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2012.04.18 16:51:34 | 008,001,536 | ---- | C] () -- C:\Programme\vpnclient-win-msi- [2012.03.08 11:10:05 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.16 14:41:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.tif [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.dat [2011.12.28 21:52:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2011.12.28 21:48:48 | 000,020,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.28 21:48:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.28 21:48:42 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.28 19:05:41 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2011.12.14 22:22:56 | 000,061,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JPR.{PB [2011.12.14 22:22:56 | 000,012,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JCM.{PB [2011.12.14 22:17:19 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2011.12.14 22:17:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\IniFile1.ini [2011.12.07 23:55:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2011.12.07 23:53:36 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2011.12.07 23:53:34 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2011.12.07 23:53:33 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2011.12.07 23:53:33 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2011.12.07 23:53:33 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe [2011.12.07 23:53:33 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2011.12.07 23:53:33 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2011.12.07 23:53:32 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe [2011.12.07 23:53:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe [2011.12.07 23:23:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.07 23:18:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.07 23:08:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.07 23:05:37 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.03.23 13:30:34 | 000,001,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\sig.dat [2010.03.23 13:30:30 | 000,051,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_jp.mst [2010.03.23 13:30:26 | 010,400,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.msi [2010.03.23 13:30:26 | 000,051,200 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_fc.mst [2010.03.23 13:30:24 | 000,001,055 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.ini [2010.03.23 13:30:24 | 000,000,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.sms [2010.03.23 13:30:24 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.pdf [2010.03.23 13:30:22 | 000,056,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.exe [2010.03.23 13:16:14 | 000,221,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\installservice.exe [2010.03.23 13:15:46 | 000,016,505 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\DelayInst.exe ========== ZeroAccess Check ========== [2011.12.12 22:41:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.06.2013 22:36:28 - Run 1 OTL by OldTimer - Version Folder = D:\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 493,71 Mb Available Physical Memory | 48,29% Memory free 2,40 Gb Paging File | 1,97 Gb Available in Paging File | 82,10% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 56,75 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,57 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\PTC\PVX\i486_nt\obj\productview.exe" = C:\Programme\PTC\PVX\i486_nt\obj\productview.exe:*:Enabled:ProductView Express -- (PTC) "C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\nms\nmsd.exe" = C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\nms\nmsd.exe:*:Enabled:Creo Elements/Pro from PTC "C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\obj\xtop.exe" = C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\obj\xtop.exe:*:Enabled:Creo Elements/Pro from PTC "C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\Creo Elements\Pro Schools Edition\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Creo Elements/Pro from PTC "C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) "C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M010 Help "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{244EA3CA-CE47-4C32-907D-12BA360B8F89}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{379AE12A-424D-4A33-9A42-E83C1D3A8896}" = Studie zur Verbesserung von HP Photosmart 5510d series Produkten "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{56CE91CC-92EC-4B0E-98B7-3D0F6AD6C4C5}" = Mathcad 14.0 M010 "{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}" = Vokabeltrainer-Update 6.0.18 "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{685A89CB-DF27-42D6-A623-34F40DBBFFB2}" = Origin90 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{733B66AD-B771-4FA6-8DBF-765B820CC0EB}" = Langenscheidt Vokabeltrainer 6.0 Englisch "{84DD9D8F-7D12-4771-B537-CDEAB9157A9C}" = Creo Thumbnail Viewer 1.0 "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D829ECBD-F4C7-40B2-BF9A-9A7F0332D0A1}" = ProductView Express 9.1 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Hilfe "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M010 Resource Center "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F24F876B-7D71-4BD6-88E9-614D3BB84221}" = Alcor Micro Smart Card Reader Driver "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DPP" = Canon Utilities Digital Photo Professional 3.10 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "GIMP-2_is1" = GIMP 2.8.4 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "ie8" = Windows Internet Explorer 8 "InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Kao - 2nd round" = Kao - 2nd round "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyTomTom" = MyTomTom "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "SZCCID" = Alcor Micro Smart Card Reader Driver "VLC media player" = VLC media player 1.1.11 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.05.2013 11:00:02 | Computer Name = PC | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application softwareupdater.ui.exe, version, stamp 517aaaed, faulting module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address 0x0010ad96. Error - 24.05.2013 03:09:04 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.23487, Fehleradresse 0x0029dd0c. Error - 27.05.2013 06:57:26 | Computer Name = PC | Source = MsiInstaller | ID = 1013 Description = Produkt: OpenOffice.org 3.4.1 -- Bitte beenden Sie OpenOffice.org 3.4.1 und den OpenOffice.org 3.4.1-Schnellstarter, bevor Sie fortfahren. Falls Sie ein Mehrbenutzersystem benutzen, stellen Sie sicher, dass kein anderer Nutzer OpenOffice.org 3.4.1 geöffnet hat. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 30.05.2013 11:39:42 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 15:07:33 | Computer Name = PC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 msi6.tmp, P2, P3 50ab88a9, P4 mscorlib, P5, P6 5040540e, P7 3451, P8 119, P9 system.io.directorynotfound, P10 NIL. Error - 05.06.2013 17:13:24 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:28:04 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:31:34 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 06.06.2013 16:32:17 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp Line: 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 06.06.2013 16:32:17 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp Line: 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 06.06.2013 16:32:17 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp Line: 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 06.06.2013 16:32:34 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 06.06.2013 16:32:35 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 06.06.2013 16:32:36 | Computer Name = PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1351 NULL object. Cannot establish a connection at this time. Error - 06.06.2013 16:32:36 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 06.06.2013 16:37:16 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 06.06.2013 16:37:16 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 06.06.2013 16:37:16 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ System Events ] Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 18:29:30 | Computer Name = PC | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 05.06.2013 18:29:37 | Computer Name = PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCIIde ViaIde < End of report > Gruß Florian |
Hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Hallo, ich habe combofix ausgeführt und hier ist das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-07.03 - Ich 07.06.2013 20:20:05.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.561 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Ich\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\Ich\DelayInst.exe c:\dokumente und einstellungen\Ich\installservice.exe c:\programme\vpnclient-win-msi- c:\windows\system32\WinSys.exe c:\windows\Temp\tmp3.tmp D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-07 bis 2013-06-07 )))))))))))))))))))))))))))))) . . 2013-06-07 16:22 . 2013-06-07 16:22 60872 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{4843CC16-1F0A-4AA8-AC55-4617D1993FD3}\offreg.dll 2013-06-07 16:22 . 2013-06-07 16:22 29904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{4843CC16-1F0A-4AA8-AC55-4617D1993FD3}\MpKsla3ae8b5c.sys 2013-06-07 16:14 . 2013-05-13 06:19 7016152 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{4843CC16-1F0A-4AA8-AC55-4617D1993FD3}\mpengine.dll 2013-06-06 09:31 . 2013-05-13 06:19 7016152 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-26 12:56 . 2013-05-26 12:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2013-05-26 12:52 . 2013-05-26 12:52 -------- d-----w- c:\programme\JoWooD 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 15:28 . 2011-12-16 21:40 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-16 22:16 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:28 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2011-12-14 19:21 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 12:50 . 2012-05-06 07:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-26 15:43 . 2013-03-26 15:43 11152 ----a-w- c:\windows\system32\vpncategories.dll 2013-03-26 15:43 . 2013-03-26 15:43 34192 ----a-w- c:\windows\system32\vpnevents.dll 2013-03-26 15:24 . 2013-03-26 15:24 23976 ----a-w- c:\windows\system32\drivers\vpnva.sys 2013-03-26 15:18 . 2013-01-13 13:46 58320 ----a-r- c:\windows\system32\drivers\acsmux.sys 2013-03-26 15:18 . 2013-01-13 13:46 39888 ----a-r- c:\windows\system32\drivers\acsint.sys 2013-03-17 13:20 . 2013-03-17 13:20 69632 ----a-r- c:\dokumente und einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}\ARPPRODUCTICON.exe 2013-03-17 13:20 . 2013-03-17 13:20 49152 ----a-r- c:\dokumente und einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}] 2011-05-11 15:36 163936 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTomTomSA.exe"="c:\programme\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-29 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "nwiz"="nwiz.exe" [2007-04-12 1626112] "SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896] "SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632] "WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "QuickFinder Scheduler"="d:\programme\Word Perfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 352256] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552] "MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888] "MailCheck IE Broker"="c:\programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2013-03-15 1430592] "CorelDRAW Graphics Suite 11b"="c:\programme\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\dokumente und einstellungen\Ich\Startmenü\Programme\Autostart\ OpenOffice.org 3.4.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk - c:\windows\system32\RunDll32.exe [2004-8-4 33792] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\PTC\\PVX\\i486_nt\\obj\\productview.exe"= . R1 MpKsla3ae8b5c;MpKsla3ae8b5c;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{4843CC16-1F0A-4AA8-AC55-4617D1993FD3}\MpKsla3ae8b5c.sys [07.06.2013 18:22 29904] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [26.03.2013 17:43 555408] S2 SystemStoreService;System Store;c:\programme\SoftwareUpdater\SystemStore.exe [17.03.2013 15:14 296448] S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [13.01.2013 15:46 39888] S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [13.01.2013 15:46 58320] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUVStor.sys [01.05.2013 13:28 215144] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MPKSLA3AE8B5C . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-05 21:06 1165776 ----a-w- c:\programme\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-05 c:\windows\Tasks\At1.job - c:\programme\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 10:57] . 2013-06-05 c:\windows\Tasks\At2.job - c:\programme\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 10:57] . 2013-06-06 c:\windows\Tasks\At3.job - c:\programme\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 10:57] . 2013-06-06 c:\windows\Tasks\At4.job - c:\programme\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 10:57] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2013-04-29 17:56] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2013-04-29 17:56] . 2013-06-07 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Photo Creations\Communicator.exe [2012-09-26 09:28] . 2013-06-07 c:\windows\Tasks\HP Photo Creations Messager.job - c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2013-06-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\programme\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11] . 2013-06-07 c:\windows\Tasks\Software Updater Ui.job - c:\programme\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-03-17 07:12] . 2013-06-07 c:\windows\Tasks\Software Updater.job - c:\programme\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-03-13 16:45] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\programme\GMX MailCheck\IE\GMX_MailCheck.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-Fizeokvy - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Uhpiif\zaucy.exe HKCU-Run-BloatFish - c:\programme\Freetec\BloatFish\BloatFish.Ui.exe HKCU-Run-Ogmosiorl - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Ubog\luuqm.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-06-07 20:27 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,5d,88,00,09,d9,17,4a,be,0a,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,5d,88,00,09,d9,17,4a,be,0a,6c,\ . Zeit der Fertigstellung: 2013-06-07 20:30:01 ComboFix-quarantined-files.txt 2013-06-07 18:29 . Vor Suchlauf: 5 Verzeichnis(se), 60.807.405.568 Bytes frei Nach Suchlauf: 6 Verzeichnis(se), 63.214.444.544 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 48FD66B018C2E22BA42A067190A798B6 72B8CE41AF0DE751C946802B3ED844B4 [/QUOTE] Gruß Florian |
Downloade Dir bitte
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ --> Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Hallo, wollte nur kurz bescheid geben das ich dran bin! |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Alles klar.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking So, sorry das sich das bei mir so hinzieht, bin diese Woche ganz schön verplant gewesen... Hier die gewünschten Logs ![]() Adwcleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 09/06/2013 um 20:19:00 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Ich - PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Ich\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer Ordner Gelöscht : C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Babylon Ordner Gelöscht : C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\5a68bd8e138e442 Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\SOFTWARE\5a68bd8e138e442 Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v27.0.1453.110 Datei : C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1875 octets] - [09/06/2013 20:19:00] ########## EOF - C:\AdwCleaner[S1].txt - [1935 octets] ########## JRT: Zitat:
OTL 1: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2013 20:25:00 - Run 3 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 642,21 Mb Available Physical Memory | 62,81% Memory free 2,40 Gb Paging File | 2,11 Gb Available in Paging File | 87,80% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 58,83 Gb Free Space | 73,54% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,56 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) ========== Modules (No Company Name) ========== MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterBase.dll () MOD - C:\Programme\MyTomTom 3\QtGui4.dll () MOD - C:\Programme\MyTomTom 3\QtNetwork4.dll () MOD - C:\Programme\MyTomTom 3\DeviceDetection.dll () MOD - C:\Programme\MyTomTom 3\QtCore4.dll () MOD - C:\Programme\MyTomTom 3\QtXml4.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NTACCESS) -- E:\NTACCESS.sys File not found DRV - (MSICPL) -- E:\install4\MSICPL.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Ich\LOKALE~1\Temp\catchme.sys File not found DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (RSUSBVSTOR) -- C:\WINDOWS\system32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\..\SearchScopes,DefaultScope = {EE54B545-F474-4220-B58C-47C89A8FB5CF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1DA15C8F-BEE4-48F7-B234-5DBAE5E310D7}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{3D8A67A8-3223-4DD3-9040-5AB98CBA68A9}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{50454A4B-F594-4162-8358-0812B35C50DE}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE534 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.03.17 15:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: ProductView (Enabled) = C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.06.07 20:27:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickFinder Scheduler] D:\Programme\Word Perfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe () O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe () O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E898833D-59DB-41CD-AF29-D5F28CC80D51}: DhcpNameServer = O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.12.07 23:21:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.18 17:02:36 | 000,000,084 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.11.20 17:54:30 | 001,003,520 | R--- | M] (JoWooD Software Productions AG) - F:\autorun.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 20:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.06.09 20:21:48 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.09 20:13:06 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Ich\Desktop\JRT.exe [2013.06.09 12:26:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2013.06.07 20:18:32 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.06.07 20:14:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.06.07 20:14:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.06.07 20:14:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.06.07 20:14:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.06.07 20:14:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Verwaltung [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- D:\Eigene Dateien\Eigene Videos [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.06.07 20:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.06.07 20:11:05 | 005,078,746 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Ich\Desktop\ComboFix.exe [2013.06.06 22:34:44 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Downloads [2013.05.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\sun [2013.05.27 13:07:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1 [2013.05.27 12:52:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.26 14:54:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JoWooD [2013.05.26 14:52:00 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD [2013.05.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 20:21:08 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater Ui.job [2013.06.09 20:21:07 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater.job [2013.06.09 20:21:01 | 000,000,053 | ---- | M] () -- C:\biosinfo [2013.06.09 20:20:53 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk [2013.06.09 20:20:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.09 20:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.09 20:06:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 20:01:21 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2013.06.09 20:01:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2013.06.09 17:55:56 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.06.09 14:10:14 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Ich\Desktop\JRT.exe [2013.06.09 14:09:34 | 000,648,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\adwcleaner.exe [2013.06.09 14:04:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2013.06.09 14:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2013.06.09 11:59:54 | 000,013,714 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.07 20:27:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.06.07 20:18:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.06.07 20:09:48 | 005,078,746 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Ich\Desktop\ComboFix.exe [2013.06.06 22:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2013.06.05 23:12:06 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.06.05 23:08:34 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.05 20:40:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2013.06.05 10:10:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013.05.30 17:49:40 | 000,015,360 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.28 09:11:27 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.27 13:13:21 | 000,000,842 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:47 | 152,249,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:44:40 | 000,017,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.21 20:00:14 | 000,434,808 | ---- | M] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:05 | 000,905,386 | ---- | M] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | M] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.15 23:20:17 | 000,449,236 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 23:20:17 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 23:20:17 | 000,080,544 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 23:20:17 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 23:18:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 20:13:06 | 000,648,201 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\adwcleaner.exe [2013.06.07 20:18:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.06.07 20:18:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.06.07 20:14:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.06.07 20:14:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.06.07 20:14:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.06.07 20:14:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.06.07 20:14:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.06.05 23:08:34 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 13:13:21 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:18 | 152,249,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:43:23 | 000,017,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.22 11:15:47 | 000,001,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.05.21 20:00:14 | 000,434,808 | ---- | C] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:04 | 000,905,386 | ---- | C] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | C] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.03 10:30:12 | 000,002,588 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.03.17 21:10:54 | 000,143,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.07.15 14:03:35 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2012.03.08 11:10:05 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.16 14:41:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.tif [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.dat [2011.12.28 21:52:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2011.12.28 21:48:48 | 000,020,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.28 21:48:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.28 21:48:42 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.28 19:05:41 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2011.12.14 22:22:56 | 000,061,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JPR.{PB [2011.12.14 22:22:56 | 000,012,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JCM.{PB [2011.12.14 22:17:19 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2011.12.14 22:17:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\IniFile1.ini [2011.12.07 23:55:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2011.12.07 23:53:36 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2011.12.07 23:53:34 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2011.12.07 23:53:33 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2011.12.07 23:53:33 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2011.12.07 23:53:33 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2011.12.07 23:53:33 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2011.12.07 23:53:32 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe [2011.12.07 23:53:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe [2011.12.07 23:23:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.07 23:18:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.07 23:08:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.07 23:05:37 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.03.23 13:30:34 | 000,001,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\sig.dat [2010.03.23 13:30:30 | 000,051,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_jp.mst [2010.03.23 13:30:26 | 010,400,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.msi [2010.03.23 13:30:26 | 000,051,200 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_fc.mst [2010.03.23 13:30:24 | 000,001,055 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.ini [2010.03.23 13:30:24 | 000,000,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.sms [2010.03.23 13:30:24 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.pdf [2010.03.23 13:30:22 | 000,056,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.exe ========== ZeroAccess Check ========== [2011.12.12 22:41:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL 2: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 20:25:01 - Run 3 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 642,21 Mb Available Physical Memory | 62,81% Memory free 2,40 Gb Paging File | 2,11 Gb Available in Paging File | 87,80% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 58,83 Gb Free Space | 73,54% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,56 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\PTC\PVX\i486_nt\obj\productview.exe" = C:\Programme\PTC\PVX\i486_nt\obj\productview.exe:*:Enabled:ProductView Express -- (PTC) "C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) "C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M010 Help "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{244EA3CA-CE47-4C32-907D-12BA360B8F89}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{379AE12A-424D-4A33-9A42-E83C1D3A8896}" = Studie zur Verbesserung von HP Photosmart 5510d series Produkten "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{56CE91CC-92EC-4B0E-98B7-3D0F6AD6C4C5}" = Mathcad 14.0 M010 "{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}" = Vokabeltrainer-Update 6.0.18 "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{685A89CB-DF27-42D6-A623-34F40DBBFFB2}" = Origin90 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{733B66AD-B771-4FA6-8DBF-765B820CC0EB}" = Langenscheidt Vokabeltrainer 6.0 Englisch "{84DD9D8F-7D12-4771-B537-CDEAB9157A9C}" = Creo Thumbnail Viewer 1.0 "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D829ECBD-F4C7-40B2-BF9A-9A7F0332D0A1}" = ProductView Express 9.1 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Hilfe "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M010 Resource Center "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F24F876B-7D71-4BD6-88E9-614D3BB84221}" = Alcor Micro Smart Card Reader Driver "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DPP" = Canon Utilities Digital Photo Professional 3.10 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "GIMP-2_is1" = GIMP 2.8.4 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "ie8" = Windows Internet Explorer 8 "InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Kao - 2nd round" = Kao - 2nd round "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyTomTom" = MyTomTom "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "SZCCID" = Alcor Micro Smart Card Reader Driver "VLC media player" = VLC media player 1.1.11 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.05.2013 03:09:04 | Computer Name = PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.23487, Fehleradresse 0x0029dd0c. Error - 27.05.2013 06:57:26 | Computer Name = PC | Source = MsiInstaller | ID = 1013 Description = Produkt: OpenOffice.org 3.4.1 -- Bitte beenden Sie OpenOffice.org 3.4.1 und den OpenOffice.org 3.4.1-Schnellstarter, bevor Sie fortfahren. Falls Sie ein Mehrbenutzersystem benutzen, stellen Sie sicher, dass kein anderer Nutzer OpenOffice.org 3.4.1 geöffnet hat. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 30.05.2013 11:39:42 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 15:07:33 | Computer Name = PC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 msi6.tmp, P2, P3 50ab88a9, P4 mscorlib, P5, P6 5040540e, P7 3451, P8 119, P9 system.io.directorynotfound, P10 NIL. Error - 05.06.2013 17:13:24 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:28:04 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:31:34 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 07.06.2013 14:12:20 | Computer Name = PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 09.06.2013 14:20:44 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::Run File: .\MainThread.cpp Line: 385 Invoked Function: CMainThread::RestoreHostConfigToPreAuthConditions Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 09.06.2013 14:20:44 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182 Invoked Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description: WINDOWS_ERROR_CODE Error - 09.06.2013 14:20:44 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp Line: 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 09.06.2013 14:20:52 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 09.06.2013 14:20:52 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 09.06.2013 14:20:52 | Computer Name = PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1351 NULL object. Cannot establish a connection at this time. Error - 09.06.2013 14:21:04 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 09.06.2013 14:25:44 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 09.06.2013 14:25:44 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 09.06.2013 14:25:44 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ System Events ] Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 18:29:30 | Computer Name = PC | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 05.06.2013 18:29:37 | Computer Name = PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCIIde ViaIde < End of report > Gruß Florian |
Noch Probleme? ESET Online Scanner
Downloade Dir bitte ![]()
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Abend, direkt Probleme hatte ich nicht... Es war eher mehr das "Schreiben" der Telekom (wo am 31. Mai ein Unerwünschter Zugriff stattgefunden haben soll) was mich aufmeksam gemacht hat, und dann beim scannen mit Anti Malware habe ich auch gleich was gefunden... Bin gerade dabei mit Eset zu scannen. Dauert ganz schön lang... Ich denke Ich werd erst morgen Abend die Auswertung der 3 Scanner Posten. Schönen Abend noch! |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Alles klar ![]()
![]() | #13 | ||
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking Hallo! Hab jetzt alle Scanner scannen lassen und Eset hat 5 Sachen auf einer Extern angeschlossenen Platte gefunden (denk ich zumindest...). Nur als Info, den Autorun hab ich komplett abgestellt da sich darüber ja gern mal Vieren einschleichen... Und hier die Logs: ESET Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2013 19:03:29 - Run 4 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 551,78 Mb Available Physical Memory | 53,97% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 58,43 Gb Free Space | 73,05% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,56 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 232,82 Gb Total Space | 68,81 Gb Free Space | 29,56% Space Free | Partition Type: FAT32 Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll () MOD - C:\Programme\MyTomTom 3\TomTomSupporterBase.dll () MOD - C:\Programme\MyTomTom 3\QtGui4.dll () MOD - C:\Programme\MyTomTom 3\QtNetwork4.dll () MOD - C:\Programme\MyTomTom 3\DeviceDetection.dll () MOD - C:\Programme\MyTomTom 3\QtCore4.dll () MOD - C:\Programme\MyTomTom 3\QtXml4.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\WINDOWS\system32\nvshell.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NTACCESS) -- E:\NTACCESS.sys File not found DRV - (MSICPL) -- E:\install4\MSICPL.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Ich\LOKALE~1\Temp\catchme.sys File not found DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (RSUSBVSTOR) -- C:\WINDOWS\system32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron ) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\..\SearchScopes,DefaultScope = {EE54B545-F474-4220-B58C-47C89A8FB5CF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1DA15C8F-BEE4-48F7-B234-5DBAE5E310D7}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{3D8A67A8-3223-4DD3-9040-5AB98CBA68A9}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{50454A4B-F594-4162-8358-0812B35C50DE}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{EE54B545-F474-4220-B58C-47C89A8FB5CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE534 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.03.17 15:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Visan\plugins\npRLSecurePluginLayer.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: ProductView (Enabled) = C:\Programme\Gemeinsame Dateien\PTC\np6_pvapplite9.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.06.07 20:27:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickFinder Scheduler] D:\Programme\Word Perfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe () O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe () O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E898833D-59DB-41CD-AF29-D5F28CC80D51}: DhcpNameServer = O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2011.12.07 23:21:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.18 17:02:36 | 000,000,084 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.11.20 17:54:30 | 001,003,520 | R--- | M] (JoWooD Software Productions AG) - F:\autorun.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 19:03:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.06.10 19:54:34 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.06.10 19:53:21 | 002,347,384 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Ich\Desktop\esetsmartinstaller_enu.exe [2013.06.09 20:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.06.09 20:21:48 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.09 20:13:06 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Ich\Desktop\JRT.exe [2013.06.09 12:26:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2013.06.07 20:18:32 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.06.07 20:14:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.06.07 20:14:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.06.07 20:14:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.06.07 20:14:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.06.07 20:14:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Verwaltung [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- D:\Eigene Dateien\Eigene Videos [2013.06.07 20:14:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.06.07 20:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.06.07 20:11:05 | 005,078,746 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Ich\Desktop\ComboFix.exe [2013.06.06 22:34:44 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Downloads [2013.05.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\sun [2013.05.27 13:07:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.4.1 [2013.05.27 12:52:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.26 14:54:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JoWooD [2013.05.26 14:52:00 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD [2013.05.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 19:06:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.11 19:01:41 | 000,890,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\SecurityCheck.exe [2013.06.11 19:01:02 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2013.06.11 19:01:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2013.06.11 18:57:20 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater Ui.job [2013.06.11 18:57:13 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater.job [2013.06.11 18:57:05 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk [2013.06.11 18:57:01 | 000,000,053 | ---- | M] () -- C:\biosinfo [2013.06.11 18:56:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 18:56:37 | 000,013,714 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.11 18:56:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.11 14:04:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2013.06.11 14:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2013.06.11 10:10:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013.06.10 20:40:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2013.06.10 19:53:04 | 002,347,384 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Ich\Desktop\esetsmartinstaller_enu.exe [2013.06.10 18:22:29 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.06.09 14:10:14 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Ich\Desktop\JRT.exe [2013.06.09 14:09:34 | 000,648,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\adwcleaner.exe [2013.06.07 20:27:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.06.07 20:18:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.06.07 20:09:48 | 005,078,746 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Ich\Desktop\ComboFix.exe [2013.06.06 22:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe [2013.06.05 23:12:06 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.06.05 23:08:34 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.30 17:49:40 | 000,015,360 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.28 09:11:27 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.27 13:13:21 | 000,000,842 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:47 | 152,249,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:44:40 | 000,017,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.21 20:00:14 | 000,434,808 | ---- | M] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:05 | 000,905,386 | ---- | M] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | M] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.15 23:20:17 | 000,449,236 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 23:20:17 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 23:20:17 | 000,080,544 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 23:20:17 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 23:18:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 19:01:43 | 000,890,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\SecurityCheck.exe [2013.06.09 20:13:06 | 000,648,201 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\adwcleaner.exe [2013.06.07 20:18:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.06.07 20:18:33 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.06.07 20:14:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.06.07 20:14:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.06.07 20:14:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.06.07 20:14:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.06.07 20:14:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.06.05 23:08:34 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 13:13:21 | 000,000,842 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk [2013.05.27 13:07:54 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.27 13:01:18 | 152,249,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.26 14:56:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2013.05.26 14:54:31 | 000,001,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kao - 2nd round.lnk [2013.05.23 08:43:23 | 000,017,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\returnLabel-1265686.pdf [2013.05.22 11:15:47 | 000,001,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.05.21 20:00:14 | 000,434,808 | ---- | C] () -- D:\Eigene Dateien\Daimler_Stellenanzeige.pdf [2013.05.21 19:59:04 | 000,905,386 | ---- | C] () -- D:\Eigene Dateien\irland2.jpg [2013.05.21 19:57:16 | 000,946,584 | ---- | C] () -- D:\Eigene Dateien\irland.jpg [2013.05.21 16:26:26 | 000,000,452 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Verknüpfung mit Canon EOS 600D.lnk [2013.05.03 10:30:12 | 000,002,588 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2013.03.17 21:10:54 | 000,143,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.07.15 14:03:35 | 000,000,057 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2012.03.08 11:10:05 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.16 14:41:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.tif [2012.02.16 12:05:40 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ich\hpothb07.dat [2011.12.28 21:52:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2011.12.28 21:48:48 | 000,020,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.28 21:48:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011.12.28 21:48:42 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.28 19:05:41 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2011.12.14 22:22:56 | 000,061,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JPR.{PB [2011.12.14 22:22:56 | 000,012,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PFP110JCM.{PB [2011.12.14 22:17:19 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2011.12.14 22:17:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\IniFile1.ini [2011.12.07 23:55:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2011.12.07 23:53:36 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2011.12.07 23:53:34 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2011.12.07 23:53:33 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2011.12.07 23:53:33 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2011.12.07 23:53:33 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2011.12.07 23:53:33 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2011.12.07 23:53:32 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe [2011.12.07 23:53:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe [2011.12.07 23:23:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.07 23:18:08 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.07 23:08:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.07 23:05:37 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.03.23 13:30:34 | 000,001,073 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\sig.dat [2010.03.23 13:30:30 | 000,051,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_jp.mst [2010.03.23 13:30:26 | 010,400,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.msi [2010.03.23 13:30:26 | 000,051,200 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_fc.mst [2010.03.23 13:30:24 | 000,001,055 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.ini [2010.03.23 13:30:24 | 000,000,819 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.sms [2010.03.23 13:30:24 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.pdf [2010.03.23 13:30:22 | 000,056,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\vpnclient_setup.exe ========== ZeroAccess Check ========== [2011.12.12 22:41:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 19:03:29 - Run 4 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Ich\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 551,78 Mb Available Physical Memory | 53,97% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 58,43 Gb Free Space | 73,05% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 119,56 Gb Free Space | 79,71% Space Free | Partition Type: NTFS Drive F: | 695,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 232,82 Gb Total Space | 68,81 Gb Free Space | 29,56% Space Free | Partition Type: FAT32 Computer Name: PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\PTC\PVX\i486_nt\obj\productview.exe" = C:\Programme\PTC\PVX\i486_nt\obj\productview.exe:*:Enabled:ProductView Express -- (PTC) "C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) "C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP Photosmart 5510d series) -- (Hewlett-Packard Co.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M010 Help "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{244EA3CA-CE47-4C32-907D-12BA360B8F89}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{379AE12A-424D-4A33-9A42-E83C1D3A8896}" = Studie zur Verbesserung von HP Photosmart 5510d series Produkten "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{56CE91CC-92EC-4B0E-98B7-3D0F6AD6C4C5}" = Mathcad 14.0 M010 "{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}" = Vokabeltrainer-Update 6.0.18 "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{685A89CB-DF27-42D6-A623-34F40DBBFFB2}" = Origin90 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{733B66AD-B771-4FA6-8DBF-765B820CC0EB}" = Langenscheidt Vokabeltrainer 6.0 Englisch "{84DD9D8F-7D12-4771-B537-CDEAB9157A9C}" = Creo Thumbnail Viewer 1.0 "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D829ECBD-F4C7-40B2-BF9A-9A7F0332D0A1}" = ProductView Express 9.1 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Hilfe "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M010 Resource Center "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F24F876B-7D71-4BD6-88E9-614D3BB84221}" = Alcor Micro Smart Card Reader Driver "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DPP" = Canon Utilities Digital Photo Professional 3.10 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "GIMP-2_is1" = GIMP 2.8.4 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "ie8" = Windows Internet Explorer 8 "InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Kao - 2nd round" = Kao - 2nd round "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "MyTomTom" = MyTomTom "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "SZCCID" = Alcor Micro Smart Card Reader Driver "VLC media player" = VLC media player 1.1.11 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.05.2013 06:57:26 | Computer Name = PC | Source = MsiInstaller | ID = 1013 Description = Produkt: OpenOffice.org 3.4.1 -- Bitte beenden Sie OpenOffice.org 3.4.1 und den OpenOffice.org 3.4.1-Schnellstarter, bevor Sie fortfahren. Falls Sie ein Mehrbenutzersystem benutzen, stellen Sie sicher, dass kein anderer Nutzer OpenOffice.org 3.4.1 geöffnet hat. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 27.05.2013 12:01:27 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 30.05.2013 11:39:42 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 15:07:33 | Computer Name = PC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 msi6.tmp, P2, P3 50ab88a9, P4 mscorlib, P5, P6 5040540e, P7 3451, P8 119, P9 system.io.directorynotfound, P10 NIL. Error - 05.06.2013 17:13:24 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:28:04 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 05.06.2013 17:31:34 | Computer Name = PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung mbam.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 07.06.2013 14:12:20 | Computer Name = PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 10.06.2013 13:52:04 | Computer Name = PC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 11.06.2013 12:56:41 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp Line: 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 11.06.2013 12:56:41 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp Line: 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 11.06.2013 12:56:41 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp Line: 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED Error - 11.06.2013 12:57:00 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 11.06.2013 12:57:01 | Computer Name = PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 11.06.2013 12:57:02 | Computer Name = PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 11.06.2013 12:57:02 | Computer Name = PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1351 NULL object. Cannot establish a connection at this time. Error - 11.06.2013 13:01:41 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 11.06.2013 13:01:41 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 11.06.2013 13:01:41 | Computer Name = PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ System Events ] Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 15:08:21 | Computer Name = PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 05.06.2013 18:29:30 | Computer Name = PC | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 05.06.2013 18:29:37 | Computer Name = PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCIIde ViaIde < End of report > Gruß Florian |
Java und Adobe bitte updaten. Fixen mit OTL
ATTFilter :files C:\WINDOWS\tasks\At*.job :commands [emptytemp]
Noch Probleme? ![]()
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() | ![]() Trojaner/ Telekom schreibt Brief mit verdacht auf HackingZitat:
Oder meinst du das im Bezug auf das Ganze System... Denn da hab ich den nicht geändert... |
