| |
| |||||||
Log-Analyse und Auswertung: Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert SystemstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.06.2013, 06:04
| #1 |
| |  Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart Hallo zusammen, ich bin seit kurzem von einem Rootkit/Virus befallen. Ich denke die Ursache war, dass ich eine veraltete Version von Firefox benutzte, bei der sich auch von selbst eine Toolbar installierte etc. Ich hatte gerade schon alle Logs etc. für einen ausführlichen Bericht hier in dem Forum zusammengestellt, da fand ich mit dem Kaspersky Rootkit Detektor den (vermeindlich) einzigen Rootkit und konnte ihn auch löschen. Leider habe ich die Symptome jetzt immernoch, weshalb ich nun trtzdem alle Logs nochmal ausgeführt hab und um eure Hilfe bitte: Symthome sind: Selbstständiges Aufrufen von irgendwelchen Webseiten (werden durch Malwarebytes geblockt) Aufrufen von irgendwelchen Webseiten wenn ich auch Google-Suchergebnisse klicke (das worauf ich klicke wird nicht angezeigt sondern ich werde gleich zu einer anderen Seite verlinkt) Ungewollte Tastaturbefehle/Mausbefehle (ihr habt keine Ahnung was es für ein Aufwand ist, das hier gerade zu schreiben, der hüpft die ganze Zeit hier rum und klickt andauernd) Ausführen von allen Startdiensten (Wenn ich die Häckchen rausmache, sagt er ich wöre kein Amin, laut Systemsteuerung bin ich das aber noch) Wenn ich den laptop zumache (Deckel schließe), fährt er in Standbye, fäht aber danach nicht wieder hoch. Scheint also wirklich doch was heftigeres zu sein... AntiVir und Co finden hier nichts (mehr). Ich hatte zwar schon einige Funde und habe diese beseitigt, aber das Problem besteht noch immer. Deshalb hier nun die Logs, wie gewünscht dazwischen reboot gemacht. Bin über jede Hilfe dankbar weil ich mit mienem latein echt am Ende bin. Danke und viele Grüße blackhawkkk Hier die Log Files: defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:48 on 05/06/2013 (XXXXXX) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL LOG: OTL logfile created on: 05.06.2013 20:48:58 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\XXXXXX\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 67,44% Memory free 5,32 Gb Paging File | 4,08 Gb Available in Paging File | 76,73% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465,75 Gb Total Space | 369,89 Gb Free Space | 79,42% Space Free | Partition Type: NTFS Drive P: | 465,75 Gb Total Space | 369,89 Gb Free Space | 79,42% Space Free | Partition Type: *NT5CSC Computer Name: CMBTLS111363 | User Name: XXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.05 12:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe PRC - [2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Daten\Programme\Mozilla Firefox 21\firefox.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe PRC - [2012.11.03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe PRC - [2011.07.04 01:39:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE PRC - [2011.07.04 01:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe PRC - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2011.07.04 01:39:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2011.04.04 11:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.10.29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.12.03 05:35:48 | 001,313,792 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\HardCopy\hardcopy.exe PRC - [2009.08.04 05:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.02.09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe PRC - [2006.02.09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe PRC - [2004.01.15 18:19:26 | 000,024,576 | --S- | M] (ITA Systemhaus GmbH) -- c:\Program Files\ITA\SWI-Tools\SWI-Watcher.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Daten\Programme\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Daten\Programme\Mozilla Firefox 21\mozjs.dll MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013.01.25 10:25:19 | 000,397,704 | ---- | M] () -- C:\Daten\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.08.14 11:50:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.08.14 11:50:07 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.08.01 07:24:57 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll MOD - [2012.08.01 07:24:51 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.08.01 07:24:33 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.08.01 07:24:18 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.08.01 07:19:49 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.08.01 07:19:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.03.09 12:24:22 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8eb0a051\mscorlib.dll MOD - [2012.03.09 12:24:19 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bd7e59c6\system.xml.dll MOD - [2012.03.09 12:24:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b956b23\system.dll MOD - [2012.03.09 12:24:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.27 09:36:59 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll MOD - [2012.01.27 09:36:59 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll MOD - [2012.01.27 09:36:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2012.01.27 09:36:55 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2012.01.27 09:25:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.27 09:25:36 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll MOD - [2011.07.04 01:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll MOD - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2011.07.04 01:39:00 | 000,063,488 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\GR\PWRMGRRO.DLL MOD - [2011.07.04 01:39:00 | 000,052,224 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2009.12.03 05:35:48 | 000,445,440 | ---- | M] () -- C:\Program Files\HardCopy\HcDllS.dll MOD - [2009.12.03 05:35:48 | 000,057,344 | ---- | M] () -- C:\Program Files\HardCopy\HcDLL2_29_Win32.dll MOD - [2009.12.03 05:35:48 | 000,043,008 | ---- | M] () -- C:\Program Files\HardCopy\hardcopy_02.dll MOD - [2008.04.14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - [2013.05.28 12:35:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.21 10:41:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Daten\Programme\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.11.03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService) SRV - [2012.11.03 07:22:24 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\snac.exe -- (SNAC) SRV - [2012.11.03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService) SRV - [2011.07.04 01:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2011.07.04 01:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute) SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2006.02.09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec) SRV - [2006.02.09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32) SRV - [2004.01.15 18:19:26 | 000,024,576 | --S- | M] (ITA Systemhaus GmbH) [Auto | Running] -- c:\Program Files\ITA\SWI-Tools\SWI-Watcher.exe -- (SWITools-Watcher) SRV - [2003.03.09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.06.05 18:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.04.25 10:02:33 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130412.011\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.04.23 11:39:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVEX15.SYS -- (NAVEX15) DRV - [2013.04.23 11:39:50 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.04.23 11:39:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.04.23 11:39:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVENG.SYS -- (NAVENG) DRV - [2013.04.23 11:05:02 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.30 02:05:06 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130424.011\IDSxpx86.sys -- (IDSxpx86) DRV - [2013.03.07 18:51:56 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.01.31 10:19:34 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2013.01.31 10:19:34 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2013.01.31 10:19:34 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2013.01.31 10:19:34 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2013.01.31 10:19:34 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2012.11.03 07:22:26 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA) DRV - [2012.11.03 07:22:26 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP) DRV - [2012.11.03 07:22:26 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\symtdi.sys -- (SYMTDI) DRV - [2012.11.03 07:22:26 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS) DRV - [2012.11.03 07:22:26 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON) DRV - [2012.11.03 07:22:26 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A}) DRV - [2012.11.03 07:22:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.07.04 01:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2011.07.04 01:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2011.05.25 17:22:00 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdxc86.sys -- (risdxc) DRV - [2011.05.10 15:11:32 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.05.01 14:21:54 | 007,460,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) DRV - [2011.04.05 13:01:40 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2011.02.09 14:49:54 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2011.02.08 12:00:44 | 000,187,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2009.08.04 05:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2009.06.30 11:59:06 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2009.06.30 11:58:26 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2009.06.30 11:58:22 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2007.06.08 10:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm) DRV - [2006.02.09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2006.02.09 03:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff) DRV - [2006.02.09 03:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23 IE - HKCU\..\SearchScopes\{FEE99069-514F-40B1-A858-4A79A33A053B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "heute.de | n24.de" FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5 FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28 FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1 FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Daten\Programme\Apple\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Daten\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Daten\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013.04.23 11:11:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Daten\Programme\Mozilla Firefox 21\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Daten\Programme\Mozilla Firefox 21\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Daten\Programme\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Daten\Programme\plugins [2012.03.22 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Extensions [2013.06.01 11:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions [2013.05.30 19:01:42 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.30 19:01:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.05.30 19:07:33 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\clickclean@hotcleaner.com [2013.05.30 19:01:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\firefox@ghostery.com [2013.05.30 19:01:42 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013.06.01 11:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\client@anonymox.net.xpi [2013.05.30 18:57:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.30 19:01:41 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.05.30 19:01:42 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi O1 HOSTS File: ([2013.05.30 15:49:44 | 000,001,963 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 17 more lines... O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Sav\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk = C:\Program Files\HardCopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Daten\Programme\PrintKey2000\Printkey2000.exe (Fred's Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Download present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O15 - HKLM\..Trusted Domains: 4adodge.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: adtranz.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: adtranz.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: bmw.de ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: bmw.de ([www] http in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: chrysler.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: corpdir.net ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: covisint.com ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] http in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] https in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: XXXXXXchrysler.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dctss.com ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: dcx.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dcxnet.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dcxnet.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: debis.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: debis.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dsh.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: evobus.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: fleetboard.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: jeep.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: limaonweb.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: lima-on-web.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: limaonweb.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: lima-on-web.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: mblf.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: meltwater.com ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: meltwaternews.com ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: mtu-friedrichshafen.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: partsandfacts.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: plimas.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: plymouthcars.com ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: project ([]http in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: project ([]https in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: smbta012 ([]http in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: smbta012 ([]https in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: strategicprojectsolutions.net ([]* in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: street-view-maps.de ([www] http in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Domains: t-online.de ([*.XXXXXX-benz] * in Vertrauenswürdige Sites) O15 - HKLM\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range3 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range4 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range5 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range6 ([*] in Lokales Intranet) O15 - HKLM\..Trusted Ranges: Range7 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Domains: 4adodge.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: adtranz.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: adtranz.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: bmw.de ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: bmw.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: chrysler.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: corpdir.net ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: covisint.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: XXXXXXchrysler.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dctss.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: dcx.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dcxnet.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dcxnet.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: debis.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: debis.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dsh.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: evobus.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: fleetboard.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: jeep.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: limaonweb.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: lima-on-web.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: limaonweb.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: lima-on-web.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: mblf.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: meltwater.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: meltwaternews.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: mtu-friedrichshafen.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: partsandfacts.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: plimas.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: plymouthcars.com ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: project ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: project ([]https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: smbta012 ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: smbta012 ([]https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: strategicprojectsolutions.net ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: street-view-maps.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: t-online.de ([*.XXXXXX-benz] * in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range3 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range4 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range5 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range6 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range7 ([*] in Lokales Intranet) O16 - DPF: {0D9D189C-A7A0-412F-AFCE-96625682ABEF} hxxp://project/Pilot/_layouts/pwa/objects/1031/pjcintl.cab (PJ12deuC Class) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://email.XXXXXX-group.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} hxxp://project/Pilot/_layouts/pwa/objects/1033/pjcintl.cab (PJ12enuC Class) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) O16 - DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} hxxp://project/Pilot/_layouts/pwa/objects/pjclient.cab (PjAdoInfo4 Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXXX-group.XXXXXXchrysler.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA059041-9E0D-4C78-968F-B1E85D1EE119}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - File not found O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.27 17:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 19:33:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.06.05 18:04:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.06.05 12:41:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe [2013.06.05 12:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2013.06.05 08:48:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XXXXXX\Recent [2013.06.05 08:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2013.06.05 08:20:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2013.06.05 07:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\Avira [2013.06.05 07:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2013.06.05 07:50:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.06.05 07:50:29 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.06.05 07:50:29 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.06.05 07:50:29 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.06.05 07:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2013.06.04 13:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.06.04 13:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2013.06.04 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2013.06.04 13:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\My Documents [2013.06.04 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Desktop\Rez [2013.06.04 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2013.06.04 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2013.05.31 10:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\Mozilla Firefox [2013.05.28 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\vlc [2013.05.28 11:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2013.05.26 20:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\DiskAid [2013.05.26 20:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskAid [2013.05.26 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2013.05.26 20:06:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XXXXXX\Start Menu\Programs\Administrative Tools [2013.05.26 20:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\Macroplant_LLC [2013.05.21 11:42:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2013.05.21 10:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM [2013.05.21 10:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Master Collection CS4 [2013.05.17 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.17 16:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [54 \\vmbtf005\homes\XXXXXX\My Documents\*.tmp files -> \\vmbtf005\homes\XXXXXX\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\XXXXXX\*.tmp files -> C:\Documents and Settings\XXXXXX\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.05 20:43:47 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.06.05 20:42:44 | 000,000,454 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini [2013.06.05 20:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.05 20:41:14 | 3742,609,408 | -HS- | M] () -- C:\hiberfil.sys [2013.06.05 20:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.05 20:21:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2013.06.05 19:22:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.06.05 19:04:26 | 003,531,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.06.05 18:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.06.05 15:01:31 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\gmer_2.1.19163.exe [2013.06.05 12:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe [2013.06.05 12:40:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XXXXXX\defogger_reenable [2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe [2013.06.05 08:46:48 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013.06.05 08:46:47 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013.06.05 07:50:43 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2013.06.05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-XXXXXX-GROUP-XXXXXX.job [2013.06.04 23:03:26 | 000,002,653 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk [2013.06.04 16:28:01 | 000,004,947 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images3.jpeg [2013.06.04 16:27:45 | 000,015,451 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\get-high-quality-backlinks.jpg [2013.06.04 16:27:29 | 000,009,522 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\eqc_quality_consultant.jpg [2013.06.04 16:26:54 | 000,005,934 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images2.jpeg [2013.06.04 16:26:41 | 000,005,550 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images.jpeg [2013.06.04 16:26:30 | 000,041,309 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\quality_img.gif [2013.06.04 13:23:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.30 09:59:06 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite [2013.05.26 17:48:48 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\d3d9caps.dat [2013.05.23 16:32:34 | 001,392,640 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\2223ConsultingProjmgm.indd [2013.05.23 08:54:35 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk [2013.05.21 22:59:31 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.21 22:23:11 | 000,214,177 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Nachweis Kraftfahrtbundesamt.pdf [2013.05.21 08:23:25 | 000,522,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.21 08:23:25 | 000,094,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.20 21:54:40 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit USA Bilder 2013.lnk [2013.05.20 16:03:10 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit Praxis USA Tuscaloosa XXXXXX NA.lnk [54 \\vmbtf005\homes\XXXXXX\My Documents\*.tmp files -> \\vmbtf005\homes\XXXXXX\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\XXXXXX\*.tmp files -> C:\Documents and Settings\XXXXXX\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.05 19:04:02 | 003,531,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.06.05 15:01:27 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\gmer_2.1.19163.exe [2013.06.05 12:40:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XXXXXX\defogger_reenable [2013.06.05 12:38:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe [2013.06.05 08:46:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013.06.05 08:46:46 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013.06.05 08:46:45 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.05 07:50:43 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2013.06.05 07:40:59 | 000,002,102 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk [2013.06.05 07:40:58 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk [2013.06.04 16:28:01 | 000,004,947 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images3.jpeg [2013.06.04 16:27:45 | 000,015,451 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\get-high-quality-backlinks.jpg [2013.06.04 16:27:29 | 000,009,522 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\eqc_quality_consultant.jpg [2013.06.04 16:26:54 | 000,005,934 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images2.jpeg [2013.06.04 16:26:41 | 000,005,550 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images.jpeg [2013.06.04 16:26:30 | 000,041,309 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\quality_img.gif [2013.06.04 13:31:34 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk [2013.06.04 13:06:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.05.30 09:59:06 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite [2013.05.28 11:43:09 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.23 16:32:34 | 001,392,640 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\2223ConsultingProjmgm.indd [2013.05.23 08:54:35 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk [2013.05.21 22:20:08 | 000,214,177 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Nachweis Kraftfahrtbundesamt.pdf [2013.05.20 21:54:40 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit USA Bilder 2013.lnk [2013.05.20 16:03:09 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit Praxis USA Tuscaloosa XXXXXX NA.lnk [2013.03.09 22:31:37 | 000,019,555 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2013.03.09 22:31:37 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2013.03.09 21:37:42 | 000,607,525 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2172393533-4195879740-2580636489-64409-0.dat [2013.03.07 23:57:11 | 000,324,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013.03.07 19:14:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2013.01.22 16:20:44 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.04 16:10:06 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2012.12.04 16:10:06 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2012.12.04 16:10:06 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2012.12.04 16:10:06 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2012.12.04 16:10:06 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2012.07.24 07:15:49 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\XXXXXX\PARTsolutions.trace [2012.03.23 18:29:34 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\d3d9caps.dat [2012.03.13 16:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.03.09 12:37:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\fusioncache.dat [2012.03.09 12:36:31 | 000,055,786 | RHS- | C] () -- C:\Documents and Settings\XXXXXX\ntuser.pol [2012.01.27 18:08:59 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.01.27 18:08:59 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.01.27 18:08:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.01.27 18:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.27 17:19:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.27 17:14:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.27 10:05:07 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini [2012.01.27 09:43:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.27 09:24:14 | 000,106,049 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011.08.25 08:20:03 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011.08.25 08:06:08 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini [2011.08.25 08:06:08 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini [2011.08.25 08:06:08 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini [2011.08.23 15:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011.08.23 15:03:13 | 000,522,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.23 15:03:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011.08.23 15:03:13 | 000,094,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.23 15:03:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011.08.23 15:03:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011.08.23 15:03:12 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011.08.23 15:03:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2011.08.23 15:03:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011.08.23 15:03:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011.08.23 15:02:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011.08.23 15:02:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin ========== ZeroAccess Check ========== [2013.06.04 13:55:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\L [2013.06.05 19:35:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\U [2013.06.05 19:28:19 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\L\00000004.@ [2012.01.27 09:25:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.17 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.01.27 09:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lotus [2013.03.09 17:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2013.04.23 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1992-12.com.symantec [2013.03.07 23:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012.01.27 09:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2012.08.06 08:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\3Dconnexion [2013.06.04 13:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.26 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\DassaultSystemes [2013.05.26 20:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\DiskAid [2013.06.05 19:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Dropbox [2010.07.12 10:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\FreeHDConverter [2012.03.06 14:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\ICAClient [2013.03.01 11:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Leadertech [2013.04.23 14:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Lotus [2008.02.14 20:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Mocha [2013.01.16 18:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\PwrMgr [2013.03.07 23:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Samsung [2012.05.29 08:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\T-Systems [2012.05.29 08:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\T-SystemsCax [2012.12.11 18:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\think-cell [2013.03.06 22:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Thunderbird [2013.03.07 21:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\TrueCrypt [2013.03.07 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Windows Desktop Search [2013.03.07 22:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Windows Search ========== Purity Check ========== < End of report > ES WURDE BEI MIR KEINE EXTRA.txt erstellt? Ist das wichtig? Wie kann ich die noch nachträglich anfertigen? beim ersten Mal wurde die mit angefertigt... oO?! und jetzt noch die GMER Log Datei: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-05 23:46:17 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\XXXXXX\LOCALS~1\Temp\pwtyakob.sys ---- System - GMER 2.1 ---- SSDT 8955CDF8 ZwAlertResumeThread SSDT 8955CED8 ZwAlertThread SSDT 89603FC0 ZwAllocateVirtualMemory SSDT 896FFE58 ZwAssignProcessToJobObject SSDT B87088AC ZwClose SSDT 89792D08 ZwConnectPort SSDT B8708866 ZwCreateKey SSDT 87DAEDF8 ZwCreateMutant SSDT B87088B6 ZwCreateSection SSDT 87DA9EB0 ZwCreateSymbolicLinkObject SSDT B870885C ZwCreateThread SSDT 896FFF18 ZwDebugActiveProcess SSDT B870886B ZwDeleteKey SSDT B8708875 ZwDeleteValueKey SSDT B87088A7 ZwDuplicateObject SSDT 89603248 ZwFreeVirtualMemory SSDT 87DAEEE8 ZwImpersonateAnonymousToken SSDT 8955CD58 ZwImpersonateThread SSDT 89566608 ZwLoadDriver SSDT B870887A ZwLoadKey SSDT 895D6150 ZwMapViewOfSection SSDT 87DA98A0 ZwOpenEvent SSDT B8708848 ZwOpenProcess SSDT 895D7440 ZwOpenProcessToken SSDT 8952DD58 ZwOpenSection SSDT B870884D ZwOpenThread SSDT 87DA9F80 ZwProtectVirtualMemory SSDT B87088CF ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0x99347D70] SSDT B8708884 ZwReplaceKey SSDT B87088C0 ZwRequestWaitReplyPort SSDT B870887F ZwRestoreKey SSDT 89909C10 ZwResumeThread SSDT B87088BB ZwSetContextThread SSDT 895BB120 ZwSetInformationProcess SSDT B87088C5 ZwSetSecurityObject SSDT 8952DC10 ZwSetSystemInformation SSDT B8708870 ZwSetValueKey SSDT 87DA97C0 ZwSuspendProcess SSDT 89909CD0 ZwSuspendThread SSDT B87088CA ZwSystemDebugControl SSDT B8708857 ZwTerminateProcess SSDT 896A97E0 ZwTerminateThread SSDT 895D6090 ZwUnmapViewOfSection SSDT 89603E88 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D40 805045F8 4 Bytes [E8, EE, DA, 87] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [C0, 97, DA, 87, D0, 9C, 90, ...] {RCL BYTE [EDI-0x632f7826], 0x90; MOV EDX, ECX; MOV [EAX-0x48], DH} ? SYMDS.SYS Das System kann die angegebene Datei nicht finden. ! ? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0x9B1E8380, 0x809E15, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[3164] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\IBMPMSVC\Parameters\Notification@Type2 65537 ---- EOF - GMER 2.1 ---- Desweiteren gibt es folgende Logs von Antivirenprogrammen: (leider hab ich den Kaspersky Log nicht, der mir auch 2 Rootkits entfernt hatte), Antivir: Exportierte Ereignisse: 05.06.2013 20:45 [System-Scanner] Malware gefunden Die Datei 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta' enthielt einen Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '543223f1.qua' verschoben! 05.06.2013 20:42 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta' wurde ein Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.06.2013 19:36 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta' wurde ein Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.06.2013 12:30 [System-Scanner] Malware gefunden Die Datei 'C:\WINDOWS\XXXXXX-group.scr' enthielt einen Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic]. Durchgeführte Aktion(en): Der Fund wurde als verdächtig eingestuft. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57ed85db.qua' verschoben! 05.06.2013 12:29 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\WINDOWS\XXXXXX-group.scr' wurde ein Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.06.2013 11:05 [System-Scanner] Malware gefunden Die Datei 'C:\WINDOWS\install.XXXXXX\ACROREAD.ENU.110\bootnag.exe' enthielt einen Virus oder unerwünschtes Programm 'SPR/AutoIt.Gen' [riskware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cbd747f.qua' verschoben! 05.06.2013 11:05 [System-Scanner] Malware gefunden Die Datei 'C:\WINDOWS\system32\CCM\Cache\M0000325.3.System\bootnag.exe' enthielt einen Virus oder unerwünschtes Programm 'SPR/AutoIt.Gen' [riskware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542a5bd8.qua' verschoben! 05.06.2013 11:05 [System-Scanner] Malware gefunden Die Datei 'C:\WINDOWS\XXXXXX-group.scr' enthielt einen Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic]. Durchgeführte Aktion(en): Der Fund wurde als verdächtig eingestuft. Die Datei wurde ignoriert. und ein Log von malewarebytes anti maleware Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 XXXXXX :: CMBTLS111363 [Administrator] Schutz: Aktiviert 09.03.2013 21:19:34 mbam-log-2013-03-09 (21-19-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352289 Laufzeit: 1 Stunde(n), 10 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoRecycleFiles (PUM.Disable.Recycle) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Okay das wars, vielen vielen Dank für die Mühe und Hilfe! |
|
06.06.2013, 08:21
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart Hi,
__________________Logs bitte in COdetags posten. Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
06.06.2013, 20:21
| #3 |
| | Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart Hallo & danke für die schnelle Rückmeldung.
__________________Vielleicht ein kurzes Update: Seit gestern fallen mir die Symptome nichtmehr auf, ich weiß allerdings nicht ob das Problem behoben ist. Kann es sein, dass sich die Virenprogramme auch selbst "behindern"? Hier die beiden Dateien (in besserer Ansicht diesmal  )FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by MKELLN (administrator) on 06-06-2013 13:58:23
Running from C:\Documents and Settings\MKELLN\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avshadow.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe
(ITA Systemhaus GmbH) c:\program files\ita\swi-tools\swi-watcher.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CcmExec.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe
(sw4you, Siegfried Weckmann) C:\Program Files\HardCopy\hardcopy.exe
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Adobe InDesign CS4\InDesign.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Dropbox, Inc.) C:\Documents and Settings\MKELLN\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Daten\Programme\Mozilla Firefox 21\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Daten\Programme\Mozilla Firefox 21\plugin-container.exe
(Adobe Systems, Incorporated) C:\Daten\Programme\Adobe\Adobe Photoshop CS5\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Microsoft Corporation) C:\Daten\Programme\Outlook\Office12\OUTLOOK.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon [x]
HKLM\...\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r [62240 2009-08-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2270504 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [800104 2011-07-04] (Lenovo Group Limited)
HKLM\...\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [avgnt] "C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll [X]
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [X]
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk
ShortcutTarget: Hardcopy.lnk -> C:\Program Files\HardCopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Daten\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Documents and Settings\MKELLN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MKELLN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000}
HKCU SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {FEE99069-514F-40B1-A858-4A79A33A053B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Sav\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
PDF: {0D9D189C-A7A0-412F-AFCE-96625682ABEF} hxxp://project/Pilot/_layouts/pwa/objects/1031/pjcintl.cab
PDF: {3BFFE033-BF43-11D5-A271-00A024A51325}
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://email.mbtech-group.com/dwa85W.cab
PDF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} hxxp://project/Pilot/_layouts/pwa/objects/1033/pjcintl.cab
PDF: {E008A543-CEFB-4559-912F-C27C2B89F13B}
PDF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} hxxp://project/Pilot/_layouts/pwa/objects/pjclient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 02 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 03 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 05 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 06 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 07 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 08 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 09 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 10 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 12 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 13 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 14 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 15 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 16 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 17 mswsock.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.254 10.0.0.253
FireFox:
========
FF ProfilePath: C:\Documents and Settings\MKELLN\Application Data\Mozilla\Firefox\Profiles\bdsq6jnt.defaultextensions.ini
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Daten\Programme\Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Daten\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Daten\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
R2 Lenovo.micmute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [69632 2011-07-04] ()
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited)
R2 SepMasterService; C:\Program Files\Sav\12.1.2015.2015.105\Bin\sms.dll [168912 2012-11-03] (Symantec Corporation)
S2 SkypeUpdate; C:\Daten\Programme\Updater\Updater.exe [161384 2013-02-07] (Skype Technologies)
R3 SmcService; C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe [1785792 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files\Sav\12.1.2015.2015.105\Bin\snac.exe [288208 2012-11-03] (Symantec Corporation)
R2 SWITools-Watcher; c:\program files\ita\swi-tools\swi-watcher.exe [24576 2004-01-15] (ITA Systemhaus GmbH)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 Wuser32; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [248544 2006-02-09] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130412.011\BHDrvx86.sys [1000024 2013-04-25] (Symantec Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2011-04-05] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [134304 2012-11-03] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c5132.sys [187048 2011-02-08] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-23] (Symantec Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R3 idisw2km; C:\Windows\System32\DRIVERS\idisw2km.sys [8992 2006-02-09] (Microsoft Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130424.011\IDSxpx86.sys [373728 2013-03-30] (Symantec Corporation)
R3 kbstuff; C:\Windows\System32\DRIVERS\kbstuff5.sys [11744 2006-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVENG.SYS [93296 2013-04-23] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVEX15.SYS [1603824 2013-04-23] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\Windows\System32\DRIVERS\NETwNx32.sys [7460992 2011-05-01] (Intel Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [119528 2011-05-10] (NVIDIA Corporation)
R3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSP.SYS [585888 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSPX.SYS [32888 2012-11-03] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMDS.SYS [368288 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMEFA.SYS [927904 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-04-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.SYS [175264 2012-11-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMTDI.SYS [394656 2012-11-03] (Symantec Corporation)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [12144 2011-07-04] (Lenovo Group Limited)
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [4608 2009-08-04] ()
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S4 PCIIde; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
U1 RCHelp;
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 pwtyakob; \??\C:\DOCUME~1\MKELLN\LOCALS~1\Temp\pwtyakob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-06 13:57 - 2013-06-06 13:57 - 00000000 ____D C:\FRST
2013-06-06 13:57 - 2013-06-06 13:55 - 01357013 ____A (Farbar) C:\Documents and Settings\MKELLN\Desktop\FRST.exe
2013-06-05 23:51 - 2013-06-05 23:51 - 00005624 ____A C:\Documents and Settings\MKELLN\Desktop\Ereignisse Antivir.txt
2013-06-05 23:46 - 2013-06-05 23:46 - 00007323 ____A C:\Documents and Settings\MKELLN\Desktop\GMER.txt
2013-06-05 20:59 - 2013-06-05 21:29 - 00136084 ____A C:\Documents and Settings\MKELLN\Desktop\OTL.Txt
2013-06-05 20:22 - 2013-06-05 20:48 - 00000474 ____A C:\Documents and Settings\MKELLN\Desktop\defogger_disable.log
2013-06-05 20:07 - 2013-06-05 20:23 - 00001687 ____A C:\Documents and Settings\MKELLN\Desktop\neue textdatein für trojaner.txt
2013-06-05 19:04 - 2013-06-05 19:04 - 03531112 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 18:09 - 2013-06-05 18:09 - 00000075 ____A C:\Documents and Settings\MKELLN\Desktop\schreiben an forum.txt
2013-06-05 15:01 - 2013-06-05 15:01 - 00377856 ____A C:\Documents and Settings\MKELLN\Desktop\gmer_2.1.19163.exe
2013-06-05 12:41 - 2013-06-05 12:41 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\MKELLN\Desktop\OTL.exe
2013-06-05 12:40 - 2013-06-05 12:40 - 00000000 ____A C:\Documents and Settings\MKELLN\defogger_reenable
2013-06-05 12:38 - 2013-06-05 12:38 - 00050477 ____A C:\Documents and Settings\MKELLN\Desktop\Defogger.exe
2013-06-05 12:02 - 2013-06-05 12:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-06-05 11:16 - 2013-06-05 11:16 - 00051376 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-05 08:46 - 2013-06-05 08:46 - 00000785 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-06-05 08:23 - 2013-06-05 08:23 - 00000000 ____D C:\Program Files\Dropbox
2013-06-05 08:20 - 2013-06-05 12:57 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 07:53 - 2013-06-05 07:53 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Avira
2013-06-05 07:50 - 2013-06-05 07:50 - 00001751 ____A C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-06-05 07:50 - 2013-06-05 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-06-05 07:50 - 2013-03-06 16:13 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-05 07:50 - 2013-02-27 13:22 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-05 07:50 - 2013-02-27 13:22 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-05 07:50 - 2012-08-27 15:50 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-04 16:28 - 2013-06-04 16:28 - 00004947 ____A C:\Documents and Settings\MKELLN\Desktop\images3.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005934 ____A C:\Documents and Settings\MKELLN\Desktop\images2.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005550 ____A C:\Documents and Settings\MKELLN\Desktop\images.jpeg
2013-06-04 13:31 - 2013-06-04 13:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-04 13:13 - 2013-06-04 13:13 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Rez
2013-06-04 13:06 - 2013-06-05 19:22 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-03 08:59 - 2013-06-05 18:14 - 00000292 ____A C:\Documents and Settings\MKELLN\Desktop\Arbeitszeiten.txt
2013-05-31 10:50 - 2013-06-05 08:43 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Mozilla Firefox
2013-05-28 11:47 - 2013-05-28 11:47 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\vlc
2013-05-28 11:43 - 2013-06-06 13:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 20:15 - 2013-05-26 20:15 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\DiskAid
2013-05-26 20:13 - 2013-05-26 20:13 - 00000000 ____D C:\Program Files\SweetIM
2013-05-26 20:13 - 2013-05-21 14:28 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-05-26 20:13 - 2013-05-21 14:28 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-05-26 20:13 - 2013-05-21 14:28 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-05-26 20:00 - 2013-05-26 20:00 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Macroplant_LLC
2013-05-23 16:32 - 2013-05-23 16:32 - 01392640 ____A C:\Documents and Settings\MKELLN\Desktop\2223ConsultingProjmgm.indd
2013-05-21 11:42 - 2013-05-28 09:57 - 00000000 ____D C:\Windows\Minidump
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ALM
2013-05-20 21:54 - 2013-05-20 21:54 - 00000596 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit USA Bilder 2013.lnk
2013-05-20 16:03 - 2013-05-20 16:03 - 00000762 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit Praxis USA Tuscaloosa MBtech NA.lnk
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-13 09:17 - 2013-05-30 09:49 - 00000278 ____A C:\Documents and Settings\MKELLN\Desktop\quellen.txt
2013-05-12 15:42 - 2008-04-14 05:42 - 00020992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dshowext.ax
2013-05-12 15:42 - 2008-04-14 05:42 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\dshowext.ax
2013-05-12 15:42 - 2008-04-14 00:16 - 00121984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-05-12 15:42 - 2008-04-14 00:16 - 00121984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-05-10 14:17 - 2013-06-04 13:21 - 00002473 ____A C:\Documents and Settings\MKELLN\Desktop\todo.txt
==================== One Month Modified Files and Folders ========
2013-06-06 13:57 - 2013-06-06 13:57 - 00000000 ____D C:\FRST
2013-06-06 13:55 - 2013-06-06 13:57 - 01357013 ____A (Farbar) C:\Documents and Settings\MKELLN\Desktop\FRST.exe
2013-06-06 13:34 - 2013-05-28 11:43 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 13:05 - 2012-01-27 18:09 - 00000444 ____A C:\Windows\wiadebug.log
2013-06-06 12:33 - 2012-01-27 09:56 - 00000316 ____A C:\Windows\Tasks\PMTask.job
2013-06-06 08:28 - 2013-03-07 23:19 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Dropbox
2013-06-05 23:51 - 2013-06-05 23:51 - 00005624 ____A C:\Documents and Settings\MKELLN\Desktop\Ereignisse Antivir.txt
2013-06-05 23:46 - 2013-06-05 23:46 - 00007323 ____A C:\Documents and Settings\MKELLN\Desktop\GMER.txt
2013-06-05 22:48 - 2013-03-01 11:43 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Skype
2013-06-05 21:34 - 2012-01-27 10:05 - 00000454 ____A C:\Windows\SMSCFG.ini
2013-06-05 21:33 - 2012-03-09 12:36 - 00000062 __ASH C:\Documents and Settings\MKELLN\Local Settings\desktop.ini
2013-06-05 21:33 - 2012-01-27 18:09 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-05 21:32 - 2012-01-27 17:20 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-05 21:32 - 2012-01-27 17:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-05 21:32 - 2012-01-27 17:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 21:31 - 2013-04-23 11:11 - 03538944 ____A C:\Windows\System32\config\Symantec.evt
2013-06-05 21:31 - 2012-01-27 17:20 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-06-05 21:30 - 2012-03-09 12:36 - 00001188 ___SH C:\Documents and Settings\MKELLN\ntuser.ini
2013-06-05 21:30 - 2012-01-27 17:15 - 01268086 ____A C:\Windows\WindowsUpdate.log
2013-06-05 21:29 - 2013-06-05 20:59 - 00136084 ____A C:\Documents and Settings\MKELLN\Desktop\OTL.Txt
2013-06-05 20:48 - 2013-06-05 20:22 - 00000474 ____A C:\Documents and Settings\MKELLN\Desktop\defogger_disable.log
2013-06-05 20:23 - 2013-06-05 20:07 - 00001687 ____A C:\Documents and Settings\MKELLN\Desktop\neue textdatein für trojaner.txt
2013-06-05 20:21 - 2012-01-27 18:06 - 00000211 ___SH C:\boot.ini
2013-06-05 20:21 - 2011-08-23 15:03 - 00000607 ____A C:\Windows\win.ini
2013-06-05 20:21 - 2011-08-23 15:03 - 00000227 ____A C:\Windows\system.ini
2013-06-05 19:51 - 2013-03-01 23:22 - 00000000 ____D C:\Windows\pss
2013-06-05 19:35 - 2012-01-27 18:04 - 00000000 ___DC C:\Windows\$NtUninstallKB4618$
2013-06-05 19:35 - 2011-08-23 15:03 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipsec.sys
2013-06-05 19:26 - 2013-01-15 11:07 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-05 19:22 - 2013-06-04 13:06 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-05 19:04 - 2013-06-05 19:04 - 03531112 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 19:04 - 2012-01-27 09:24 - 00000000 __SHD C:\Windows\CSC
2013-06-05 19:03 - 2013-03-29 10:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-05 18:14 - 2013-06-03 08:59 - 00000292 ____A C:\Documents and Settings\MKELLN\Desktop\Arbeitszeiten.txt
2013-06-05 18:09 - 2013-06-05 18:09 - 00000075 ____A C:\Documents and Settings\MKELLN\Desktop\schreiben an forum.txt
2013-06-05 15:01 - 2013-06-05 15:01 - 00377856 ____A C:\Documents and Settings\MKELLN\Desktop\gmer_2.1.19163.exe
2013-06-05 12:57 - 2013-06-05 08:20 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 12:41 - 2013-06-05 12:41 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\MKELLN\Desktop\OTL.exe
2013-06-05 12:40 - 2013-06-05 12:40 - 00000000 ____A C:\Documents and Settings\MKELLN\defogger_reenable
2013-06-05 12:38 - 2013-06-05 12:38 - 00050477 ____A C:\Documents and Settings\MKELLN\Desktop\Defogger.exe
2013-06-05 12:02 - 2013-06-05 12:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-06-05 11:16 - 2013-06-05 11:16 - 00051376 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-05 08:46 - 2013-06-05 08:46 - 00000785 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-06-05 08:43 - 2013-05-31 10:50 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Mozilla Firefox
2013-06-05 08:23 - 2013-06-05 08:23 - 00000000 ____D C:\Program Files\Dropbox
2013-06-05 08:20 - 2012-01-27 18:04 - 00000000 ____D C:\Windows\repair
2013-06-05 08:19 - 2012-01-27 17:14 - 00000000 ____D C:\Windows\Registration
2013-06-05 07:53 - 2013-06-05 07:53 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Avira
2013-06-05 07:50 - 2013-06-05 07:50 - 00001751 ____A C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-06-05 07:50 - 2013-06-05 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-06-05 02:00 - 2013-03-09 16:48 - 00000344 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-MBTECH-GROUP-MKELLN.job
2013-06-04 16:28 - 2013-06-04 16:28 - 00004947 ____A C:\Documents and Settings\MKELLN\Desktop\images3.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005934 ____A C:\Documents and Settings\MKELLN\Desktop\images2.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005550 ____A C:\Documents and Settings\MKELLN\Desktop\images.jpeg
2013-06-04 13:31 - 2013-06-04 13:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-04 13:29 - 2013-03-09 16:41 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-04 13:29 - 2012-12-03 10:08 - 00000000 ____D C:\Program Files\Adobe
2013-06-04 13:25 - 2012-03-09 14:28 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Adobe
2013-06-04 13:23 - 2011-08-23 15:03 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-04 13:21 - 2013-05-10 14:17 - 00002473 ____A C:\Documents and Settings\MKELLN\Desktop\todo.txt
2013-06-04 13:13 - 2013-06-04 13:13 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Rez
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-30 19:37 - 2012-03-09 12:36 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Macromedia
2013-05-30 10:34 - 2012-03-09 12:36 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Adobe
2013-05-30 09:49 - 2013-05-13 09:17 - 00000278 ____A C:\Documents and Settings\MKELLN\Desktop\quellen.txt
2013-05-28 12:35 - 2012-12-05 09:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-28 12:35 - 2012-07-24 08:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-28 11:47 - 2013-05-28 11:47 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\vlc
2013-05-28 09:57 - 2013-05-21 11:42 - 00000000 ____D C:\Windows\Minidump
2013-05-28 09:57 - 2013-03-07 23:23 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-26 20:22 - 2013-03-07 23:23 - 00001947 ____A C:\Windows\System32\lvcoinst.log
2013-05-26 20:22 - 2013-01-14 17:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-26 20:15 - 2013-05-26 20:15 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\DiskAid
2013-05-26 20:13 - 2013-05-26 20:13 - 00000000 ____D C:\Program Files\SweetIM
2013-05-26 20:06 - 2012-01-27 18:04 - 00000000 ____D C:\Windows\Resources
2013-05-26 20:00 - 2013-05-26 20:00 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Macroplant_LLC
2013-05-26 17:48 - 2012-03-23 18:29 - 00000664 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\d3d9caps.dat
2013-05-24 00:32 - 2013-04-25 11:52 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Stuff
2013-05-23 16:32 - 2013-05-23 16:32 - 01392640 ____A C:\Documents and Settings\MKELLN\Desktop\2223ConsultingProjmgm.indd
2013-05-22 16:08 - 2013-03-07 20:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Apple Computer
2013-05-22 16:04 - 2012-12-03 10:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-21 22:59 - 2013-01-22 16:20 - 00005632 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 14:28 - 2013-05-26 20:13 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-05-21 14:28 - 2013-05-26 20:13 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-05-21 14:28 - 2013-05-26 20:13 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-05-21 14:28 - 2005-12-09 07:30 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2013-05-21 11:06 - 2012-12-03 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ALM
2013-05-21 09:00 - 2013-01-15 11:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-21 08:23 - 2012-01-27 18:07 - 00630528 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-20 21:54 - 2013-05-20 21:54 - 00000596 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit USA Bilder 2013.lnk
2013-05-20 16:03 - 2013-05-20 16:03 - 00000762 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit Praxis USA Tuscaloosa MBtech NA.lnk
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-11 21:34 - 2012-03-30 10:06 - 00311808 __ASH C:\Documents and Settings\MKELLN\Desktop\Thumbs.db
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Und die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01 Ran by XXXXXXX at 2013-06-06 13:58:59 Run: Running from C:\Documents and Settings\XXXXXXX\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip (Version: 4.65.00.0) Adobe AIR (Version: 3.7.0.1860) Adobe Anchor Service CS4 (Version: 2.0) Adobe Bridge CS4 (Version: 3) Adobe CMaps CS4 (Version: 2.0) Adobe Color EU Recommended Settings CS4 (Version: 2.0) Adobe Color JA Extra Settings CS4 (Version: 2.0) Adobe Color NA Extra Settings CS4 (Version: 2.0) Adobe Community Help (Version: 3.0.0) Adobe Community Help (Version: 3.0.0.400) Adobe Creative Suite 4 Master Collection (Version: 4.0) Adobe CS4 American English Speech Analysis Models (Version: 1) Adobe CSI CS4 (Version: 1) Adobe Default Language CS4 (Version: 2.0) Adobe Device Central CS4 (Version: 2) Adobe Download Assistant (Version: 1.2.5) Adobe Drive CS4 (Version: 1) Adobe Dynamiclink Support (Version: 1) Adobe ExtendScript Toolkit CS4 (Version: 3.0.0) Adobe Extension Manager CS4 (Version: 2.0) Adobe Flash Player - 11.5.502.110 - 2.26 - MUI (Version: 11.5.502.110) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Fonts All (Version: 2.0) Adobe Illustrator CS4 (Version: 14.0) Adobe InDesign CS4 (Version: 6.0) Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0) Adobe InDesign CS4 Common Base Files (Version: 6.0) Adobe InDesign CS4 Icon Handler (Version: 6.0) Adobe Linguistics CS4 (Version: 4.0.0) Adobe Media Encoder CS4 (Version: 1.0) Adobe Media Encoder CS4 Additional Exporter (Version: 1.0) Adobe Media Encoder CS4 Dolby (Version: 1.0) Adobe Media Player (Version: 1.8) Adobe Output Module (Version: 2.0) Adobe PDF Library Files CS4 (Version: 9.0) Adobe Photoshop CS5 (Version: 12.0) Adobe Premiere Pro CS4 (Version: 4) Adobe Premiere Pro CS4 Functional Content (Version: 4) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Adobe Search for Help (Version: 1.0) Adobe Service Manager Extension (Version: 1.0) Adobe Setup (Version: 2.0) Adobe SGM CS4 (Version: 3.0) Adobe SING CS4 (Version: 2.0) Adobe Type Support CS4 (Version: 9.0) Adobe Update Manager CS4 (Version: 6.0.0) Adobe WinSoft Linguistics Plugin (Version: 1.1) Adobe XMP Panels CS4 (Version: 2.0) AdobeColorCommonSetCMYK (Version: 2.0) AFPL Ghostscript (Version: 8.53) Anzeige am Bildschirm (Version: 6.42.00) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Avira Free Antivirus (Version: 13.0.0.3640) Bonjour (Version: 3.0.0.10) CCleaner (Version: 3.28) Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000) Conexant 20672 SmartAudio HD (Version: 8.32.23.0) Connect (Version: 1.0.0.1) DCS Lotus Notes (Version: 7.0.2.6269) DCS Lotus Notes Lang Pack DEU (Version: 7.02) DiskAid 5.46 (Version: 5.46) Dropbox (Version: 2.0.22) Enable USBhub (Version: 1.01) Hardcopy für Windows (Version: 17.0.18.0) HP Foto- und Bildbearbeitung 2.0 - All-in-One (Version: 1.10.0000) HP Foto und Bildbearbeitung 2.0 - hp psc 2200 series HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber (Version: 1.10.0000) hp psc 2200 series (Version: 1.10.0000) InstallShield ISScript11 (Version: 11.50) ITM StartMenuLogo (Version: 1.2) iTunes (Version: 11.0.2.26) Java(TM) 6 Update 17 (Version: 6.0.170) JDownloader 0.9 (Version: 0.9) Kazuya Ujihara ConcatPDF (Version: 1.1.4) kuler (Version: 2.0) Lenovo Auto Scroll Utility (Version: 1.00) Lenovo Supervisor Einstellung: 2 Lenovo System Interface Driver (Version: 1.05) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30320) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2003 Web Components (Version: 12.0.6213.1000) Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031) Microsoft Office Access database engine 2007 (English) Dummy R2 (Version: 12.0.4518.1031) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Visio Viewer 2007 (Version: 12.0.6425.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.4053) Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.762) Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0) Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (Version: 10.0.40219.1) Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000) Microsoft Software Update for Web Folders (German) 12 (Version: 12.0.4518.1014) Microsoft Software Update for Web Folders (German) 14 (Version: 14.0.4763.1000) Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider (Version: 9.00.4035.00) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic Runtime 5 (Version: 1.01) Microsoft Visual Basic Runtime 6 (Version: 1.01) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322) Microsoft Windows Media Player (Version: 1.01) Microsoft Windows Media Player MUI (Version: 1.01) Microsoft Windows Media Player User Settings (Version: 1.01) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Mindjet MindManager Viewer 7 (Version: 7.0.472) MochaSoft Mocha W32 TN3270 (Version: 1.01) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML4.0 redistributable (Version: 4.0.0.0) Office 2003 German User Interface Pack (Version: 1.01) Office 2003 Professional Edition User Settings (Version: 1.01) Office 2010 XP x64 PDF Settings CS4 (Version: 9.0) PDF Settings CS5 (Version: 10.0) Photoshop Camera Raw (Version: 5.0) Presentation Director (Version: 4.32) PrintKey2000 Project ActiveX PlugIn SP2 (Version: 12.0.6503.5000) Samsung Kies (Version: 2.5.2.13021_10) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0) SAP GUI 7.20 - 1.06 - DEU (Version: 1.06) SAP GUI for Windows 7.20 (Version: 7.20 Compilation 3) Site Access WLan Settings (Version: 1.0) Skype™ 6.2 SMS Advanced Client (Version: 2.50.4160.2000) Stefan Heinz FreePDF XP - USR (Version: 3.04) Stefan Heinz FreePDF XP (Version: 3.04) STM TPM Driver 1.0.4.15 - 32 bits (Version: 1.0.4.15 32bits) Suite Shared Configuration CS4 (Version: 1.0) Sun JRE Deployment Configuration (Version: 5.0) SWI - Buttler (Version: 1.1) SWI-Tools (Version: 1.0.0) Symantec Endpoint Protection (Version: 12.1.2015.2015) ThinkPad Energie-Manager (Version: 1.99j) ThinkPad FullScreen Magnifier (Version: 2.30) ThinkPad Modem Adapter (Version: 7.80.5.50) ThinkPad Power Management Driver (Version: 1.62.00.00) ThinkPad UltraNav Driver (Version: 15.3.8.0) ThinkVantage Fingerprint Software (Version: 5.8.6.6874) TrueCrypt (Version: 7.1a) VLC media player 2.0.6 (Version: 2.0.6) WebFldrs XP (Version: 9.50.7523) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Internet Explorer 8 Multilingual User Interface (MUI) (Version: 20090411.120000) Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 10 Windows Search 4.0 (Version: 04.00.6001.503) ==================== Restore Points ========================= 27-01-2012 07:24:57 Installed Microsoft .NET Framework 1.1 27-01-2012 07:25:34 Microsoft .NET Framework 1.1 German Language Pack wird installiert 27-01-2012 07:28:18 Installed Windows KB954550-v5. 27-01-2012 07:28:21 Printer Driver Microsoft XPS Document Writer Installed 27-01-2012 07:28:24 Printer Driver Microsoft XPS Document Writer Installed 27-01-2012 07:37:06 Installed Microsoft redistributable runtime DLLs VS2005 SP1(x86) 27-01-2012 07:37:28 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 27-01-2012 07:37:32 Installed MSXML4.0 redistributable 27-01-2012 07:37:40 Installed ITM StartMenuLogo 27-01-2012 07:38:16 Installed Adobe Reader 8.2.0 27-01-2012 07:40:50 Installed Adobe Flash Player 10 ActiveX. 27-01-2012 07:41:05 Installed DCS Lotus Notes 27-01-2012 07:41:31 Installed DCS Lotus Notes Lang Pack DEU 27-01-2012 07:41:58 Installed AFPL Ghostscript 27-01-2012 07:42:03 Installed Stefan Heinz FreePDF XP 27-01-2012 07:42:08 Installed Microsoft Visual J# .NET Redistributable Package 1.1 27-01-2012 07:42:23 Installed Kazuya Ujihara ConcatPDF 27-01-2012 07:42:32 Installed Office 2003 Professional Edition 27-01-2012 07:43:58 Installed Office 2003 German User Interface Pack 27-01-2012 07:44:59 Installed Microsoft Office Access database engine 2007 (English) 27-01-2012 07:45:36 Installed Windows Internet Explorer 8. 27-01-2012 07:46:00 Installed 7-Zip 27-01-2012 07:46:10 Installed Microsoft Visual Basic Runtime 6 27-01-2012 07:46:21 Installed Microsoft Visual Basic Runtime 5 27-01-2012 07:46:28 Installed MochaSoft Mocha W32 TN3270 27-01-2012 07:46:40 Installed Hardcopy für Windows 27-01-2012 07:46:54 Installed Microsoft Windows Media Player 27-01-2012 07:47:23 Installed Microsoft Windows Media Player MUI 27-01-2012 07:47:33 Installed InstallShield ISScript11 27-01-2012 07:48:44 Installed Java(TM) 6 Update 17 27-01-2012 07:49:35 Installed Sun JRE Deployment Configuration 27-01-2012 07:49:58 Installed Microsoft Office Visio Viewer 2007 27-01-2012 07:50:50 Installed Mindjet MindManager Viewer 7. 27-01-2012 07:51:19 Installed Microsoft Office 2003 Web Components 27-01-2012 07:51:43 Installed Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider 27-01-2012 07:51:52 Installed Project ActiveX PlugIn SP2 27-01-2012 07:51:59 Installed Microsoft Visual C++ 2005 Redistributable 27-01-2012 07:56:11 Installiert Energie-Manager 27-01-2012 08:00:52 Installed Presentation Director 27-01-2012 08:03:51 Installed Windows XP IE8-MUI. 27-01-2012 08:04:35 SWI - Buttler wird installiert 27-01-2012 08:04:38 SWI-Tools wird installiert 27-01-2012 08:05:00 Installed SMS Advanced Client 27-01-2012 08:06:21 Installed Site Access WLan Settings 27-01-2012 08:11:48 Software Distribution Service 3.0 27-01-2012 08:12:47 Software Distribution Service 3.0 27-01-2012 08:13:20 Software Distribution Service 3.0 27-01-2012 08:13:51 Software Distribution Service 3.0 27-01-2012 08:14:24 Software Distribution Service 3.0 27-01-2012 08:14:56 Software Distribution Service 3.0 27-01-2012 08:15:30 Software Distribution Service 3.0 27-01-2012 08:16:04 Software Distribution Service 3.0 27-01-2012 08:16:37 Software Distribution Service 3.0 27-01-2012 08:17:35 Software Distribution Service 3.0 27-01-2012 08:18:08 Software Distribution Service 3.0 27-01-2012 08:18:42 Software Distribution Service 3.0 27-01-2012 08:19:42 Software Distribution Service 3.0 27-01-2012 08:20:18 Software Distribution Service 3.0 27-01-2012 08:20:52 Software Distribution Service 3.0 27-01-2012 08:21:58 Software Distribution Service 3.0 27-01-2012 08:22:33 Software Distribution Service 3.0 27-01-2012 08:23:07 Software Distribution Service 3.0 27-01-2012 08:23:41 Software Distribution Service 3.0 27-01-2012 08:24:15 Software Distribution Service 3.0 27-01-2012 08:24:49 Software Distribution Service 3.0 27-01-2012 08:25:52 Software Distribution Service 3.0 27-01-2012 08:26:26 Software Distribution Service 3.0 27-01-2012 08:27:22 Software Distribution Service 3.0 27-01-2012 08:27:58 Software Distribution Service 3.0 27-01-2012 08:28:32 Software Distribution Service 3.0 27-01-2012 08:29:06 Software Distribution Service 3.0 27-01-2012 08:29:57 Software Distribution Service 3.0 27-01-2012 08:30:30 Software Distribution Service 3.0 27-01-2012 08:33:06 Software Distribution Service 3.0 27-01-2012 08:33:47 Software Distribution Service 3.0 27-01-2012 08:34:23 Software Distribution Service 3.0 27-01-2012 08:34:59 Software Distribution Service 3.0 27-01-2012 08:35:35 Software Distribution Service 3.0 27-01-2012 08:36:11 Software Distribution Service 3.0 27-01-2012 08:36:45 Software Distribution Service 3.0 27-01-2012 08:37:20 Software Distribution Service 3.0 27-01-2012 08:37:55 Software Distribution Service 3.0 27-01-2012 08:38:30 Software Distribution Service 3.0 27-01-2012 08:40:21 Software Distribution Service 3.0 27-01-2012 08:40:57 Software Distribution Service 3.0 27-01-2012 08:41:34 Software Distribution Service 3.0 27-01-2012 08:42:11 Software Distribution Service 3.0 27-01-2012 08:42:44 Software Distribution Service 3.0 27-01-2012 08:43:21 Software Distribution Service 3.0 27-01-2012 08:43:59 Software Distribution Service 3.0 27-01-2012 08:44:34 Software Distribution Service 3.0 27-01-2012 08:45:11 Software Distribution Service 3.0 27-01-2012 08:45:44 Software Distribution Service 3.0 27-01-2012 08:46:21 Software Distribution Service 3.0 27-01-2012 08:46:58 Software Distribution Service 3.0 27-01-2012 08:47:35 Software Distribution Service 3.0 27-01-2012 08:48:11 Software Distribution Service 3.0 27-01-2012 08:48:46 Software Distribution Service 3.0 27-01-2012 08:49:23 Software Distribution Service 3.0 27-01-2012 08:49:58 Software Distribution Service 3.0 27-01-2012 08:50:35 Software Distribution Service 3.0 27-01-2012 08:51:10 Software Distribution Service 3.0 27-01-2012 08:52:04 Software Distribution Service 3.0 27-01-2012 08:52:42 Software Distribution Service 3.0 27-01-2012 08:53:18 Software Distribution Service 3.0 27-01-2012 08:53:56 Software Distribution Service 3.0 27-01-2012 08:54:32 Software Distribution Service 3.0 27-01-2012 08:55:10 Software Distribution Service 3.0 27-01-2012 08:55:45 Software Distribution Service 3.0 27-01-2012 08:56:23 Software Distribution Service 3.0 27-01-2012 08:57:00 Software Distribution Service 3.0 27-01-2012 08:57:37 Software Distribution Service 3.0 27-01-2012 08:58:13 Software Distribution Service 3.0 27-01-2012 08:58:52 Software Distribution Service 3.0 27-01-2012 08:59:31 Software Distribution Service 3.0 27-01-2012 09:00:10 Software Distribution Service 3.0 27-01-2012 09:00:47 Software Distribution Service 3.0 27-01-2012 09:01:23 Software Distribution Service 3.0 27-01-2012 09:02:00 Software Distribution Service 3.0 27-01-2012 09:02:37 Software Distribution Service 3.0 27-01-2012 09:03:12 Software Distribution Service 3.0 27-01-2012 09:04:32 Software Distribution Service 3.0 27-01-2012 09:05:14 Software Distribution Service 3.0 27-01-2012 09:05:47 Software Distribution Service 3.0 27-01-2012 09:06:28 Software Distribution Service 3.0 27-01-2012 09:07:04 Software Distribution Service 3.0 27-01-2012 09:07:42 Software Distribution Service 3.0 27-01-2012 09:08:25 Software Distribution Service 3.0 27-01-2012 09:09:07 Software Distribution Service 3.0 27-01-2012 09:09:32 Installed Symantec AntiVirus ==================== Hosts content: ========================== ::1 localhost ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5891 Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5891 Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3938 Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3938 Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1953 Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1953 Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2013 07:38:23 AM) (Source: AutoEnrollment) (User: ) Description: Die automatische Zertifikatregistrierung für "XXXX\XXXXXXX" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. System errors: ============= Error: (06/06/2013 01:18:04 PM) (Source: W32Time) (User: ) Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 59 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error: (06/06/2013 01:18:04 PM) (Source: W32Time) (User: ) Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 60 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error: (06/06/2013 00:48:03 PM) (Source: W32Time) (User: ) Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error: (06/06/2013 00:48:03 PM) (Source: W32Time) (User: ) Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error: (06/06/2013 00:33:05 PM) (Source: W32Time) (User: ) Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error: (06/06/2013 00:33:05 PM) (Source: W32Time) (User: ) Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error: (06/06/2013 11:37:08 AM) (Source: NETLOGON) (User: ) Description: Es steht kein Domänencontroller für die Domäne XXXXXXX-GROUP aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error: (06/06/2013 11:23:21 AM) (Source: W32Time) (User: ) Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 239 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error: (06/06/2013 11:23:21 AM) (Source: W32Time) (User: ) Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer "ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 240 Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751) Error: (06/06/2013 09:23:21 AM) (Source: W32Time) (User: ) Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 119 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 65% Total physical RAM: 3569.16 XXXXXXX Available physical RAM: 1232.59 XXXXXXX Total Pagefile: 5449.57 XXXXXXX Available Pagefile: 2453.09 XXXXXXX Total Virtual: 2047.88 XXXXXXX Available Virtual: 1950.13 XXXXXXX ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:369.49 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive p: (Offline) (Network) (Total:465.75 GB) (Free:369.49 GB) *NT5CSC ==================== XXXXXXXR & Partition Table ================== ======================================================== Disk: 0 (XXXXXXXR Code: Windows XP) (Size: 466 GB) (Disk ID: 05752120) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
07.06.2013, 06:44
| #4 | |
| /// the machine /// TB-Ausbilder | Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert SystemstartZitat:
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart |
| adobe, antivir, aufrufe, avg, avira, bho, bonjour, eigenständige, excel, firefox, flash player, format, heur/malware, home, hängen, intranet, kaspersky, launch, logfile, maus, mozilla, plug-in, problem, pum.disable.recycle, pum.hijack.help, registry, rootkit, scan, security, software, spr/autoit.gen, symantec, trojan, udp, virus, webside |
Linear-Darstellung
