| |
| |||||||
Log-Analyse und Auswertung: Computer wurde ausspioniert - Spionagesoftware noch aktiv?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.06.2013, 18:15
| #1 |
 |  Computer wurde ausspioniert - Spionagesoftware noch aktiv? Hallo, ich hoffe, jemand von euch kann helfen herauszufinden, ob dieser Rechner clean ist. Der Rechner, den ich hier habe, wurde definitiv über Internet ausspioniert. Dafür hat der Besitzer sichere Beweise (führt hier jetzt zu weit). Bei Scans mit verschiedenen Virenscannern (Combofix, Kaspersky, Malwarebytes, Spybot) wurden ein paar Java-Schädlinge (installiert war Java 1.4.2) gefunden (C:\dokumente und einstellungen\*+*+*\anwendungsdaten\ibm\java\deployment\cache\javapi\v1.0\ - qdgtsqclqasthwyuj.jar-329c6daa-3ba48768 - cbygba.jar-751a94b1-61f660bd - bhkcajgdspvnr.jar-73fdc967-3ad3c7ac - cpjpeudryskrdmb.jar-164deb9c-73031ae2 - ehjwvkfwe.jar-3551ca68-6ab2075f - g43kb6j34kblq6jh34kb6j3kl4.jar-43253035-4e7d148c - syugsu.jar-10b9dea6-2ee8813c ), sonst nichts. Ich glaube daher nicht, dass ich den "Übeltäter" schon erwischt habe, oder er wurde bereits entfernt, um Spuren zu verwischen. Danke für eure Bemühungen! Hier sind die Logs: Code:
ATTFilter OTL logfile created on: 15.06.2013 16:20:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*+*+*\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,42% Memory free 3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,79% Paging File free Paging file location(s): C:\pagefile.sys 2500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 145,07 Gb Total Space | 105,18 Gb Free Space | 72,50% Space Free | Partition Type: NTFS Computer Name: NB-*+*+* | User Name: *+*+* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 16:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2013.04.15 10:40:28 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2013.01.17 16:22:50 | 000,335,232 | ---- | M] (Puran Software) -- C:\Programme\Puran Defrag\PuranADT.exe PRC - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.08.17 21:43:06 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.10.20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.09.11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.12 17:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.09.13 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2005.05.24 23:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe PRC - [2005.04.27 10:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe PRC - [2005.04.13 10:01:28 | 000,040,554 | ---- | M] (UPEK Inc.) -- C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe PRC - [2005.03.18 04:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE PRC - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.11.08 12:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.10.14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.18 15:31:09 | 000,686,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\fbc39dffa3eea3a552e956db59d1d7fd\System.Security.ni.dll MOD - [2013.05.18 15:31:01 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll MOD - [2013.05.18 15:25:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll MOD - [2013.05.18 14:58:28 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.05.18 14:57:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013.05.18 14:56:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\libcef.dll MOD - [2013.02.13 21:31:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013.01.10 18:14:45 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll MOD - [2013.01.10 18:14:19 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.10 14:42:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 14:41:42 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 14:40:59 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll MOD - [2013.01.10 14:33:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 14:32:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.12.14 13:45:44 | 001,310,136 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2010.11.11 02:02:34 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.11 02:02:21 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.11 02:02:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2007.11.19 14:37:04 | 000,245,760 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe MOD - [2005.04.14 02:01:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2005.04.14 02:01:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2005.04.05 16:02:26 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll MOD - [2005.03.23 03:11:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL MOD - [2005.03.04 12:47:18 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL MOD - [2005.03.04 12:46:44 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL MOD - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe ========== Services (SafeList) ========== SRV - [2013.06.13 18:52:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.15 10:40:28 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.03.31 12:02:16 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.07.18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2005.05.24 23:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service) SRV - [2005.04.13 10:01:28 | 000,040,554 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe -- (vtserver) SRV - [2005.03.18 04:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013.06.11 03:53:37 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2013.06.11 03:53:37 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps) DRV - [2013.06.11 03:53:37 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi) DRV - [2012.12.14 13:45:34 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.12.14 13:45:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.06.27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2009.08.18 14:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.06.30 19:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009.06.29 19:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 19:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 14:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2007.11.20 16:39:56 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.07.25 16:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.07.10 06:28:38 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOUSEWD.SYS -- (MOUSEWDFilter) DRV - [2005.05.24 23:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2005.05.24 23:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2005.05.24 23:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.05.24 23:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005.05.24 23:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005.05.17 03:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2005.04.27 11:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter) DRV - [2005.04.21 17:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11) DRV - [2005.04.14 02:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2005.04.13 09:58:20 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\IBM fingerprint software\smihlp.sys -- (SmiHlp) DRV - [2005.03.18 04:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF) DRV - [2005.03.18 04:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005.03.18 04:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2005.02.01 18:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio) DRV - [2005.01.21 02:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2005.01.21 02:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2004.12.02 17:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM) DRV - [2004.12.02 16:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput) DRV - [2004.11.10 17:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004.11.10 17:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.11.10 17:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004.05.24 15:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT) DRV - [2003.05.07 16:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2) DRV - [2003.02.27 02:00:00 | 000,523,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fxpcbase.sys -- (FXPCBASE) DRV - [2003.02.27 02:00:00 | 000,038,608 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2002.12.17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 AB CD A6 BE 85 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {943BBB00-8E37-48B2-9949-ED55B3AD798B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{7AD48B50-0338-428D-830F-BAFF2292DDC0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=9aaea3d2-3fb9-426e-87ec-a671dd46068d&apn_sauid=E2E8E175-0B5D-4EE6-B3BD-1BB1E61C0A11 IE - HKCU\..\SearchScopes\{943BBB00-8E37-48B2-9949-ED55B3AD798B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.12.16 13:29:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.06.11 03:53:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.06.11 03:53:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.06.08 09:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Extensions [2013.06.11 10:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\extensions [2013.05.13 19:11:58 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.04 15:40:46 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\searchplugins\askcom.xml [2013.06.11 10:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.11 10:40:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.11 03:53:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAMME\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM O1 HOSTS File: ([2013.06.11 02:34:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ControlCenter] C:\Programme\IBM fingerprint software\ctlcntr.exe (UPEK Inc.) O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PuranADT] C:\Programme\Puran Defrag\PuranADT.exe (Puran Software) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [UpdateManager] C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - Startup: C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135511583123 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242637022875 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{731559F7-3989-4F1A-B4D3-4EAF8786BB78}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\IBM fingerprint software\psfus.dll) - C:\Programme\IBM fingerprint software\psfus.dll (UPEK Inc.) O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.25 18:05:52 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (autocheck PuranDefragBT -AD) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.15 15:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel [2013.06.15 15:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\(null) [2013.06.15 15:02:25 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Lenovo [2013.06.13 16:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe [2013.06.13 15:17:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2013.06.12 09:15:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*+*+*\Recent [2013.06.12 08:54:37 | 004,170,624 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\TeamViewerQS_de.exe [2013.06.12 08:51:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.06.12 08:24:58 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0407.exe [2013.06.11 13:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Malwarebytes [2013.06.11 13:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.06.11 13:33:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.06.11 13:33:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.06.11 13:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.06.11 10:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Virenfunde [2013.06.11 10:40:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.06.11 10:40:45 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.06.11 03:28:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2013 [2013.06.11 03:26:03 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2013.06.11 03:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2013.06.11 03:25:31 | 000,591,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys [2013.06.11 03:25:31 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys [2013.06.11 02:46:11 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2013.06.11 02:02:47 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.06.11 02:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.06.11 00:32:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Puran Defrag [2013.06.11 00:32:50 | 000,000,000 | ---D | C] -- C:\Programme\Puran Defrag [2013.06.04 11:31:37 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.15 16:29:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job [2013.06.15 16:18:24 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\defogger_reenable [2013.06.15 16:18:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.06.15 16:08:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.15 16:08:25 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.15 16:07:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.06.15 16:07:35 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2013.06.15 16:07:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.15 16:07:11 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys [2013.06.15 15:52:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.15 15:28:21 | 000,013,984 | ---- | M] () -- C:\WINDOWS\AegisP.inf [2013.06.15 15:28:21 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat [2013.06.13 16:20:50 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\gmer_2.1.19163.exe [2013.06.13 16:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe [2013.06.13 16:18:58 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Defogger.exe [2013.06.12 09:26:30 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.06.12 08:54:43 | 004,170,624 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\TeamViewerQS_de.exe [2013.06.12 08:32:40 | 000,000,182 | ---- | M] () -- C:\WINDOWS\DOTEXCRD.INI [2013.06.12 08:32:39 | 000,000,773 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2013.06.12 08:23:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.12 00:32:46 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI [2013.06.11 13:33:57 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.11 13:25:05 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013.06.11 10:40:59 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.06.11 03:53:37 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys [2013.06.11 03:53:37 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kneps.sys [2013.06.11 03:53:37 | 000,074,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys [2013.06.11 03:53:37 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kltdi.sys [2013.06.11 03:31:04 | 000,001,955 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.11 03:27:44 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Internet Security 2013.lnk [2013.06.11 02:46:22 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.06.11 02:34:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.06.11 00:23:47 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.06.04 11:32:47 | 000,001,052 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk [2013.05.18 18:43:03 | 000,084,324 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\MW_Bundesverkehrswegeplan_2015_04_pdf[1].pdf [2013.05.18 15:00:28 | 000,482,480 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.18 15:00:28 | 000,459,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.18 15:00:28 | 000,095,106 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.18 15:00:28 | 000,079,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.15 16:18:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\defogger_reenable [2013.06.15 15:28:21 | 000,013,984 | ---- | C] () -- C:\WINDOWS\AegisP.inf [2013.06.15 15:28:21 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat [2013.06.13 16:20:50 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\gmer_2.1.19163.exe [2013.06.13 16:18:53 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Defogger.exe [2013.06.12 09:26:30 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.06.12 08:25:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll [2013.06.11 13:33:57 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.11 10:48:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.11 10:40:59 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.06.11 10:40:59 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.06.11 03:31:04 | 000,001,955 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.11 03:28:12 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Internet Security 2013.lnk [2013.06.11 02:46:22 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.06.11 02:46:22 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.06.11 02:02:55 | 000,000,194 | ---- | C] () -- C:\Boot.bak [2013.06.11 02:02:50 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.06.04 11:32:47 | 000,001,052 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk [2013.05.18 18:43:03 | 000,084,324 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\MW_Bundesverkehrswegeplan_2015_04_pdf[1].pdf [2012.02.15 08:43:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2007.11.30 16:24:37 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\RefEdit.exd [2005.12.26 12:38:25 | 000,031,232 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.12.25 18:05:41 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.10.26 23:36:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.06.08 08:46:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2005.10.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm [2010.03.31 12:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.03.31 12:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.16 13:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.12.23 18:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YesVideo [2006.03.16 12:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\AVG7 [2010.12.16 13:31:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Bytemobile [2011.09.11 18:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Canon [2013.06.15 16:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox [2010.01.06 12:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\FRITZ! [2005.12.25 18:09:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\IBM [2008.10.27 14:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\InfraRecorder [2005.12.26 12:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\InterVideo [2006.03.16 15:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\NewSoft [2007.02.26 16:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\ScanSoft [2009.06.18 08:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\TeamViewer [2009.05.15 09:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\TuneUp Software [2010.11.09 14:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Vodafone [2010.11.13 11:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Vodafone Mobile Connect ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.06.2013 16:20:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*+*+*\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,42% Memory free
3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,07 Gb Total Space | 105,18 Gb Free Space | 72,50% Space Free | Partition Type: NTFS
Computer Name: NB-*+*+* | User Name: *+*+* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Dienstprogramm 'IBM ThinkPad EasyEject'
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{30DB11CB-5A5C-471C-B777-3CC12D7BE2C3}" = StarMoney
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM System für aktiven Festplattenschutz
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = ThinkPad Integrated Bluetooth IV Software
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95381165-5D16-4CD4-9162-57799A3F3AB5}" = PCLinq2 Hi-Speed USB Bridge Cable
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7476A5B-5709-42B1-843C-CE750332F77B}" = StarMoney 6.0 S-Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9A8539A-5758-4639-B533-E91934A92B6D}" = Routenplaner 2003 professional
"{DFEBA70E-F169-4016-AB27-7230BCCDBD42}" = IBM Fingerprint Software 4.5.5
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVMFBox" = FRITZ!Box
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.1.0
"CrystalReports7" = Seagate Crystal Reports for ESRI
"DeInst_dotexcrd1.0" = TOP 50 (Version 1.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Registry Defrag_is1" = Free Registry Defrag
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"InstallShield_{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Webclient für Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"ProInst" = Intel(R) PROSet/Wireless Software
"Puran Defrag_is1" = Puran Defrag 7.6
"Rainbow Sentinel Driver" = Sentinel System Driver
"ST6UNST #1" = WinforstPro V1.5
"ST6UNST #10" = WinforstPro32 V4.0 SP08 (2010-01-18)
"ST6UNST #2" = WFP_ADMIN
"ST6UNST #3" = WinforstPro V1.5 (C:\Programme\WinforstPro\)
"ST6UNST #4" = WinforstPro V1.5 SP2 2004_03_22
"ST6UNST #5" = WinforstPro V2.0 2004_07_23
"ST6UNST #6" = WinforstPro V2.0 SP2 2005_02_15
"ST6UNST #7" = WinforstPro V2.0 SP19 2005_11_30
"ST6UNST #8" = WinforstPro V3.0 2006_08_01
"ST6UNST #9" = WinforstPro32 V4.0 SP01 (2009-04-20)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"WaldKat 2000" = WaldKat 2000
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ab707fdcbd31fcd7" = Zeiterfassung
"ArcView GIS 3.2a" = ArcView GIS 3.2a
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2013 09:06:17 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:06:21 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 09:24:24 | Computer Name = NB-*+*+* | Source = MsiInstaller | ID = 11905
Description = Product: mMHouse -- Error 1905.Module C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL
failed to unregister. HRESULT . Contact your support personnel.
Error - 15.06.2013 09:27:14 | Computer Name = NB-*+*+* | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service
cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file
is protected by Windows. You may need to update your operating system for this
program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0
Error - 15.06.2013 09:34:11 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:34:23 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 09:51:55 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:51:57 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 10:08:03 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 10:08:09 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 15.06.2013 09:34:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:34:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 09:51:59 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:51:59 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 09:52:35 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:52:35 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 10:08:10 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 10:08:10 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 10:08:49 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 10:08:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-15 18:04:42
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVE-00A0HT0 rev.11.01A11 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\*+*+*\LOKALE~1\Temp\pfdyqkog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xA84699E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xA8405410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xA841C588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xA8405988]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xA840586E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xA841C8AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcess [0xA846B95E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcessEx [0xA846BB7A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xA846CA3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xA8405AA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xA846C03E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xA841C97C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xA846B804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteKey [0xA841660E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteValueKey [0xA8417DF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xA8405454]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xA8469B26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateKey [0xA8417602]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateValueKey [0xA8417F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xA846978E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey [0xA8417146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey2 [0xA841739E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xA846C836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xA841AD4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xA8405A1E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xA84058FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xA846B3AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xA846CCEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xA8405B3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xA846BD9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryKey [0xA8416442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryMultipleValueKey [0xA8417C04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xA841AF58]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryValueKey [0xA84179F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xA846C6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRenameKey [0xA8416722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplaceKey [0xA8416D94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xA841CBBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xA841CA4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xA841CB00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xA841CC2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRestoreKey [0xA8416F9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xA846C414]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKey [0xA84168C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKeyEx [0xA8416A5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveMergedKeys [0xA8416BF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xA841C716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xA846C572]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xA8405BC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xA8469898]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetValueKey [0xA84177C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xA846B54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xA846C2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xA8405BDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xA846B6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xA846BF3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xA846CE52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xA846CB7C]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 24DC 80501D38 12 Bytes [AE, C8, 41, A8, 5E, B9, 46, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501E04 12 Bytes [8E, 97, 46, A8, 46, 71, 41, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2618 80501E74 8 Bytes [EA, CC, 46, A8, 3E, 5B, 40, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 26F4 80501F50 4 Bytes JMP D4A846C6
.text ntkrnlpa.exe!ZwCallbackReturn + 2724 80501F80 20 Bytes [22, 67, 41, A8, 94, 6D, 41, ...]
.text ...
---- User code sections - GMER 2.1 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 klmouflt.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys
Device \FileSystem\Fastfat \Fat A637ED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
15.06.2013, 18:18
| #2 |
| /// the machine /// TB-Ausbilder    | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
15.06.2013, 18:35
| #3 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Hi schrauber, das nenne ich eine blitzschnelle Antwort!
__________________Hier die neuen Logs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2013
Ran by *+*+* (administrator) on 15-06-2013 19:29:11
Running from C:\Dokumente und Einstellungen\*+*+*\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(UPEK Inc.) C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe
() C:\WINDOWS\system32\ibmpmsvc.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
(AVM Berlin) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(IBM Corp.) C:\WINDOWS\system32\TpShocks.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(Broadcom Corporation) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(CANON INC.) C:\Programme\Canon\MyPrinter\BJMyPrt.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\tposdsvc.exe
(Puran Software) C:\Programme\Puran Defrag\PuranADT.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Google Inc.) C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\WMPNSCFG.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe
() C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Puran Software) C:\WINDOWS\system32\PuranDefragS.exe
(IBM Corp.) C:\WINDOWS\System32\QCONSVC.EXE
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
(IBM Corporation) C:\WINDOWS\System32\TPHDEXLG.EXE
() C:\WINDOWS\system32\TpKmpSVC.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) c:\programme\lenovo\system update\suservice.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Zoom\TpScrex.exe
(Bytemobile, Inc.) C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe [110592 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe [512000 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper [897024 2004-02-04] (IBM Corp.)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [ControlCenter] "C:\Programme\IBM fingerprint software\ctlcntr.exe" /startup [287333 2005-04-13] (UPEK Inc.)
HKLM\...\Run: [TP4EX] tp4ex.exe [x]
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [217088 2005-03-23] (IBM Corp.)
HKLM\...\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-09-02] (Sonic Solutions)
HKLM\...\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [139264 2005-04-14] (IBM Corp.)
HKLM\...\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [x]
HKLM\...\Run: [PuranADT] C:\Programme\Puran Defrag\PuranADT.exe [335232 2013-01-17] (Puran Software)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-14] (Kaspersky Lab ZAO)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\psfus: C:\Programme\IBM fingerprint software\psfus.dll [X]
Winlogon\Notify\QConGina: QConGina.dll (IBM Corp.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-06-26] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe [204288 2006-11-03] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
BootExecute: autocheck autochk * autocheck PuranDefragBT -AD
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {7AD48B50-0338-428D-830F-BAFF2292DDC0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=9aaea3d2-3fb9-426e-87ec-a671dd46068d&apn_sauid=E2E8E175-0B5D-4EE6-B3BD-1BB1E61C0A11
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135511583123
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242637022875
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)
Winsock: Catalog9 01 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 02 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 03 bmnet.dll File Not found (Bytemobile, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========================== Services (Whitelisted) =================
R2 AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-14] (Kaspersky Lab ZAO)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [163840 2005-05-24] (Broadcom Corporation)
S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [794624 2007-11-19] (Intel Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-16] (Google)
R2 IBM Rapid Restore Ultra Service; C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-04-27] ()
R2 IBMPMSVC; C:\Windows\system32\ibmpmsvc.exe [57344 2004-11-05] ()
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 LENOVO.MICMUTE; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-12] (Mozilla Foundation)
R2 MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
R2 QCONSVC; C:\Windows\System32\QCONSVC.EXE [77824 2005-03-18] (IBM Corp.)
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-11-19] (Intel Corporation)
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-11-19] (Intel Corporation )
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 SUService; c:\programme\lenovo\system update\suservice.exe [28672 2013-04-15] (Lenovo Group Limited)
R2 ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [644408 2007-09-26] (Lenovo Group Limited)
R2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.EXE [77824 2004-05-24] (IBM Corporation)
R2 TPHKLOAD; C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [142696 2011-07-12] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-11] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2010-03-31] (TuneUp Software GmbH)
R2 TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
R2 VMCService; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
R2 vtserver; C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe [40554 2005-04-13] (UPEK Inc.)
S2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-06-15] (Cisco Systems, Inc.)
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-03-18] (IBM Corp.)
R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [59520 2004-05-24] (AVM Berlin)
R3 AVMWAN; C:\Windows\System32\DRIVERS\avmwan.sys [38608 2003-02-27] (AVM Berlin)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-05-02] (Broadcom Corporation)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [17408 2005-05-24] (Broadcom Corporation)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30299 2005-05-24] (Broadcom Corporation)
R0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1241818 2005-05-24] (Broadcom Corporation)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148040 2005-05-24] (Broadcom Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [55288 2005-05-24] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
R3 FXPCBASE; C:\Windows\System32\DRIVERS\fxpcbase.sys [523248 2003-02-27] (AVM Berlin)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200448 2004-11-10] (Conexant Systems, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102656 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R2 ibmfilter; C:\WINDOWS\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [12944 2004-11-05] (IBM Corp.)
R1 IBMTPCHK; C:\Windows\System32\drivers\IBMBLDID.SYS [2432 2005-03-18] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [591968 2013-06-11] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24408 2012-12-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24920 2012-12-14] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44432 2013-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-06-11] (Kaspersky Lab ZAO)
S3 MOUSEWDFilter; C:\WINDOWS\System32\Drivers\MOUSEWD.SYS [6528 2006-07-10] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PcdrNdisuio; C:\Windows\System32\DRIVERS\pcdrndisuio.sys [12416 2005-02-01] (Windows (R) 2000 DDK provider)
S3 PLUsbbc2; C:\Windows\System32\Drivers\usbbc2.sys [8960 2003-05-07] (Prolific Technology Inc.)
R2 PMEM; C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-05-31] (Microsoft Corporation)
S3 QCNDISIF; C:\Windows\System32\drivers\qcndisif.SYS [12288 2005-03-18] (IBM Corporation.)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-11-20] (Intel Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
R1 ShockMgr; C:\Windows\System32\Drivers\ShockMgr.sys [4608 2004-05-14] (IBM Corporation)
R0 Shockprf; C:\Windows\System32\Drivers\Shockprf.sys [59776 2005-01-14] (IBM Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2005-01-21] (Microsoft Corporation)
R2 SmiHlp; C:\Programme\IBM fingerprint software\smihlp.sys [3328 2005-04-13] (UPEK Inc.)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9340 2005-01-21] ()
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-09-02] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-09-02] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-09-02] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2271 2004-09-02] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-09-02] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-09-02] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-09-02] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-09-02] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-09-02] (Sonic Solutions)
R0 TPDiskPM; C:\Windows\System32\Drivers\TPDiskPM.sys [14208 2004-12-02] (IBM Corporation)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 TPInput; C:\Windows\System32\DRIVERS\TPInput.sys [6016 2004-12-02] (IBM Corporation)
R3 TPM11; C:\Windows\System32\DRIVERS\nsctpm11.sys [14336 2005-04-21] (National Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2005-04-14] ()
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [7168 2005-05-17] ()
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 PCIDump; No ImagePath
S4 Simbad; No ImagePath
U3 pfdyqkog; \??\C:\DOKUME~1\*+*+*\LOKALE~1\Temp\pfdyqkog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 16:07 - 2006-09-15 09:54 - 00155648 ____A (Intel Corporation) C:\Windows\System32\igfxres.dll
2013-06-15 15:49 - 2013-06-15 15:50 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:47 - 2010-09-07 14:09 - 00013680 ____A (Lenovo Group Limited) C:\Windows\System32\Drivers\smiif32.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2007-07-25 16:44 - 02210048 ____A (Intel® Corporation) C:\Windows\System32\Drivers\w29n51.sys
2013-06-15 15:26 - 2007-02-12 11:41 - 02732032 ____A (Intel Corporation) C:\Windows\System32\Netw2r32.dll
2013-06-15 15:26 - 2007-02-12 11:40 - 00557056 ____A (Intel Corporation) C:\Windows\System32\Netw2c32.dll
2013-06-15 15:25 - 2013-06-15 15:26 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-12 09:26 - 2013-06-12 09:26 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-12 08:25 - 2005-04-27 10:53 - 00045056 ____A C:\Windows\System32\pwdmon.dll
2013-06-12 08:24 - 1998-11-17 14:44 - 00328704 ____A (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-06-12 08:24 - 1996-11-06 13:05 - 00302592 ____A (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-06-12 08:21 - 2013-06-12 08:23 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 05:48 - 2013-06-12 08:32 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-11 13:33 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 10:48 - 2013-06-15 18:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-11 10:48 - 2013-06-13 18:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 03:48 - 2013-06-15 19:28 - 00003008 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-11 03:25 - 2013-06-11 03:53 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:25 - 2013-06-11 03:53 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 02:02 - 2005-12-25 18:05 - 00000194 ____A C:\Boot.bak
2013-06-11 02:02 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-06-11 02:00 - 2013-06-12 08:51 - 00000000 ____D C:\Windows\erdnt
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 00:32 - 2013-01-17 16:24 - 01136512 ____A (Puran Software) C:\Windows\System32\PuranFD.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00260992 ____A (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00257408 ____A (Puran Software) C:\Windows\System32\PuranDC.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00109952 ____A (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-06-11 00:32 - 2012-12-13 12:09 - 00219520 ____A (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-05-18 15:03 - 2013-05-18 15:14 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-17 10:13 - 2013-05-17 10:15 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:11 - 2013-05-17 10:13 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 07:32 - 2013-05-17 10:02 - 00015112 ____A C:\Windows\KB2829361.log
==================== One Month Modified Files and Folders ========
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 19:29 - 2009-11-13 11:05 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job
2013-06-15 19:28 - 2013-06-11 03:48 - 00003008 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-15 19:18 - 2010-01-07 17:23 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 19:00 - 2009-05-15 09:31 - 00000496 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-06-15 18:52 - 2013-06-11 10:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 18:42 - 2004-08-10 14:18 - 00000000 ___RD C:\Programme
2013-06-15 18:40 - 2008-01-05 18:03 - 00000000 ____D C:\Installierer
2013-06-15 18:18 - 2008-01-05 18:20 - 00032594 ____A C:\Windows\SchedLgU.Txt
2013-06-15 17:18 - 2010-01-07 17:23 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 16:14 - 2011-12-08 14:24 - 00454972 ____A C:\Windows\setupapi.log
2013-06-15 16:11 - 2008-01-05 18:19 - 01050809 ____A C:\Windows\WindowsUpdate.log
2013-06-15 16:08 - 2008-01-05 18:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-15 16:08 - 2008-01-05 18:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-15 16:08 - 1980-01-01 01:00 - 00002278 ____A C:\Windows\System32\wpa.dbl
2013-06-15 16:07 - 2005-10-27 00:07 - 00000316 ____A C:\Windows\Tasks\PMTask.job
2013-06-15 16:07 - 2004-08-10 14:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 16:05 - 2005-10-26 23:48 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-15 15:50 - 2013-06-15 15:49 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:29 - 2005-10-26 23:46 - 00000476 ____A C:\Windows\System32\results.txt
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2013-06-15 15:25 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-13 18:52 - 2013-06-11 10:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 18:52 - 2011-09-18 13:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 09:26 - 2013-06-12 09:26 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-12 08:52 - 2004-08-10 14:24 - 00000000 ____D C:\Windows\System32\Restore
2013-06-12 08:51 - 2013-06-11 02:00 - 00000000 ____D C:\Windows\erdnt
2013-06-12 08:32 - 2013-06-12 05:48 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00608901 ____A C:\Windows\iis6.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00563262 ____A C:\Windows\FaxSetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00278924 ____A C:\Windows\ocgen.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00257944 ____A C:\Windows\tsoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00187859 ____A C:\Windows\comsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00171986 ____A C:\Windows\msmqinst.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00113972 ____A C:\Windows\ntdtcsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00099062 ____A C:\Windows\netfxocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00038969 ____A C:\Windows\MedCtrOC.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00031249 ____A C:\Windows\ocmsn.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00028185 ____A C:\Windows\tabletoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00027474 ____A C:\Windows\msgsocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 08:32 - 2008-02-21 16:49 - 00000182 ____A C:\Windows\DOTEXCRD.INI
2013-06-12 08:32 - 2005-12-25 18:29 - 00000773 ____A C:\Windows\ODBC.INI
2013-06-12 08:23 - 2013-06-12 08:21 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 08:23 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 08:23 - 2011-10-16 17:53 - 00043931 ____A C:\Windows\updspapi.log
2013-06-12 08:23 - 2009-11-13 10:23 - 00000000 ____D C:\Windows\ie8updates
2013-06-12 08:23 - 2006-03-16 12:51 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 00:32 - 2001-09-17 14:02 - 00000310 _RASH C:\BOOT.INI
2013-06-11 13:25 - 2009-03-26 11:22 - 00001014 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-11 13:05 - 2005-10-26 23:53 - 00000000 ____D C:\Program Files\IBM
2013-06-11 03:53 - 2013-06-11 03:25 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:53 - 2013-06-11 03:25 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 03:53 - 2012-12-14 13:45 - 00044432 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-11 03:53 - 2012-08-13 16:49 - 00145040 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:35 - 1980-01-01 01:00 - 00000227 ____A C:\Windows\system.ini
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:15 - 2004-08-10 15:17 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-11 02:15 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 35127296 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 07602176 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 03969024 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 01:38 - 2004-08-10 15:17 - 00061440 ____A C:\Windows\System32\config\SECURITY_BAK_54681
2013-06-11 01:38 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM_BAK_21865
2013-06-11 01:38 - 2004-08-10 15:16 - 36175872 ____A C:\Windows\System32\config\SOFTWARE_BAK_39271
2013-06-11 01:38 - 2004-08-10 15:16 - 08650752 ____A C:\Windows\System32\config\SYSTEM_BAK_49603
2013-06-11 01:38 - 2004-08-10 15:16 - 04194304 ____A C:\Windows\System32\config\DEFAULT_BAK_24034
2013-06-11 00:25 - 2012-06-10 22:55 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-18 15:27 - 2005-10-26 23:36 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-18 15:14 - 2013-05-18 15:03 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 15:00 - 2004-08-10 14:18 - 01085864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 00:00 - 2006-05-19 17:06 - 06014976 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-18 00:00 - 1980-01-01 01:00 - 06014976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 10:15 - 2013-05-17 10:13 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:13 - 2013-05-17 10:11 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 10:11 - 2005-10-26 23:36 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-17 10:02 - 2013-05-17 07:32 - 00015112 ____A C:\Windows\KB2829361.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[1980-01-01 01:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[1980-01-01 01:00] - [2009-02-09 13:21] - 0111104 ____N (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[1980-01-01 01:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0026624 ____N (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[1980-01-01 01:00] - [2008-04-14 03:52] - 0053760 ____N (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-06-2013 Ran by *+*+* at 2013-06-15 19:29:55 Run: Running from C:\Dokumente und Einstellungen\*+*+*\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 12024SC Mouse Driver (Version: 2.0) Access IBM (Version: 4.52a) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Anzeige am Bildschirm (Version: 6.62.01) ArcView GIS 3.2a AVM FRITZ!DSL AVM ISDN CAPI Port Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 1.1 Canon MX850 series Benutzerregistrierung Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CCleaner (Version: 4.02) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CrystalDiskInfo 3.1.0 (Version: 3.1.0) Dienstprogramm 'IBM ThinkPad EasyEject' (Version: 2.11) Dienstprogramm 'IBM ThinkPad-Tastaturanpassung' (Version: 1.2.92.0) Dropbox (Version: 2.0.22) EMEA Wallpaper (Version: 1.00.0000) Free M4a to MP3 Converter 7.1 Free Registry Defrag FRITZ!Box Funktion "IBM TrackPoint-Eingabehilfen" (Version: 1.07.0.0) Google Earth (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.145) Google Updater (Version: 2.4.2432.1652) Hotfix für Windows Internet Explorer 7 (KB947864) (Version: 1) HP PSC & OfficeJet 4.7 IBM Access Connections (Version: 3.71) IBM DLA (Version: 4.95) IBM Fingerprint Software 4.5.5 (Version: 4.5.5.1109) IBM Integrated 56K Modem (Version: 7.12.15.50) IBM RecordNow! (Version: 7.22) IBM Rescue and Recovery with Rapid Restore (Version: 2.04.0182) IBM SATA Power Management Driver (Version: 1.00) IBM System für aktiven Festplattenschutz (Version: 1.32) IBM Themes (Version: 1.00.0000) IBM ThinkPad Energie-Manager (Version: 1.01) IBM ThinkPad Power Management Driver (Version: 1.30) IBM ThinkPad 'Präsentationsdirektor' (Version: 2.34) IBM ThinkPad UltraNav Driver (Version: 7.5.17.13) IBM ThinkPad-Konfiguration (Version: 1.40b) IBM ThinkPad-UltraNav-Assistent (Version: 2.01.00) IBM ThinkVantage Technologies Welcome Message (Version: 1.01) InfraRecorder Intel(R) Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4693) Intel(R) PROSet/Wireless Software (Version: 11.5.0.API) InterVideo WinDVD (Version: 5.0-B11.287) Kaspersky Internet Security 2013 (Version: 13.0.1.4190) Lenovo Auto Scroll Utility (Version: 1.11) Lenovo Patch Utility (Version: 1.0.1.1) Lenovo System Interface Driver (Version: 1.05) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) mCore (Version: 11.04.0000) mDriver (Version: 11.04.0000) MetaFrame Presentation Server Webclient für Win32 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Bootvis (Version: 1.3.37) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional (Version: 10.0.6626.0) Microsoft SQL Server Desktop Engine (Version: 8.00.760) Microsoft User-Mode Driver Framework Feature Pack 1.0 mMHouse (Version: 11.04.0000) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) mPfMgr (Version: 11.04.0000) mProSafe (Version: 9.00.0000) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (Version: 6.00.3883.8) mWlsSafe (Version: 9.00.0000) Notepad++ (Version: 6.3.3) PC-Doctor for Windows (Version: 1.06.007) PCLinq2 Hi-Speed USB Bridge Cable Puran Defrag 7.6 Routenplaner 2003 professional Seagate Crystal Reports for ESRI Sentinel System Driver Sicherheitsupdate für Windows Internet Explorer 7 (KB928090) (Version: 20070117.120000) Sicherheitsupdate für Windows Internet Explorer 7 (KB929969) (Version: 20061222.120000) Sicherheitsupdate für Windows Internet Explorer 7 (KB931768) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB933566) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB937143) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB939653) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB942615) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB969897) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB972260) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 7 (KB974455) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB974455) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB976325) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB978207) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1) Skype Toolbars (Version: 1.0.4051) Skype™ 5.10 (Version: 5.10.116) Software Installer (Version: 3.12.0506) Sonic Update Manager (Version: 2.9) SoundMAX (Version: 5.12.01.5300) StarMoney (Version: 1.0) StarMoney 6.0 S-Edition (Version: 6.0) System Update (Version: 3.16.0005) ThinkPad FullScreen Magnifier (Version: 2.40) ThinkPad Integrated Bluetooth IV Software (Version: 3.0.1.917) TOP 50 (Version 1.0) TuneUp Utilities 2008 (Version: 7.0.8009) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update für Windows Internet Explorer 7 (KB976749) (Version: 1) Update für Windows Internet Explorer 8 (KB975364) (Version: 1) Update für Windows Internet Explorer 8 (KB976662) (Version: 1) Update für Windows Internet Explorer 8 (KB976749) (Version: 1) Update für Windows Internet Explorer 8 (KB980182) (Version: 1) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01) Vodafone Mobile Connect Lite (Version: 9.4.3.17550) WaldKat 2000 WebFldrs XP (Version: 9.50.7523) WFP_ADMIN Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 (Version: 20080414.031514) WinforstPro V1.5 WinforstPro V1.5 (C:\Programme\WinforstPro\) WinforstPro V1.5 SP2 2004_03_22 WinforstPro V2.0 2004_07_23 WinforstPro V2.0 SP19 2005_11_30 WinforstPro V2.0 SP2 2005_02_15 WinforstPro V3.0 2006_08_01 WinforstPro32 V4.0 SP01 (2009-04-20) WinforstPro32 V4.0 SP08 (2010-01-18) XML Paper Specification Shared Components Language Pack 1.0 Zeiterfassung (Version: 2.0.0.3) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2013 04:08:09 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (06/15/2013 04:08:03 PM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:51:57 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:51:55 PM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:34:23 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:34:11 PM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:27:14 PM) (Source: MsiInstaller) (User: NB-*+*+*) Description: Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0 Error: (06/15/2013 03:24:24 PM) (Source: MsiInstaller) (User: NB-*+*+*) Description: Product: mMHouse -- Error 1905.Module C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL failed to unregister. HRESULT . Contact your support personnel. Error: (06/15/2013 03:06:21 PM) (Source: VMCService) (User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:06:17 PM) (Source: MSSQLSERVER) (User: ) Description: 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. System errors: ============= Error: (06/15/2013 04:08:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/15/2013 04:08:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (06/15/2013 04:08:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/15/2013 04:08:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (06/15/2013 03:52:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/15/2013 03:52:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (06/15/2013 03:51:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/15/2013 03:51:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (06/15/2013 03:34:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (06/15/2013 03:34:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= Error: (06/15/2013 04:08:09 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue Error: (06/15/2013 04:08:03 PM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:51:57 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:51:55 PM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:34:23 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:34:11 PM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. Error: (06/15/2013 03:27:14 PM) (Source: MsiInstaller)(User: NB-*+*+*) Description: Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0(NULL)(NULL)(NULL) Error: (06/15/2013 03:24:24 PM) (Source: MsiInstaller)(User: NB-*+*+*) Description: Product: mMHouse -- Error 1905.Module C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL failed to unregister. HRESULT . Contact your support personnel.(NULL)(NULL)(NULL) Error: (06/15/2013 03:06:21 PM) (Source: VMCService)(User: ) Description: conflictManagerTypeValue Error: (06/15/2013 03:06:17 PM) (Source: MSSQLSERVER)(User: ) Description: 19012SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss 1433. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 1526.42 MB Available physical RAM: 618.9 MB Total Pagefile: 3870.41 MB Available Pagefile: 2911.81 MB Total Virtual: 2047.88 MB Available Virtual: 1936.18 MB ==================== Drives ================================ Drive c: (Festplatte) (Fixed) (Total:145.07 GB) (Free:104.99 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: CC803034) Partition 1: (Active) - (Size=145 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=4 GB) - (Type=12) ==================== End Of Log ============================ |
|
15.06.2013, 18:39
| #4 | |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv?Zitat:
 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2013, 18:48
| #5 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Na dann beschäftige ich dich gerne noch etwas :-) Was ich noch hinzufügen sollte: Der Angriff kann bereits im Mai stattgefunden haben, aber auf keinen Fall vor Mai. Combofix hatte ich ja schon drüberlaufen lassen. Alle Löschungen waren false positives (laut virustotal.com), die ich bereits wiederhergestellt habe. Hier das log: Code:
ATTFilter ComboFix 13-06-08.02 - *+*+* 11.06.2013 2:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1526.1014 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*+*+*\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\*+*+*\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\pwdmon.dll
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-11 bis 2013-06-11 ))))))))))))))))))))))))))))))
.
.
2013-06-10 22:32 . 2013-01-17 14:23 260992 ----a-w- c:\windows\system32\PuranDefragS.exe
2013-06-10 22:32 . 2013-01-17 14:23 109952 ----a-w- c:\windows\system32\PuranDefragBT.exe
2013-06-10 22:32 . 2013-01-17 14:23 257408 ----a-w- c:\windows\system32\PuranDC.exe
2013-06-10 22:32 . 2012-12-13 10:09 219520 ----a-w- c:\windows\system32\PuranDefrag.dll
2013-06-10 22:32 . 2013-06-10 23:47 -------- d-----w- c:\programme\Puran Defrag
2013-06-10 22:32 . 2013-01-17 14:24 1136512 ----a-w- c:\windows\system32\PuranFD.exe
2013-06-04 09:31 . 2013-06-04 09:31 -------- d-----w- c:\programme\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 22:16 . 1979-12-31 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:16 . 1979-12-31 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:16 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 1979-12-31 23:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:00 . 1979-12-31 23:00 1876480 ------w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TpShocks"="TpShocks.exe" [2005-04-05 106496]
"ControlCenter"="c:\programme\IBM fingerprint software\ctlcntr.exe" [2005-04-13 287333]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"UpdateManager"="c:\programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2005-04-27 90112]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PuranADT"="c:\programme\Puran Defrag\PuranADT.exe" [2013-01-17 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\*+*+*\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Dienst-Manager.lnk - c:\programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-26 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-04-13 08:06 110691 ------w- c:\programme\IBM fingerprint software\psfus.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 02:07 262144 ------w- c:\windows\system32\QConGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck PuranDefragBT -AD
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WireLessMouse"=c:\programme\12024SC Mouse Driver\StartAutorun.exe MouseDrv.exe
"BLOG"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"IJNetworkScanUtility"=c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\*+*+*\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [26.10.2005 23:39 14208]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [08.11.2006 09:07 59520]
R2 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [11.06.2013 00:32 260992]
R2 SmiHlp;SMI helper driver;c:\programme\IBM fingerprint software\smihlp.sys [13.04.2005 09:58 3328]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [11.09.2009 13:33 9216]
R3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [27.02.2003 02:00 38608]
R3 FXPCBASE;AVM FRITZ!X PC v2.0/v3.0 (WinXP/2000);c:\windows\system32\drivers\fxpcbase.sys [27.02.2003 02:00 523248]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [26.10.2005 23:39 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [01.01.1980 01:00 14336]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09.11.2010 14:40 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09.11.2010 14:46 102656]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [18.11.2010 19:48 9728]
S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [28.09.2007 18:20 6528]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [16.03.2006 13:32 8960]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [27.10.2005 00:03 12288]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [18.11.2010 19:50 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [18.11.2010 19:49 105088]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21 16:47]
.
2013-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 15:26]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-07 15:23]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-07 15:23]
.
2013-06-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-10-26 00:01]
.
2013-06-11 c:\windows\Tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
LSP: bmnet.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DeInst_dotexcrd1.0 - c:\windows\unin0407.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Presentation Director - c:\windows\IsUn0407.exe
AddRemove-WaldKat 2000 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-11 02:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\programme\IBM fingerprint software\psfus.dll
c:\programme\Gemeinsame Dateien\Virtual Token\psutil.dll
c:\programme\Gemeinsame Dateien\Virtual Token\Remote.dll
c:\windows\system32\tphklock.dll
c:\programme\Gemeinsame Dateien\Virtual Token\passport.dll
.
- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\dokumente und einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\FRITZ!DSL\IGDCTRL.EXE
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\QCONSVC.EXE
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TpShocks.exe
c:\programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-11 02:39:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-11 00:39
.
Vor Suchlauf: 24 Verzeichnis(se), 113.408.729.088 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 113.907.707.904 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - AF28BE712A124919AB68973434977394
EEB3A633FFFEAA30073F7D9BB4F31CA0
Geändert von Computerix (15.06.2013 um 18:54 Uhr) |
|
15.06.2013, 19:28
| #6 |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Logfile.
__________________ --> Computer wurde ausspioniert - Spionagesoftware noch aktiv? |
|
16.06.2013, 11:11
| #7 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Konnte gestern nicht mehr weitermachen. Jetzt aber die weiteren Logs: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 16/06/2013 um 11:25:38 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : *+*+* - NB-*+*+*
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\*+*+*\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\searchplugins\Askcom.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1411 octets] - [16/06/2013 11:23:01]
AdwCleaner[S1].txt - [1344 octets] - [16/06/2013 11:25:38]
########## EOF - C:\AdwCleaner[S1].txt - [1404 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by *+*+* on 16.06.2013 at 11:50:42,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7AD48B50-0338-428D-830F-BAFF2292DDC0}
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.06.2013 at 11:57:21,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
16.06.2013, 11:15
| #8 |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Dann noch das frische FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 11:36
| #9 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Oh, hatte ich überlesen - sorry! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2013
Ran by *+*+* (administrator) on 16-06-2013 12:30:13
Running from C:\Dokumente und Einstellungen\*+*+*\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(UPEK Inc.) C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe
() C:\WINDOWS\system32\ibmpmsvc.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
(AVM Berlin) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\tposdsvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
() C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Puran Software) C:\WINDOWS\system32\PuranDefragS.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(IBM Corp.) C:\WINDOWS\System32\QCONSVC.EXE
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
(IBM Corp.) C:\WINDOWS\system32\TpShocks.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(CANON INC.) C:\Programme\Canon\MyPrinter\BJMyPrt.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Puran Software) C:\Programme\Puran Defrag\PuranADT.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\WMPNSCFG.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Zoom\TpScrex.exe
(IBM Corporation) C:\WINDOWS\System32\TPHDEXLG.EXE
() C:\WINDOWS\system32\TpKmpSVC.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(Lenovo Group Limited) c:\programme\lenovo\system update\suservice.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Bytemobile, Inc.) C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe [110592 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe [512000 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper [897024 2004-02-04] (IBM Corp.)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [ControlCenter] "C:\Programme\IBM fingerprint software\ctlcntr.exe" /startup [287333 2005-04-13] (UPEK Inc.)
HKLM\...\Run: [TP4EX] tp4ex.exe [x]
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [217088 2005-03-23] (IBM Corp.)
HKLM\...\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-09-02] (Sonic Solutions)
HKLM\...\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [139264 2005-04-14] (IBM Corp.)
HKLM\...\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [x]
HKLM\...\Run: [PuranADT] C:\Programme\Puran Defrag\PuranADT.exe [335232 2013-01-17] (Puran Software)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-14] (Kaspersky Lab ZAO)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\psfus: C:\Programme\IBM fingerprint software\psfus.dll [X]
Winlogon\Notify\QConGina: QConGina.dll (IBM Corp.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-06-26] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe [204288 2006-11-03] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
BootExecute: autocheck autochk * autocheck PuranDefragBT -AD
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135511583123
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242637022875
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)
Winsock: Catalog9 01 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 02 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 03 bmnet.dll File Not found (Bytemobile, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========================== Services (Whitelisted) =================
R2 AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-14] (Kaspersky Lab ZAO)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [163840 2005-05-24] (Broadcom Corporation)
S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [794624 2007-11-19] (Intel Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-16] (Google)
R2 IBM Rapid Restore Ultra Service; C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-04-27] ()
R2 IBMPMSVC; C:\Windows\system32\ibmpmsvc.exe [57344 2004-11-05] ()
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 LENOVO.MICMUTE; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-12] (Mozilla Foundation)
R2 MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
R2 QCONSVC; C:\Windows\System32\QCONSVC.EXE [77824 2005-03-18] (IBM Corp.)
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-11-19] (Intel Corporation)
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-11-19] (Intel Corporation )
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 SUService; c:\programme\lenovo\system update\suservice.exe [28672 2013-04-15] (Lenovo Group Limited)
R2 ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [644408 2007-09-26] (Lenovo Group Limited)
R2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.EXE [77824 2004-05-24] (IBM Corporation)
R2 TPHKLOAD; C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [142696 2011-07-12] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-11] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2010-03-31] (TuneUp Software GmbH)
R2 TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
R2 VMCService; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
R2 vtserver; C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe [40554 2005-04-13] (UPEK Inc.)
S2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-06-15] (Cisco Systems, Inc.)
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-03-18] (IBM Corp.)
R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [59520 2004-05-24] (AVM Berlin)
R3 AVMWAN; C:\Windows\System32\DRIVERS\avmwan.sys [38608 2003-02-27] (AVM Berlin)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-05-02] (Broadcom Corporation)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [17408 2005-05-24] (Broadcom Corporation)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30299 2005-05-24] (Broadcom Corporation)
R0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1241818 2005-05-24] (Broadcom Corporation)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148040 2005-05-24] (Broadcom Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [55288 2005-05-24] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
R3 FXPCBASE; C:\Windows\System32\DRIVERS\fxpcbase.sys [523248 2003-02-27] (AVM Berlin)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200448 2004-11-10] (Conexant Systems, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102656 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R2 ibmfilter; C:\WINDOWS\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [12944 2004-11-05] (IBM Corp.)
R1 IBMTPCHK; C:\Windows\System32\drivers\IBMBLDID.SYS [2432 2005-03-18] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [591968 2013-06-11] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24408 2012-12-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24920 2012-12-14] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44432 2013-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-06-11] (Kaspersky Lab ZAO)
S3 MOUSEWDFilter; C:\WINDOWS\System32\Drivers\MOUSEWD.SYS [6528 2006-07-10] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PcdrNdisuio; C:\Windows\System32\DRIVERS\pcdrndisuio.sys [12416 2005-02-01] (Windows (R) 2000 DDK provider)
S3 PLUsbbc2; C:\Windows\System32\Drivers\usbbc2.sys [8960 2003-05-07] (Prolific Technology Inc.)
R2 PMEM; C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-05-31] (Microsoft Corporation)
S3 QCNDISIF; C:\Windows\System32\drivers\qcndisif.SYS [12288 2005-03-18] (IBM Corporation.)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-11-20] (Intel Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
R1 ShockMgr; C:\Windows\System32\Drivers\ShockMgr.sys [4608 2004-05-14] (IBM Corporation)
R0 Shockprf; C:\Windows\System32\Drivers\Shockprf.sys [59776 2005-01-14] (IBM Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2005-01-21] (Microsoft Corporation)
R2 SmiHlp; C:\Programme\IBM fingerprint software\smihlp.sys [3328 2005-04-13] (UPEK Inc.)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9340 2005-01-21] ()
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-09-02] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-09-02] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-09-02] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2271 2004-09-02] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-09-02] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-09-02] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-09-02] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-09-02] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-09-02] (Sonic Solutions)
R0 TPDiskPM; C:\Windows\System32\Drivers\TPDiskPM.sys [14208 2004-12-02] (IBM Corporation)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 TPInput; C:\Windows\System32\DRIVERS\TPInput.sys [6016 2004-12-02] (IBM Corporation)
R3 TPM11; C:\Windows\System32\DRIVERS\nsctpm11.sys [14336 2005-04-21] (National Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2005-04-14] ()
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [7168 2005-05-17] ()
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 PCIDump; No ImagePath
S4 Simbad; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-16 11:50 - 2013-06-16 11:50 - 00000000 ____D C:\JRT
2013-06-16 11:25 - 2013-06-16 11:40 - 00001463 ____A C:\AdwCleaner[S1].txt
2013-06-16 11:13 - 2013-06-16 11:13 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 16:07 - 2006-09-15 09:54 - 00155648 ____A (Intel Corporation) C:\Windows\System32\igfxres.dll
2013-06-15 15:49 - 2013-06-15 15:50 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:47 - 2010-09-07 14:09 - 00013680 ____A (Lenovo Group Limited) C:\Windows\System32\Drivers\smiif32.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2007-07-25 16:44 - 02210048 ____A (Intel® Corporation) C:\Windows\System32\Drivers\w29n51.sys
2013-06-15 15:26 - 2007-02-12 11:41 - 02732032 ____A (Intel Corporation) C:\Windows\System32\Netw2r32.dll
2013-06-15 15:26 - 2007-02-12 11:40 - 00557056 ____A (Intel Corporation) C:\Windows\System32\Netw2c32.dll
2013-06-15 15:25 - 2013-06-15 15:26 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-12 08:25 - 2005-04-27 10:53 - 00045056 ____A C:\Windows\System32\pwdmon.dll
2013-06-12 08:24 - 1998-11-17 14:44 - 00328704 ____A (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-06-12 08:24 - 1996-11-06 13:05 - 00302592 ____A (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-06-12 08:21 - 2013-06-12 08:23 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 05:48 - 2013-06-12 08:32 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-11 13:33 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 10:48 - 2013-06-16 11:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-11 10:48 - 2013-06-13 18:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 03:48 - 2013-06-16 12:01 - 00003456 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-11 03:25 - 2013-06-11 03:53 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:25 - 2013-06-11 03:53 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 02:02 - 2005-12-25 18:05 - 00000194 ____A C:\Boot.bak
2013-06-11 02:02 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-06-11 02:00 - 2013-06-12 08:51 - 00000000 ____D C:\Windows\erdnt
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 00:32 - 2013-01-17 16:24 - 01136512 ____A (Puran Software) C:\Windows\System32\PuranFD.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00260992 ____A (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00257408 ____A (Puran Software) C:\Windows\System32\PuranDC.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00109952 ____A (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-06-11 00:32 - 2012-12-13 12:09 - 00219520 ____A (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-05-18 15:03 - 2013-05-18 15:14 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-17 10:13 - 2013-05-17 10:15 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:11 - 2013-05-17 10:13 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 07:32 - 2013-05-17 10:02 - 00015112 ____A C:\Windows\KB2829361.log
==================== One Month Modified Files and Folders ========
2013-06-16 12:18 - 2010-01-07 17:23 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 12:01 - 2013-06-11 03:48 - 00003456 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-16 12:00 - 2009-05-15 09:31 - 00000496 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-06-16 11:52 - 2013-06-11 10:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 11:50 - 2013-06-16 11:50 - 00000000 ____D C:\JRT
2013-06-16 11:50 - 2009-11-21 17:10 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 11:40 - 2013-06-16 11:25 - 00001463 ____A C:\AdwCleaner[S1].txt
2013-06-16 11:30 - 2008-01-05 18:19 - 01057736 ____A C:\Windows\WindowsUpdate.log
2013-06-16 11:29 - 2010-01-07 17:23 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 11:29 - 2009-11-13 11:05 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job
2013-06-16 11:29 - 2008-01-05 18:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-16 11:29 - 2008-01-05 18:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-16 11:29 - 2005-10-27 00:07 - 00000316 ____A C:\Windows\Tasks\PMTask.job
2013-06-16 11:29 - 1980-01-01 01:00 - 00002278 ____A C:\Windows\System32\wpa.dbl
2013-06-16 11:28 - 2004-08-10 14:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 11:27 - 2008-01-05 18:20 - 00032502 ____A C:\Windows\SchedLgU.Txt
2013-06-16 11:13 - 2013-06-16 11:13 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 18:42 - 2004-08-10 14:18 - 00000000 ___RD C:\Programme
2013-06-15 18:40 - 2008-01-05 18:03 - 00000000 ____D C:\Installierer
2013-06-15 16:14 - 2011-12-08 14:24 - 00454972 ____A C:\Windows\setupapi.log
2013-06-15 16:05 - 2005-10-26 23:48 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-15 15:50 - 2013-06-15 15:49 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:29 - 2005-10-26 23:46 - 00000476 ____A C:\Windows\System32\results.txt
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2013-06-15 15:25 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-13 18:52 - 2013-06-11 10:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 18:52 - 2011-09-18 13:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 08:52 - 2004-08-10 14:24 - 00000000 ____D C:\Windows\System32\Restore
2013-06-12 08:51 - 2013-06-11 02:00 - 00000000 ____D C:\Windows\erdnt
2013-06-12 08:32 - 2013-06-12 05:48 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00608901 ____A C:\Windows\iis6.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00563262 ____A C:\Windows\FaxSetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00278924 ____A C:\Windows\ocgen.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00257944 ____A C:\Windows\tsoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00187859 ____A C:\Windows\comsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00171986 ____A C:\Windows\msmqinst.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00113972 ____A C:\Windows\ntdtcsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00099062 ____A C:\Windows\netfxocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00038969 ____A C:\Windows\MedCtrOC.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00031249 ____A C:\Windows\ocmsn.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00028185 ____A C:\Windows\tabletoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00027474 ____A C:\Windows\msgsocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 08:32 - 2008-02-21 16:49 - 00000182 ____A C:\Windows\DOTEXCRD.INI
2013-06-12 08:32 - 2005-12-25 18:29 - 00000773 ____A C:\Windows\ODBC.INI
2013-06-12 08:23 - 2013-06-12 08:21 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 08:23 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 08:23 - 2011-10-16 17:53 - 00043931 ____A C:\Windows\updspapi.log
2013-06-12 08:23 - 2009-11-13 10:23 - 00000000 ____D C:\Windows\ie8updates
2013-06-12 08:23 - 2006-03-16 12:51 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 00:32 - 2001-09-17 14:02 - 00000310 _RASH C:\BOOT.INI
2013-06-11 13:25 - 2009-03-26 11:22 - 00001014 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-11 13:05 - 2005-10-26 23:53 - 00000000 ____D C:\Program Files\IBM
2013-06-11 03:53 - 2013-06-11 03:25 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:53 - 2013-06-11 03:25 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 03:53 - 2012-12-14 13:45 - 00044432 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-11 03:53 - 2012-08-13 16:49 - 00145040 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:35 - 1980-01-01 01:00 - 00000227 ____A C:\Windows\system.ini
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:15 - 2004-08-10 15:17 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-11 02:15 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 35127296 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 07602176 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 03969024 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 01:38 - 2004-08-10 15:17 - 00061440 ____A C:\Windows\System32\config\SECURITY_BAK_54681
2013-06-11 01:38 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM_BAK_21865
2013-06-11 01:38 - 2004-08-10 15:16 - 36175872 ____A C:\Windows\System32\config\SOFTWARE_BAK_39271
2013-06-11 01:38 - 2004-08-10 15:16 - 08650752 ____A C:\Windows\System32\config\SYSTEM_BAK_49603
2013-06-11 01:38 - 2004-08-10 15:16 - 04194304 ____A C:\Windows\System32\config\DEFAULT_BAK_24034
2013-06-11 00:25 - 2012-06-10 22:55 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-18 15:27 - 2005-10-26 23:36 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-18 15:14 - 2013-05-18 15:03 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 15:00 - 2004-08-10 14:18 - 01085864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 00:00 - 2006-05-19 17:06 - 06014976 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-18 00:00 - 1980-01-01 01:00 - 06014976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 10:15 - 2013-05-17 10:13 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:13 - 2013-05-17 10:11 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 10:11 - 2005-10-26 23:36 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-17 10:02 - 2013-05-17 07:32 - 00015112 ____A C:\Windows\KB2829361.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[1980-01-01 01:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[1980-01-01 01:00] - [2009-02-09 13:21] - 0111104 ____N (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[1980-01-01 01:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0026624 ____N (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[1980-01-01 01:00] - [2008-04-14 03:52] - 0053760 ____N (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Gruß, Computerix |
|
16.06.2013, 11:50
| #10 |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und nochmal ein frisches FRST log. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 15:32
| #11 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Hallo schrauber, es geht weiter: Eset lief ein paar Stunden, hat aber nur die 7 Java-Schädlinge in der Quarantäne gefunden, die ich im ersten Post beschrieben habe. Leider habe ich ESET Online Scan wieder deinstalliert, bevor ich das Log kopiert hatte - Log weg! Ist es nötig, dass ich noch mal scanne? Dies sind die virustotal.com-Ergebnisse zu den Dateien: Code:
ATTFilter SHA256: 6322966abf7f6ba8f1925dbc17ba2e4f50c3810d37b3301caf251e5cf958c346
Dateiname: g43kb6j34kblq6jh34kb6j3kl4.jar-43253035-4e7d148c.zip
Erkennungsrate: 23 / 47
Analyse-Datum: 2013-06-11 10:36:48 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir EXP/Java.Blacole.T 20130611
Antiy-AVL 20130610
Avast Java:Agent-ABT [Expl] 20130611
AVG Exploit.Java_c.BHR 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch Java/Downloader.H 20130611
Comodo UnclassifiedMalware 20130611
DrWeb Exploit.CVE2010-0840.28 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 a variant of Java/Exploit.Blacole.AF 20130611
F-Prot Java/Downloader.H 20130611
F-Secure Exploit:Java/Blacole.A 20130611
Fortinet W32/Java.BI!tr 20130611
GData Java:Agent-ABT 20130611
Ikarus Trojan.Java.Exploit 20130611
Jiangmin 20130611
K7AntiVirus Trojan-Downloader 20130610
K7GW 20130610
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee JS/Exploit-Blacole.b 20130611
McAfee-GW-Edition Exploit-Blacole 20130611
Microsoft Exploit:Java/Blacole.BI 20130611
MicroWorld-eScan 20130611
NANO-Antivirus 20130611
Norman Suspicious_Gen2.TORML 20130611
nProtect 20130611
Panda Exploit/JavaBlacole 20130610
PCTools 20130521
Rising 20130607
Sophos Troj/Java-BI 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense Java/Blacole 20130610
TrendMicro JAVA_BLACOLE.G 20130611
TrendMicro-HouseCall JAVA_BLACOLE.G 20130611
VBA32 20130611
VIPRE Trojan.Java.Blacole.b (v) 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: e90e433f60e6ab291e41c088b0c0ab1a32882796375e7e68b4007871635eb814
Dateiname: bhkcajgdspvnr.jar-73fdc967-3ad3c7ac.zip
Erkennungsrate: 13 / 47
Analyse-Datum: 2013-06-11 09:16:22 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir EXP/JAVA.Mabowl.Gen 20130611
Antiy-AVL 20130610
Avast Java:CVE-2011-3544-HA [Expl] 20130611
AVG 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo UnclassifiedMalware 20130611
DrWeb Exploit.CVE2011-3544.54 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 Java/Exploit.Agent.NDF 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet 20130611
GData Java:CVE-2011-3544-HA 20130611
Ikarus JAVA.Agent 20130611
Jiangmin 20130611
K7AntiVirus 20130610
K7GW 20130610
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee Generic Exploit!trb 20130611
McAfee-GW-Edition Generic Exploit!trd 20130611
Microsoft 20130611
MicroWorld-eScan 20130611
NANO-Antivirus Trojan.Java.Unknown.zevgm 20130611
Norman 20130611
nProtect 20130611
Panda 20130610
PCTools 20130521
Rising 20130607
Sophos Mal/JavaGen-A 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro JAVA_EXPLOIT.MT 20130611
TrendMicro-HouseCall JAVA_EXPLOIT.MT 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: b29801232123db56a076e22130c2ce2f558d15de8a505a8209723aee5d430911
Dateiname: cbygba.jar-751a94b1-61f660bd.zip
Erkennungsrate: 16 / 47
Analyse-Datum: 2013-06-11 08:54:22 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir EXP/2012-1723.FT 20130611
Antiy-AVL 20130610
Avast Java:CVE-2012-1723-UX [Expl] 20130611
AVG Java/CVE-2012-1723 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo UnclassifiedMalware 20130611
DrWeb 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 a variant of Java/Exploit.CVE-2012-1723.CF 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet W32/JavaGen.D 20130611
GData Java:CVE-2012-1723-UX 20130611
Ikarus Win32.SuspectCrc 20130611
Jiangmin 20130611
K7AntiVirus 20130610
K7GW 20130610
Kaspersky HEUR:Exploit.Java.CVE-2012-4681.gen 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee Generic Exploit!tq3 20130611
McAfee-GW-Edition Generic Exploit!t2c 20130611
Microsoft Exploit:Java/CVE-2012-1723 20130611
MicroWorld-eScan 20130611
NANO-Antivirus 20130611
Norman 20130611
nProtect 20130611
Panda 20130610
PCTools 20130521
Rising 20130607
Sophos Mal/JavaGen-D 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro JAVA_XPLOYT.HAH 20130611
TrendMicro-HouseCall JAVA_XPLOYT.HAH 20130611
VBA32 20130611
VIPRE Trojan.Java.Generic (v) 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: 6da2c7a0ab79145c798a7e1f733b9a4ad32cafc10476c9d8281f424b918e8a74
Dateiname: cpjpeudryskrdmb.jar-164deb9c-73031ae2.zip
Erkennungsrate: 16 / 47
Analyse-Datum: 2013-06-11 09:42:35 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir TR/Dldr.OpenConnection.PC 20130611
Antiy-AVL 20130610
Avast Java:Agent-AFD [Expl] 20130611
AVG Java/Exploit.ALO 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo UnclassifiedMalware 20130611
DrWeb Exploit.CVE2010-0840.22 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 Java/TrojanDownloader.OpenConnection.AP 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet Java/OpenConnection.AP!tr.dldr 20130611
GData Java:Agent-AFD 20130611
Ikarus JAVA.Agent 20130611
Jiangmin 20130611
K7AntiVirus 20130610
K7GW 20130610
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee Downloader.a!bbh 20130611
McAfee-GW-Edition Downloader.a!b2n 20130611
Microsoft TrojanDownloader:Java/OpenConnection.PC 20130611
MicroWorld-eScan 20130611
NANO-Antivirus 20130611
Norman 20130611
nProtect 20130611
Panda 20130610
PCTools Trojan.Gen 20130521
Rising 20130607
Sophos Mal/Generic-S 20130611
SUPERAntiSpyware 20130611
Symantec Trojan.Gen.2 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro 20130611
TrendMicro-HouseCall TROJ_GEN.R4FH1BF 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: 1276e40e97268d3635d4ec7713c05da4eea709b828eb1f20be3ad2ea03c6ad8f
Dateiname: syugsu.jar-10b9dea6-2ee8813c.zip
Erkennungsrate: 8 / 47
Analyse-Datum: 2013-06-11 10:40:47 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir EXP/2011-3544.DV 20130611
Antiy-AVL 20130610
Avast Java:Malware-gen [Trj] 20130611
AVG 20130611
BitDefender 20130611
ByteHero 20130607
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo Exploit.JS.Agent.~a 20130611
DrWeb 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 a variant of Java/Exploit.CVE-2012-1723.AJ 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet 20130611
GData Java:Malware-gen 20130611
Ikarus Exploit.Java.Agent 20130611
Jiangmin 20130611
K7AntiVirus 20130610
K7GW 20130610
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee 20130611
McAfee-GW-Edition 20130611
Microsoft 20130611
MicroWorld-eScan 20130611
NANO-Antivirus 20130611
Norman 20130611
nProtect 20130611
Panda 20130610
PCTools 20130521
Rising 20130607
Sophos Mal/JavaGen-D 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro 20130611
TrendMicro-HouseCall TROJ_GEN.F47V1212 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: 61a2fd6551ac60b09768bf679dd10890722a55ef22df642e0cd16b5750225596
Dateiname: qdgtsqclqasthwyuj.jar-329c6daa-3ba48768.zip
Erkennungsrate: 13 / 40
Analyse-Datum: 2013-06-11 08:58:34 UTC ( vor 0 Minuten )
0
0
Weitere Details
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir Java/Jogek.EG 20130611
Antiy-AVL 20130610
Avast Java:Malware-gen [Trj] 20130611
AVG Java/CVE-2012-1723 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch 20130611
Comodo UnclassifiedMalware 20130611
DrWeb 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 a variant of Java/Exploit.Agent.AN 20130611
F-Prot 20130611
F-Secure 20130611
Fortinet Java/Dloader.QT!exploit 20130611
GData Java:Malware-gen 20130611
Ikarus Exploit.Java.CVE-2012 20130611
Jiangmin 20130611
K7AntiVirus 20130610
K7GW 20130610
Kaspersky HEUR:Exploit.Java.CVE-2012-4681.gen 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee Generic Exploit!rrn 20130611
McAfee-GW-Edition Exploit-CVE2012-1723.g 20130611
Microsoft Exploit:Java/CVE-2012-1723 20130611
MicroWorld-eScan 20130611
NANO-Antivirus 20130611
Norman CVE-2012-1723.GO 20130611
nProtect 20130611
Panda 20130610
PCTools 20130521
Rising 20130607
Sophos 20130611
SUPERAntiSpyware 20130611
Symantec 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro 20130611
TrendMicro-HouseCall 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
Code:
ATTFilter SHA256: 0e49feef9f7acc80e15f49ced1981fa3d46146f1a9db83e7bfe61e65f5284d8a
Dateiname: ehjwvkfwe.jar-3551ca68-6ab2075f.zip
Erkennungsrate: 22 / 46
Analyse-Datum: 2013-06-11 09:44:31 UTC ( vor 5 Tage, 5 Stunden )
0
0
Weitere Details
Analyse
Zusätzliche Informationen
Kommentare
Bewertungen
Antivirus Ergebnis Aktualisierung
Agnitum 20130611
AhnLab-V3 20130611
AntiVir EXP/CVE-2010-0840 20130611
Antiy-AVL Trojan/win32.agent 20130610
Avast Java:Agent-AQL [Expl] 20130611
AVG Java/Agent 20130611
BitDefender 20130611
ByteHero 20130606
CAT-QuickHeal 20130611
ClamAV 20130611
Commtouch Java/Agent.ES 20130611
Comodo UnclassifiedMalware 20130611
DrWeb Exploit.CVE2010-0840.49 20130611
Emsisoft 20130611
eSafe 20130610
ESET-NOD32 a variant of Java/Exploit.Blacole.AK 20130611
F-Prot Java/Agent.ES 20130611
F-Secure 20130611
Fortinet W32/JavaGen.A 20130611
GData Java:Agent-AQL 20130611
Ikarus Exploit.Java.CVE-2010 20130611
Jiangmin 20130611
K7AntiVirus Trojan 20130610
K7GW 20130610
Kaspersky 20130611
Kingsoft 20130506
Malwarebytes 20130611
McAfee Generic Exploit!1ep 20130611
McAfee-GW-Edition Generic Exploit!r2j 20130611
Microsoft Exploit:Java/Blacole.DD 20130611
MicroWorld-eScan 20130611
NANO-Antivirus Trojan.Java.Agent.oveyk 20130611
Norman 20130611
nProtect 20130611
Panda 20130610
PCTools Trojan.Maljava 20130521
Rising 20130607
Sophos Troj/Java-CI 20130611
SUPERAntiSpyware 20130611
Symantec Trojan.Maljava 20130611
TheHacker 20130611
TotalDefense 20130610
TrendMicro JAVA_DLOADR.BBQ 20130611
TrendMicro-HouseCall JAVA_DLOADR.BBQ 20130611
VBA32 20130611
VIPRE 20130611
ViRobot 20130611
SecurityCheck sagt nur: Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2013
Ran by *+*+* (administrator) on 16-06-2013 16:23:37
Running from C:\Dokumente und Einstellungen\*+*+*\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(UPEK Inc.) C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe
() C:\WINDOWS\system32\ibmpmsvc.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
(AVM Berlin) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\tposdsvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
() C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Puran Software) C:\WINDOWS\system32\PuranDefragS.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(IBM Corp.) C:\WINDOWS\System32\QCONSVC.EXE
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
(IBM Corp.) C:\WINDOWS\system32\TpShocks.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(IBM Corp.) C:\IBMTOOLS\UTILS\ibmprc.exe
(CANON INC.) C:\Programme\Canon\MyPrinter\BJMyPrt.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Puran Software) C:\Programme\Puran Defrag\PuranADT.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Programme\Windows Media Player\WMPNSCFG.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Programme\Lenovo\Zoom\TpScrex.exe
(IBM Corporation) C:\WINDOWS\System32\TPHDEXLG.EXE
() C:\WINDOWS\system32\TpKmpSVC.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(Lenovo Group Limited) c:\programme\lenovo\system update\suservice.exe
(Vodafone) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Bytemobile, Inc.) C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Programme\Adobe\Reader 11.0\Reader\AcroRd32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe [110592 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe [512000 2004-11-08] (Synaptics, Inc.)
HKLM\...\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper [897024 2004-02-04] (IBM Corp.)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [ControlCenter] "C:\Programme\IBM fingerprint software\ctlcntr.exe" /startup [287333 2005-04-13] (UPEK Inc.)
HKLM\...\Run: [TP4EX] tp4ex.exe [x]
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [217088 2005-03-23] (IBM Corp.)
HKLM\...\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-09-02] (Sonic Solutions)
HKLM\...\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe [90112 2005-04-27] (IBM Corp.)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [139264 2005-04-14] (IBM Corp.)
HKLM\...\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-09-13] (CANON INC.)
HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [x]
HKLM\...\Run: [PuranADT] C:\Programme\Puran Defrag\PuranADT.exe [335232 2013-01-17] (Puran Software)
HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-12-14] (Kaspersky Lab ZAO)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe [101440 2011-10-20] (Lenovo Group Limited)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\psfus: C:\Programme\IBM fingerprint software\psfus.dll [X]
Winlogon\Notify\QConGina: QConGina.dll (IBM Corp.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-06-26] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe [204288 2006-11-03] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
BootExecute: autocheck autochk * autocheck PuranDefragBT -AD
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135511583123
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242637022875
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)
Winsock: Catalog9 01 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 02 bmnet.dll File Not found (Bytemobile, Inc.)
Winsock: Catalog9 03 bmnet.dll File Not found (Bytemobile, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========================== Services (Whitelisted) =================
R2 AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [118784 2005-03-04] (AVM Berlin)
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-14] (Kaspersky Lab ZAO)
R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [163840 2005-05-24] (Broadcom Corporation)
S3 de_serv; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [794624 2007-11-19] (Intel Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-01-07] (Google Inc.)
S2 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-16] (Google)
R2 IBM Rapid Restore Ultra Service; C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [385024 2005-04-27] ()
R2 IBMPMSVC; C:\Windows\system32\ibmpmsvc.exe [57344 2004-11-05] ()
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 LENOVO.MICMUTE; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-05-12] (Mozilla Foundation)
R2 MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
R2 QCONSVC; C:\Windows\System32\QCONSVC.EXE [77824 2005-03-18] (IBM Corp.)
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-11-19] (Intel Corporation)
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-11-19] (Intel Corporation )
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
R2 SoundMAX Agent Service (default); C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
S3 SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 SUService; c:\programme\lenovo\system update\suservice.exe [28672 2013-04-15] (Lenovo Group Limited)
R2 ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [644408 2007-09-26] (Lenovo Group Limited)
R2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.EXE [77824 2004-05-24] (IBM Corporation)
R2 TPHKLOAD; C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [142696 2011-07-12] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-11] ()
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361728 2010-03-31] (TuneUp Software GmbH)
R2 TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
R2 VMCService; C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
R2 vtserver; C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe [40554 2005-04-13] (UPEK Inc.)
S2 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-06-15] (Cisco Systems, Inc.)
R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-03-18] (IBM Corp.)
R2 AVMPORT; C:\Windows\System32\drivers\avmport.sys [59520 2004-05-24] (AVM Berlin)
R3 AVMWAN; C:\Windows\System32\DRIVERS\avmwan.sys [38608 2003-02-27] (AVM Berlin)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-05-02] (Broadcom Corporation)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [17408 2005-05-24] (Broadcom Corporation)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30299 2005-05-24] (Broadcom Corporation)
R0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1241818 2005-05-24] (Broadcom Corporation)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148040 2005-05-24] (Broadcom Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [55288 2005-05-24] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
R3 FXPCBASE; C:\Windows\System32\DRIVERS\fxpcbase.sys [523248 2003-02-27] (AVM Berlin)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200448 2004-11-10] (Conexant Systems, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102656 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1173468 2006-09-15] (Intel Corporation)
R2 ibmfilter; C:\WINDOWS\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
R3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [12944 2004-11-05] (IBM Corp.)
R1 IBMTPCHK; C:\Windows\System32\drivers\IBMBLDID.SYS [2432 2005-03-18] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [591968 2013-06-11] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24408 2012-12-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24920 2012-12-14] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44432 2013-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-06-11] (Kaspersky Lab ZAO)
S3 MOUSEWDFilter; C:\WINDOWS\System32\Drivers\MOUSEWD.SYS [6528 2006-07-10] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PcdrNdisuio; C:\Windows\System32\DRIVERS\pcdrndisuio.sys [12416 2005-02-01] (Windows (R) 2000 DDK provider)
S3 PLUsbbc2; C:\Windows\System32\Drivers\usbbc2.sys [8960 2003-05-07] (Prolific Technology Inc.)
R2 PMEM; C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-05-31] (Microsoft Corporation)
S3 QCNDISIF; C:\Windows\System32\drivers\qcndisif.SYS [12288 2005-03-18] (IBM Corporation.)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-11-20] (Intel Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
R1 ShockMgr; C:\Windows\System32\Drivers\ShockMgr.sys [4608 2004-05-14] (IBM Corporation)
R0 Shockprf; C:\Windows\System32\Drivers\Shockprf.sys [59776 2005-01-14] (IBM Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2005-01-21] (Microsoft Corporation)
R2 SmiHlp; C:\Programme\IBM fingerprint software\smihlp.sys [3328 2005-04-13] (UPEK Inc.)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9340 2005-01-21] ()
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-09-02] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-09-02] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-09-02] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2271 2004-09-02] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-09-02] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-09-02] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-09-02] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-09-02] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-09-02] (Sonic Solutions)
R0 TPDiskPM; C:\Windows\System32\Drivers\TPDiskPM.sys [14208 2004-12-02] (IBM Corporation)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 TPInput; C:\Windows\System32\DRIVERS\TPInput.sys [6016 2004-12-02] (IBM Corporation)
R3 TPM11; C:\Windows\System32\DRIVERS\nsctpm11.sys [14336 2005-04-21] (National Semiconductor Corp.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2005-04-14] ()
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [7168 2005-05-17] ()
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 PCIDump; No ImagePath
S4 Simbad; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-16 11:50 - 2013-06-16 11:50 - 00000000 ____D C:\JRT
2013-06-16 11:25 - 2013-06-16 11:40 - 00001463 ____A C:\AdwCleaner[S1].txt
2013-06-16 11:13 - 2013-06-16 11:13 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 16:07 - 2006-09-15 09:54 - 00155648 ____A (Intel Corporation) C:\Windows\System32\igfxres.dll
2013-06-15 15:49 - 2013-06-15 15:50 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:47 - 2010-09-07 14:09 - 00013680 ____A (Lenovo Group Limited) C:\Windows\System32\Drivers\smiif32.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2007-07-25 16:44 - 02210048 ____A (Intel® Corporation) C:\Windows\System32\Drivers\w29n51.sys
2013-06-15 15:26 - 2007-02-12 11:41 - 02732032 ____A (Intel Corporation) C:\Windows\System32\Netw2r32.dll
2013-06-15 15:26 - 2007-02-12 11:40 - 00557056 ____A (Intel Corporation) C:\Windows\System32\Netw2c32.dll
2013-06-15 15:25 - 2013-06-15 15:26 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-12 08:25 - 2005-04-27 10:53 - 00045056 ____A C:\Windows\System32\pwdmon.dll
2013-06-12 08:24 - 1998-11-17 14:44 - 00328704 ____A (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-06-12 08:24 - 1996-11-06 13:05 - 00302592 ____A (InstallShield Corporation, Inc.) C:\Windows\unin0407.exe
2013-06-12 08:21 - 2013-06-12 08:23 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 05:48 - 2013-06-12 08:32 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-11 13:33 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-11 10:48 - 2013-06-16 15:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-11 10:48 - 2013-06-13 18:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 03:48 - 2013-06-16 16:18 - 00004032 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-11 03:25 - 2013-06-11 03:53 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:25 - 2013-06-11 03:53 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 02:02 - 2005-12-25 18:05 - 00000194 ____A C:\Boot.bak
2013-06-11 02:02 - 2004-08-03 23:00 - 00262448 _RASH C:\cmldr
2013-06-11 02:00 - 2013-06-12 08:51 - 00000000 ____D C:\Windows\erdnt
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 00:32 - 2013-01-17 16:24 - 01136512 ____A (Puran Software) C:\Windows\System32\PuranFD.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00260992 ____A (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00257408 ____A (Puran Software) C:\Windows\System32\PuranDC.exe
2013-06-11 00:32 - 2013-01-17 16:23 - 00109952 ____A (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-06-11 00:32 - 2012-12-13 12:09 - 00219520 ____A (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-05-18 15:03 - 2013-05-18 15:14 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-17 10:13 - 2013-05-17 10:15 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:11 - 2013-05-17 10:13 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 07:32 - 2013-05-17 10:02 - 00015112 ____A C:\Windows\KB2829361.log
==================== One Month Modified Files and Folders ========
2013-06-16 16:18 - 2013-06-11 03:48 - 00004032 ____A C:\Windows\System32\TPAPSLOG.LOG
2013-06-16 16:18 - 2010-01-07 17:23 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 16:17 - 2008-01-05 18:19 - 01068534 ____A C:\Windows\WindowsUpdate.log
2013-06-16 16:16 - 2004-08-10 14:18 - 00000000 ___RD C:\Programme
2013-06-16 16:00 - 2009-05-15 09:31 - 00000496 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-06-16 15:52 - 2013-06-11 10:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 13:25 - 2009-03-26 11:22 - 00001014 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-16 11:50 - 2013-06-16 11:50 - 00000000 ____D C:\JRT
2013-06-16 11:50 - 2009-11-21 17:10 - 00000000 ____D C:\Windows\ERUNT
2013-06-16 11:40 - 2013-06-16 11:25 - 00001463 ____A C:\AdwCleaner[S1].txt
2013-06-16 11:29 - 2010-01-07 17:23 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 11:29 - 2009-11-13 11:05 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job
2013-06-16 11:29 - 2008-01-05 18:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-16 11:29 - 2008-01-05 18:20 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-16 11:29 - 2005-10-27 00:07 - 00000316 ____A C:\Windows\Tasks\PMTask.job
2013-06-16 11:29 - 1980-01-01 01:00 - 00002278 ____A C:\Windows\System32\wpa.dbl
2013-06-16 11:28 - 2004-08-10 14:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 11:27 - 2008-01-05 18:20 - 00032502 ____A C:\Windows\SchedLgU.Txt
2013-06-16 11:13 - 2013-06-16 11:13 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 19:29 - 2013-06-15 19:29 - 00000000 ____D C:\FRST
2013-06-15 18:40 - 2008-01-05 18:03 - 00000000 ____D C:\Installierer
2013-06-15 16:14 - 2011-12-08 14:24 - 00454972 ____A C:\Windows\setupapi.log
2013-06-15 16:05 - 2005-10-26 23:48 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-15 15:50 - 2013-06-15 15:49 - 00065536 ____A C:\Windows\System32\config\Lenovo-L.evt
2013-06-15 15:29 - 2005-10-26 23:46 - 00000476 ____A C:\Windows\System32\results.txt
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00021361 ____A (Cisco Systems, Inc.) C:\Windows\AegisP.sys
2013-06-15 15:28 - 2013-06-15 15:28 - 00010640 ____A C:\Windows\AegisP.cat
2013-06-15 15:26 - 2013-06-15 15:26 - 00013146 ____A C:\Windows\DPINST.LOG
2013-06-15 15:26 - 2013-06-15 15:25 - 00111399 ____A C:\Windows\SetupWLD.log
2013-06-15 15:02 - 2013-06-15 15:02 - 00000000 ____D C:\Windows\System32\(null)
2013-06-13 18:52 - 2013-06-11 10:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-13 18:52 - 2011-09-18 13:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 08:52 - 2004-08-10 14:24 - 00000000 ____D C:\Windows\System32\Restore
2013-06-12 08:51 - 2013-06-11 02:00 - 00000000 ____D C:\Windows\erdnt
2013-06-12 08:32 - 2013-06-12 05:48 - 00019520 ____A C:\Windows\KB2839229.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00608901 ____A C:\Windows\iis6.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00563262 ____A C:\Windows\FaxSetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00278924 ____A C:\Windows\ocgen.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00257944 ____A C:\Windows\tsoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00187859 ____A C:\Windows\comsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00171986 ____A C:\Windows\msmqinst.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00113972 ____A C:\Windows\ntdtcsetup.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00099062 ____A C:\Windows\netfxocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00038969 ____A C:\Windows\MedCtrOC.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00031249 ____A C:\Windows\ocmsn.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00028185 ____A C:\Windows\tabletoc.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00027474 ____A C:\Windows\msgsocm.log
2013-06-12 08:32 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.log
2013-06-12 08:32 - 2008-02-21 16:49 - 00000182 ____A C:\Windows\DOTEXCRD.INI
2013-06-12 08:32 - 2005-12-25 18:29 - 00000773 ____A C:\Windows\ODBC.INI
2013-06-12 08:23 - 2013-06-12 08:21 - 00013852 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 08:23 - 2011-10-16 17:54 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-12 08:23 - 2011-10-16 17:53 - 00043931 ____A C:\Windows\updspapi.log
2013-06-12 08:23 - 2009-11-13 10:23 - 00000000 ____D C:\Windows\ie8updates
2013-06-12 08:23 - 2006-03-16 12:51 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 00:32 - 2001-09-17 14:02 - 00000310 _RASH C:\BOOT.INI
2013-06-11 13:05 - 2005-10-26 23:53 - 00000000 ____D C:\Program Files\IBM
2013-06-11 03:53 - 2013-06-11 03:25 - 00591968 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-06-11 03:53 - 2013-06-11 03:25 - 00074336 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-06-11 03:53 - 2012-12-14 13:45 - 00044432 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-11 03:53 - 2012-08-13 16:49 - 00145040 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys
2013-06-11 02:39 - 2013-06-11 02:39 - 00014488 ____A C:\ComboFix.txt
2013-06-11 02:35 - 1980-01-01 01:00 - 00000227 ____A C:\Windows\system.ini
2013-06-11 02:15 - 2013-06-11 02:15 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-06-11 02:15 - 2013-06-11 02:15 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-06-11 02:15 - 2004-08-10 15:17 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-11 02:15 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 35127296 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 07602176 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-11 02:15 - 2004-08-10 15:16 - 03969024 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-11 02:02 - 2013-06-11 02:02 - 00000000 RASHD C:\cmdcons
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SYSTEM_TU_49603.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE_TU_39271.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SECURITY_TU_54681.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\SAM_TU_21865.LOG
2013-06-11 01:38 - 2013-06-11 01:38 - 00000000 ___AH C:\Windows\System32\config\DEFAULT_TU_24034.LOG
2013-06-11 01:38 - 2004-08-10 15:17 - 00061440 ____A C:\Windows\System32\config\SECURITY_BAK_54681
2013-06-11 01:38 - 2004-08-10 15:17 - 00028672 ____A C:\Windows\System32\config\SAM_BAK_21865
2013-06-11 01:38 - 2004-08-10 15:16 - 36175872 ____A C:\Windows\System32\config\SOFTWARE_BAK_39271
2013-06-11 01:38 - 2004-08-10 15:16 - 08650752 ____A C:\Windows\System32\config\SYSTEM_BAK_49603
2013-06-11 01:38 - 2004-08-10 15:16 - 04194304 ____A C:\Windows\System32\config\DEFAULT_BAK_24034
2013-06-11 00:25 - 2012-06-10 22:55 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-18 15:27 - 2005-10-26 23:36 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-18 15:14 - 2013-05-18 15:03 - 00014905 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 15:00 - 2004-08-10 14:18 - 01085864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 00:00 - 2006-05-19 17:06 - 06014976 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-18 00:00 - 1980-01-01 01:00 - 06014976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 10:15 - 2013-05-17 10:13 - 00008072 ____A C:\Windows\KB2847204-IE8.log
2013-05-17 10:13 - 2013-05-17 10:11 - 00009155 ____A C:\Windows\KB2820197.log
2013-05-17 10:11 - 2005-10-26 23:36 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-17 10:02 - 2013-05-17 07:32 - 00015112 ____A C:\Windows\KB2829361.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[1980-01-01 01:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[1980-01-01 01:00] - [2009-02-09 13:21] - 0111104 ____N (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[1980-01-01 01:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[1980-01-01 01:00] - [2008-04-14 04:23] - 0026624 ____N (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[1980-01-01 01:00] - [2008-04-14 03:52] - 0053760 ____N (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Gruß, Computerix Geändert von Computerix (16.06.2013 um 15:54 Uhr) |
|
16.06.2013, 18:36
| #12 |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Die sind ja schon in Quarantäne. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2013, 18:46
| #13 |
| | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Hallo schrauber, wenn du in den Logs nichts Verdächtiges mehr entdeckst, dann sehe ich da erst rechts nichts. "Probleme" in dem Sinne gabs ja nicht, der Rechner lief ja trotz massivem Datenabgriff unauffällig weiter. Vielen Dank für deine Mühe! Gibt es noch etwas zu beachten beim Entfernen der Scantools? Schönen Sonntag noch! Computerix |
|
16.06.2013, 18:48
| #14 |
| /// the machine /// TB-Ausbilder | Computer wurde ausspioniert - Spionagesoftware noch aktiv? Guggst Du Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Computer wurde ausspioniert - Spionagesoftware noch aktiv? |
| ausspioniert, besitzer, bho, canon, combofix, computer, converter, crystaldiskinfo, dsl, ebanking, error, failed, fehler, festplatte, firefox, flash player, format, internet, intranet, kaspersky, kaspersky internet security 2013, logfile, mozilla, mp3, msiinstaller, national, nodrives, ntdll.dll, officejet, registry, rundll, security, senden, software, spionage trojaner überwachung bespitzeln, spionagesoftware, tastatur, windows internet |
Linear-Darstellung
