| |
| |||||||
Log-Analyse und Auswertung: Apothekenmahnung mit Dos File als AnhangWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.06.2013, 14:54
| #1 |
 |  Apothekenmahnung mit Dos File als Anhang Liebe Forengemeinde, meine Liebste Frau hat eine vermeintliche Mahnung einer Apotheke bzw. eines beauftragten Inkassounternehmens bekommen und natürlich bereitwillig den Anhang (eine DOS-Datei) geöffnet. Bin ohne jede Ahnung was zu tun ist und bitte freundlichst um Unterstützung, um die Infektion zu beheben. Dass es sich um einen Trojaner handeln soll, habe ich schon erfahren. Damit hat es sich ab er auch schon. Vielen Dank für die Mithilfe Beste Grüße Carlos |
|
25.06.2013, 14:55
| #2 |
| /// the machine /// TB-Ausbilder    | Apothekenmahnung mit Dos File als Anhang Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
26.06.2013, 14:34
| #3 |
| | Apothekenmahnung mit Dos File als Anhang Oh, ich bitte um Entschuldigung. Ich hatte die Checkliste nicht korrekt verstanden. Nun hier einige der geforderten Scans:
__________________OTL Code:
ATTFilter OTL logfile created on: 25.06.2013 16:33:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olaf Henning\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,18 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 60,44% Memory free 6,35 Gb Paging File | 5,09 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,46 Gb Total Space | 222,57 Gb Free Space | 47,82% Space Free | Partition Type: NTFS Computer Name: OH-PC | User Name: Olaf Henning | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.25 15:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.06 12:52:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.08.07 07:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.08.07 07:25:02 | 000,960,440 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2011.04.25 09:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE PRC - [2011.04.25 09:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.04 02:00:02 | 000,499,712 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TUBHVE.EXE PRC - [2010.12.21 02:00:02 | 000,356,352 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TUDHVE.EXE PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe PRC - [2009.12.09 10:50:00 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 10:49:58 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.08.13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Software Update 3\SoftAuto.exe PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.05.17 12:34:32 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\373381a7b11b205bc43deb78ffe2a061\Kies.Common.MediaDB.ni.dll MOD - [2013.05.17 12:34:31 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b4f9b5e14b1df56e68760c2a03179959\Kies.Common.AllShare.ni.dll MOD - [2013.05.17 12:34:31 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\821880bd434b8d940173acc5f67f120c\AdminCmdAgent.ni.dll MOD - [2013.05.17 12:34:30 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\803622b9db952471227e718c01dcd834\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.17 12:34:30 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8ce5c5b73741a20a97ec798c611563ac\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.17 12:34:29 | 000,894,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a0b58389e9326cb9aba3c8cb7b4b8ce3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.17 12:34:29 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8519182f097b54f2077ed4ffed8223bb\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.17 12:34:28 | 001,017,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\58685446551341aff00a38b101003c4d\Kies.Common.DeviceService.ni.dll MOD - [2013.05.17 12:34:26 | 002,188,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\bbfb92e90a69585acf83fac7243e843e\Kies.Common.Multimedia.ni.dll MOD - [2013.05.17 12:34:24 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\740733db47abca9df19a54a4ef79a4a7\Kies.Common.MainUI.ni.dll MOD - [2013.05.17 12:34:23 | 001,710,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\94ac3a196dc3bdf0b1708632659ef782\Kies.UI.ni.dll MOD - [2013.05.17 12:34:23 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\0d57366b37b2cf2c9c36ec9ce0389f36\Kies.Common.Util.ni.dll MOD - [2013.05.17 12:34:23 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\97594f10c1dedca6452a4bd32b3bf8fe\Kies.Common.DBManager.ni.dll MOD - [2013.05.17 12:34:21 | 001,182,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\71b7ac6787aacea36a8eac835d2dd5cf\Kies.Interface.ni.dll MOD - [2013.05.17 12:34:21 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\2c0f02e66c6b749b122cefe6fc2535a2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.17 12:34:01 | 001,663,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\fa7e5769087fa3a0c0480a1ab5dc5f3b\Kies.ni.exe MOD - [2013.05.16 07:53:34 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.16 07:53:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.16 07:53:19 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll MOD - [2013.05.16 07:53:17 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.16 07:53:13 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.05.16 07:53:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.02.14 16:46:14 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.10 13:11:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 13:11:20 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\1783a8470dfbaa68464bcd38517ca21e\Kies.Theme.ni.dll MOD - [2013.01.10 13:11:20 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\503c815cdbeac882e8048c16b26aeb1a\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.01.10 13:11:17 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\355eb1dfe56af1a94215ef988ea62dde\Kies.Common.StoreManager.ni.dll MOD - [2013.01.10 13:11:16 | 000,235,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f791a0713086627bd13c30292f801775\ASF_cSharpAPI.ni.dll MOD - [2013.01.10 13:11:15 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d2a4e83bc8a9fd4cbdb47092969bdc25\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.01.10 13:11:15 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll MOD - [2013.01.10 13:11:14 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\836a2feb1f245f60ace49283906d0c64\Interop.DevFileServiceLib.ni.dll MOD - [2013.01.10 13:11:13 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\63babc53e05a13dcd8361c50f6acb8df\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.01.10 13:11:13 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\9142806be605fcd99de2b933928fa7c4\Interop.DeviceServiceModelDBLib.ni.dll MOD - [2013.01.10 13:11:10 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013.01.10 13:11:09 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.01.10 13:11:09 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.01.10 13:11:09 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.01.10 13:11:09 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\a29bbc3f6725d736df7b81580bfc3000\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.01.10 13:11:05 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.10 13:11:04 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\ba46da240a138d0aa2d2b2d1d837f221\Kies.Locale.ni.dll MOD - [2013.01.10 13:11:04 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\b8d3852e5a6e3b88855b66c70584da3f\ICSharpCode.SharpZipLib.ni.dll MOD - [2013.01.10 13:11:04 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f64400a817d3942ff03470493d079229\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.10 13:11:03 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\23c6a325cc2c888f44cc85f6eb2cc55c\Kies.MVVM.ni.dll MOD - [2013.01.10 13:10:45 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 13:10:39 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 20:33:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 20:33:12 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.09 20:33:09 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfd96a6775ae491a87d755101aee691b\PresentationFramework.Classic.ni.dll MOD - [2013.01.09 20:33:08 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 20:33:03 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.08.18 15:31:38 | 000,115,137 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll MOD - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll ========== Services (SafeList) ========== SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.23 13:55:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.21 17:21:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.25 09:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.12.09 10:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.09 10:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\tools\everest\kerneld.wnt -- (EverestDriver) DRV - [2013.04.04 10:50:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.12.08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.04.06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) DRV - [2010.02.03 15:36:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009.12.11 11:43:28 | 000,112,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup) DRV - [2009.11.16 07:28:00 | 000,037,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma2) DRV - [2009.11.16 07:27:58 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1) DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 04:43:12 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioatdma.sys -- (ioatdma) DRV - [2009.07.09 01:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.10.31 21:25:00 | 000,321,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adptahci.sys -- (adptahci) DRV - [2007.04.11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV) DRV - [2007.04.11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP) DRV - [2007.04.11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.17 11:13:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.17 11:13:28 | 000,000,000 | ---D | M] [2011.01.17 19:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Extensions [2013.05.08 19:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Firefox\Profiles\5v921moe.default\extensions [2013.04.04 10:51:26 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Firefox\Profiles\5v921moe.default\extensions\ffxtlbr@delta.com [2012.12.11 18:40:22 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.08 19:10:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.02 06:56:05 | 000,006,472 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\babylon.xml [2013.05.02 06:56:05 | 000,006,472 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\BrowserProtect.xml [2013.04.04 10:51:27 | 000,001,294 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\delta.xml [2013.05.23 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.05.23 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.23 13:55:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.23 13:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.05.22 19:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.22 19:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.04 10:51:14 | 000,006,469 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [logonoeplay] C:\Users\Olaf Henning\AppData\Roaming\logonoeplay.exe () O4 - HKCU..\Run: [lweuyvxk] C:\Users\Olaf Henning\AppData\Roaming\Yycyk\xqjfyvxk.exe () O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{897EBDFD-9AD2-4C89-9333-AE7350E4F52E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE4226B0-FBFF-4656-8131-A0C02DEFB711}: DhcpNameServer = 127.0.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{21c64b95-4271-11e0-af18-7071bce96e8d}\Shell - "" = AutoRun O33 - MountPoints2\{21c64b95-4271-11e0-af18-7071bce96e8d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{4676aa67-42b1-11e1-8301-7071bce96e8d}\Shell - "" = AutoRun O33 - MountPoints2\{4676aa67-42b1-11e1-8301-7071bce96e8d}\Shell\AutoRun\command - "" = I:\BMMStart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.25 15:59:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe [2013.06.25 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\AppData\Roaming\Yycyk [2013.06.24 12:10:21 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule [2013.06.22 10:31:58 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\AppData\Roaming\File Scout [2013.06.17 11:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.06.17 11:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.06.17 11:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.06.10 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Spielkarten-Dateien [2013.06.10 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Lernplakate-Dateien [2013.06.10 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Lernprotokoll-Dateien [2013.06.10 15:46:43 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten-Dateien [2013.06.10 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen-Dateien [2013.06.10 15:45:41 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter-Dateien [2013.06.10 12:27:17 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag-Dateien ========== Files - Modified Within 30 Days ========== [2013.06.25 16:30:13 | 000,377,856 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe [2013.06.25 16:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.25 15:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe [2013.06.25 15:58:51 | 000,000,156 | ---- | M] () -- C:\Users\Olaf Henning\defogger_reenable [2013.06.25 15:56:26 | 000,050,477 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Defogger.exe [2013.06.25 15:44:40 | 000,018,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.25 15:44:40 | 000,018,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.25 13:35:40 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.25 13:35:40 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.25 13:35:40 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.25 13:35:40 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.25 13:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.25 13:31:10 | 2558,509,056 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:46:04 | 000,450,582 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Die_Arbeit_in_der_Oberschule.pdf [2013.06.14 11:45:59 | 000,249,777 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Die_wichtigsten_Fragen_und_Antworten_zur_Oberschule.pdf [2013.06.10 20:33:27 | 001,395,733 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\M5 - ReLv RS-Kartei.pdf [2013.06.10 20:31:56 | 001,058,589 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\KArten zum Weiterschwingen.pdf [2013.06.10 15:48:59 | 001,730,740 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\1610_02 Musterseiten RS Leiter.pdf [2013.06.10 15:48:07 | 000,011,291 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Spielkarten.html [2013.06.10 15:47:45 | 000,003,654 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Lernplakate.html [2013.06.10 15:47:04 | 000,002,704 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Lernprotokoll.html [2013.06.10 15:46:43 | 000,003,322 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html [2013.06.10 15:46:22 | 000,003,495 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html [2013.06.10 15:45:41 | 000,003,201 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html [2013.06.10 12:27:17 | 000,027,292 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm [2013.06.10 12:26:00 | 000,552,342 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\bestellschein.pdf [2013.06.10 12:23:13 | 000,446,743 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\L1.pdf [2013.06.09 11:46:25 | 000,066,761 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Logo Haus der kleinen Forscher.jpg [2013.06.08 11:01:45 | 001,632,945 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\ukssl09 Schwimmunterricht.pdf [2013.05.31 10:21:15 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2013.06.25 16:30:12 | 000,377,856 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe [2013.06.25 15:58:50 | 000,000,156 | ---- | C] () -- C:\Users\Olaf Henning\defogger_reenable [2013.06.25 15:56:21 | 000,050,477 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Defogger.exe [2013.06.14 11:46:04 | 000,450,582 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Die_Arbeit_in_der_Oberschule.pdf [2013.06.14 11:45:59 | 000,249,777 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Die_wichtigsten_Fragen_und_Antworten_zur_Oberschule.pdf [2013.06.10 20:33:26 | 001,395,733 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\M5 - ReLv RS-Kartei.pdf [2013.06.10 20:31:55 | 001,058,589 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\KArten zum Weiterschwingen.pdf [2013.06.10 15:48:59 | 001,730,740 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\1610_02 Musterseiten RS Leiter.pdf [2013.06.10 15:48:07 | 000,011,291 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Spielkarten.html [2013.06.10 15:47:45 | 000,003,654 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Lernplakate.html [2013.06.10 15:47:03 | 000,002,704 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Lernprotokoll.html [2013.06.10 15:46:43 | 000,003,322 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html [2013.06.10 15:46:22 | 000,003,495 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html [2013.06.10 15:45:41 | 000,003,201 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html [2013.06.10 12:27:17 | 000,027,292 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm [2013.06.10 12:26:00 | 000,552,342 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\bestellschein.pdf [2013.06.10 12:23:13 | 000,446,743 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\L1.pdf [2013.06.09 11:46:23 | 000,066,761 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Logo Haus der kleinen Forscher.jpg [2013.06.08 11:01:44 | 001,632,945 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\ukssl09 Schwimmunterricht.pdf [2013.05.31 10:21:15 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.09.21 17:25:21 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2011.02.27 17:05:24 | 000,004,608 | ---- | C] () -- C:\Users\Olaf Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 01:11:09 | 000,253,440 | ---- | C] () -- C:\Users\Olaf Henning\AppData\Roaming\logonoeplay.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.04 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Babylon [2012.01.26 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DAEMON Tools Lite [2011.01.24 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Design Science [2012.10.15 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoft [2012.10.15 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.15 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Epson [2012.08.29 17:44:41 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\eSchuljahreplaner_V1_2 [2013.06.22 10:31:58 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\File Scout [2011.01.17 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Leadertech [2013.04.04 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\OpenCandy [2012.08.31 19:09:52 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Samsung [2012.04.24 19:25:07 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Temp [2013.04.04 10:52:27 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\TuneUp Software [2013.06.25 15:08:52 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Yycyk ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.06.2013 16:00:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olaf Henning\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,18 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 62,13% Memory free
6,35 Gb Paging File | 5,10 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 222,57 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Computer Name: OH-PC | User Name: Olaf Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Olaf Henning\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07879F5B-56D4-429B-A3CF-D58B1678EEE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BDCBF60-F9F6-45F4-B66B-1172F1FEAA63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{289FAA3E-027D-4BB5-AAB1-6C6F4E7F3579}" = lport=138 | protocol=17 | dir=in | app=system |
"{2944D78B-6988-49BD-9D31-48CF67085D71}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B093DBF-848F-4235-97C6-BCE2AF177E8B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45215BD1-BFDA-4AA4-8A90-6C5581B6D635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{714AABBD-2E13-4103-93B3-C687EC7061F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{875BA7C4-2DB3-476D-A73A-E9F406B2607C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8BABFB59-C436-494F-9DE2-E8E64E49A773}" = lport=445 | protocol=6 | dir=in | app=system |
"{A08AC00B-0037-49CF-A6C6-9D09A534DC9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA205D35-BCB4-40CF-A154-3E761580B24C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF87DB7D-8330-4CF7-A47E-37112E430D3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C39C37C3-3539-41B6-A975-901084C6377D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0E58E60-47F1-42F7-B080-8FA969CA7CDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4C71E35-6D21-4B0A-AE61-212FA81920EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D7C8CAE9-F692-4E67-A1F9-A71D0C3F91FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8DA55CC-E4DC-462E-A8BB-B8D8C39DDAD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB2E78A-AE26-4B9C-945A-EEDB363B80E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8ECFF3-6CBE-420E-AC08-A7A287B18985}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E57328CF-E6CE-4039-8536-99FC04493613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EED47ED8-8CD9-491B-BA25-F36BDF12272F}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFDB5B5D-8A5B-4999-A3B7-7A29805ADAC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F47E65F6-FCB7-4E2F-8B1E-FE4AC3250EF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F794B980-49E0-4F29-A93C-95F5E02CC537}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FF5761-14D9-458D-B77B-D86BB81DDB29}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1E733541-E659-4374-9E19-CDEC4DBC8F54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21F0C6B8-B763-48E9-BBD1-CE389267BA74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45C8A019-A394-4B66-819C-0583C9BD5080}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{563D94F4-7824-4819-9A64-A0373BEF84B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{574F312B-2DC3-46BF-B2AA-95EDF54671FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AD200DC-41E2-405E-9E55-F4DCB3575C20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73F6DF48-35C2-4152-B2AF-4DA5FAE45C61}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{80A10AE8-0482-409F-898C-E06C003E32C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80FBE557-B257-4206-AE6D-29E6C36096C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{867F2B25-47AE-4D8D-89CB-506BFE1E143C}" = protocol=6 | dir=out | app=system |
"{91C169B1-E473-4E9B-A056-AB965480246C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B39CE496-0D68-4B8A-97D2-2694A17FD426}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB477961-DA3F-46A8-A28B-099B034DAC84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B37BF9-031A-4FEC-AA4A-B43021DDC528}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DFE89C92-F128-4F7C-B536-94585B6A884F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4D58D7D-38D2-4498-9C27-FD83860D678E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB094AB4-4774-4D67-AF19-D3F790457AA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCFC48B9-A1B1-4647-A3B1-534E58CC95BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{08DBFEC9-968D-4025-91E2-76FE21BA9346}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3B32EB1A-AC5E-415C-8A65-34A3E6529DCC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{65656573-3EB4-43C0-80E1-432781C54A00}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{891123EE-9CD7-4948-A9A4-0C474E442DB4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D44CC8A7-E860-44B8-B93F-F845408DE7B2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{01287E91-9AD1-435D-A184-FDE4545CD147}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{093B6BED-17ED-45E9-A870-1A9648D0F810}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{728D9E9C-E438-4631-B0F0-C8014BD85AA6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AE7C11F-FCB2-4270-B185-912059E97AA9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B84ABFD6-167D-49D2-9D95-59C16E034503}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7087B4-9ED4-452F-A247-3B05663C3B5A}" = Meine Anlauttabelle für den Computer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EECC97DC-2AF0-4952-8421-349E3D5B0361}" = MindMapper 2.8 (Standard)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira Free Antivirus
"Creative Centrale" = Creative Centrale
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSMT6" = MathType 6
"EPSON BX635FWD Series" = EPSON BX635FWD Series Printer Uninstall
"EPSON BX635FWD Series Netg" = Netzwerkhandbuch EPSON BX635FWD Series
"EPSON BX635FWD Series Useg" = Benutzerhandbuch EPSON BX635FWD Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FormatFactory" = FormatFactory 2.96
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Veetle TV" = Veetle TV 0.9.18
"WinRAR archiver" = WinRAR
"XMind" = XMind
"zabulo_is1" = zabulo 1.2
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2012 10:44:24 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.03.2012 10:44:26 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.03.2012 10:44:36 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:26:00 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:26:58 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:27:00 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:27:01 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2012 14:30:54 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.04.2012 13:18:51 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.04.2012 13:18:51 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ OSession Events ]
Error - 30.01.2011 05:39:35 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.03.2011 08:07:49 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4224
seconds with 540 seconds of active time. This session ended with a crash.
Error - 28.03.2011 09:25:12 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5050 seconds with 2100 seconds of active time. This session ended with a
crash.
Error - 02.05.2011 01:53:13 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 296
seconds with 180 seconds of active time. This session ended with a crash.
Error - 14.08.2011 07:48:24 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2011 11:58:36 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 601
seconds with 600 seconds of active time. This session ended with a crash.
Error - 13.12.2011 12:03:12 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 524
seconds with 360 seconds of active time. This session ended with a crash.
Error - 17.10.2012 06:04:16 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1335
seconds with 1140 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2013 02:16:37 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 21.04.2013 06:03:54 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.05.2013 06:02:06 | Computer Name = OH-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.05.2013 03:31:54 | Computer Name = OH-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 17:25:59 unerwartet heruntergefahren.
Error - 16.05.2013 15:55:18 | Computer Name = OH-PC | Source = Application Popup | ID = 877
Description = Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
Error - 25.05.2013 05:07:35 | Computer Name = OH-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 08.06.2013 04:33:00 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Error - 08.06.2013 04:34:46 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst StiSvc erreicht.
Error - 13.06.2013 11:23:12 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14
Error - 18.06.2013 04:37:00 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-25 20:54:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OLAFHE~1\AppData\Local\Temp\pgddapoc.sys
---- System - GMER 2.1 ----
SSDT 95C532EE ZwCreateSection
SSDT 95C532F8 ZwRequestWaitReplyPort
SSDT 95C532F3 ZwSetContextThread
SSDT 95C532FD ZwSetSecurityObject
SSDT 95C53302 ZwSystemDebugControl
SSDT 95C5328F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E769F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB01F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EB753C 4 Bytes [EE, 32, C5, 95] {OUT DX, AL; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EB7898 4 Bytes [F8, 32, C5, 95] {CLC ; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EB78DC 4 Bytes [F3, 32, C5, 95] {XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EB7958 4 Bytes [FD, 32, C5, 95] {STD ; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EB79AC 4 Bytes [02, 33, C5, 95]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[120] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\schtasks.exe[312] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[324] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
.text C:\Windows\system32\conhost.exe[464] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[500] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetCloseHandle 775D4282 5 Bytes JMP 03F311F0
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpQueryInfoA 775D7079 5 Bytes JMP 03F310E0
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpQueryInfoW 775D77C2 5 Bytes JMP 03F31168
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpSendRequestW 775D7CA6 5 Bytes JMP 03F30BF8
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpOpenRequestW 775D83DD 5 Bytes JMP 03F2F870
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetQueryDataAvailable 775E92E9 5 Bytes JMP 03F30F98
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFile 775E972B 5 Bytes JMP 03F30FE4
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFileExW 775FADD7 5 Bytes JMP 03F3108C
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFileExA 775FAE2E 5 Bytes JMP 03F31038
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpSendRequestA 776A32F2 5 Bytes JMP 03F30C44
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpOpenRequestA 776A3595 5 Bytes JMP 03F2FA40
.text C:\Program Files\Bonjour\mDNSResponder.exe[1968] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2000] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2104] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2196] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\System32\igfxtray.exe[2224] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2592] ntdll.dll!DbgUiRemoteBreakin 779AF17D 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2592] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE[2612] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2720] user32.DLL!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2756] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Samsung\Kies\Kies.exe[3132] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
---- EOF - GMER 2.1 ----
|
|
26.06.2013, 14:35
| #4 |
| | Apothekenmahnung mit Dos File als Anhang Farbar Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 01
Ran by Olaf Henning at 2013-06-26 15:17:53
Running from C:\Users\Olaf Henning\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Design Premium (Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3640)
Benutzerhandbuch EPSON BX635FWD Series
Brockhaus multimedial 2010 (Version: 12.00.0000)
BrowserProtect
CDDRV_Installer (Version: 4.60)
Creative Centrale (Version: 1.19.02)
Creative Software Update (Version: 1.03.01)
Creative ZEN X-Fi2 Dokumentation
DAEMON Tools Lite (Version: 4.47.1.0333)
Download Navigator (Version: 1.1.0)
EPSON BX635FWD Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.3.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.50.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print (Version: 2.4j)
erLT (Version: 1.20.0137)
FormatFactory 2.96 (Version: 2.96)
Free M4a to MP3 Converter 7.0
Free YouTube Download version 3.1.38.1005 (Version: 3.1.38.1005)
Google Earth (Version: 6.0.1.2032)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2141)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Network Connections 15.3.68.0 (Version: 15.3.68.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
KhalInstallWrapper (Version: 2.00.0000)
Logitech SetPoint (Version: 4.80)
MathType 6 (Version: 6.7)
Meine Anlauttabelle für den Computer (Version: 1.00.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MindMapper 2.8 (Standard)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyFreeCodec
Netzwerkhandbuch EPSON BX635FWD Series
PDF Settings (Version: 1.0)
PDFCreator (Version: 1.2.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6106)
Samsung Kies (Version: 2.1.1.11124_17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Softonic_Deutsch Toolbar (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18 (Version: 0.9.18)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
XMind (Version: 3.2.1)
zabulo 1.2
==================== Restore Points =========================
==================== Scheduled Tasks (whitelisted) =============
Task: {358DE5A1-B98B-41D8-B817-7936A716CF88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {3C2A6812-B575-4816-96E7-8BC1C1E7100F} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {8E2A7853-798B-498B-B0A1-1305D856CAD8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {930F477D-1FF6-465A-A367-0062C6D1548F} - System32\Tasks\WPD\SqmUpload_S-1-5-21-31983407-4227671220-347168779-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {B76515C2-1159-4BFB-9253-DFE5377F12FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C94FD778-6F00-40F9-A2A8-FB57BBD4666B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {E81B5A5B-A901-4A14-9FE2-F3E8732516FD} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/25/2013 08:01:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x15f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 07:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0xf3c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 06:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x1254
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 05:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 04:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0xdc4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 03:18:20 PM) (Source: Application Hang) (User: )
Description: Programm OUTLOOK.EXE, Version 12.0.6668.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12e4
Startzeit: 01ce71979df6ed9d
Endzeit: 62
Anwendungspfad: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Berichts-ID: abae43b7-dd99-11e2-b17b-7071bce96e8d
Error: (06/25/2013 03:01:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x14f4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/25/2013 02:01:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0xd98
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/24/2013 08:01:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
Error: (06/24/2013 06:01:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003419b
ID des fehlerhaften Prozesses: 0x1674
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3
System errors:
=============
Error: (06/18/2013 10:37:00 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (06/13/2013 05:23:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%14
Error: (06/08/2013 10:34:46 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst StiSvc erreicht.
Error: (06/08/2013 10:33:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Error: (05/25/2013 11:07:35 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (05/16/2013 09:55:18 PM) (Source: Application Popup) (User: )
Description: Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
Error: (05/04/2013 09:31:54 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?03.?05.?2013 um 17:25:59 unerwartet heruntergefahren.
Error: (05/01/2013 00:02:06 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (04/21/2013 00:03:54 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (04/11/2013 08:16:37 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (10/17/2012 00:04:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1335 seconds with 1140 seconds of active time. This session ended with a crash.
Error: (12/13/2011 06:03:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 524 seconds with 360 seconds of active time. This session ended with a crash.
Error: (10/24/2011 05:58:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 601 seconds with 600 seconds of active time. This session ended with a crash.
Error: (08/14/2011 01:48:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/02/2011 07:53:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 296 seconds with 180 seconds of active time. This session ended with a crash.
Error: (03/28/2011 03:25:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5050 seconds with 2100 seconds of active time. This session ended with a crash.
Error: (03/22/2011 02:07:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4224 seconds with 540 seconds of active time. This session ended with a crash.
Error: (01/30/2011 11:39:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65 seconds with 60 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 3253.31 MB
Available physical RAM: 2177.55 MB
Total Pagefile: 6504.91 MB
Available Pagefile: 5247.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.31 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.46 GB) (Free:222.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 74EF53DD)
Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 01
Ran by Olaf Henning (administrator) on 26-06-2013 15:16:31
Running from C:\Users\Olaf Henning\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
() C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2010-05-07] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-07] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" [219008 2011-04-25] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [960440 2012-08-07] (Samsung)
HKCU\...\Run: [lweuyvxk] C:\Users\Olaf Henning\AppData\Roaming\Yycyk\xqjfyvxk.exe [110592 2013-06-26] (Simon Tatham)
HKCU\...\Run: [logonoeplay] "C:\Users\Olaf Henning\AppData\Roaming\logonoeplay.exe" -autorun [x]
MountPoints2: {21c64b95-4271-11e0-af18-7071bce96e8d} - I:\LaunchU3.exe -a
MountPoints2: {4676aa67-42b1-11e1-8301-7071bce96e8d} - I:\BMMStart.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -Softonic Deutsch Toolbar - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default
FF user.js: detected! => C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=1215612&babsrc=NT_ss&mntrId=2ABF1CAFF7680D57
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Delta Toolbar - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [3085264 2013-06-03] ()
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
==================== Drivers (Whitelisted) ====================
S3 adptahci; C:\Windows\system32\DRIVERS\adptahci.sys [321072 2008-10-31] (Adaptec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-04] (DT Soft Ltd)
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [36552 2009-07-14] (Intel Corporation)
R0 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [112344 2009-12-11] (Intel Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 EverestDriver; \??\C:\tools\everest\kerneld.wnt [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-25 20:56 - 2013-06-25 20:56 - 01370263 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-06-25 20:54 - 2013-06-25 20:54 - 00009050 ____A C:\Users\Olaf Henning\Desktop\Gmer.log
2013-06-25 16:30 - 2013-06-25 16:30 - 00377856 ____A C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe
2013-06-25 16:07 - 2013-06-25 16:07 - 00062944 ____A C:\Users\Olaf Henning\Desktop\Extras.Txt
2013-06-25 16:06 - 2013-06-25 16:36 - 00093114 ____A C:\Users\Olaf Henning\Desktop\OTL.Txt
2013-06-25 15:59 - 2013-06-25 15:59 - 00602112 ____A (OldTimer Tools) C:\Users\Olaf Henning\Desktop\OTL.exe
2013-06-25 15:58 - 2013-06-25 16:31 - 00000486 ____A C:\Users\Olaf Henning\Desktop\defogger_disable.log
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-25 15:56 - 2013-06-25 15:56 - 00050477 ____A C:\Users\Olaf Henning\Desktop\Defogger.exe
2013-06-25 15:08 - 2013-06-25 15:08 - 00000000 ____D C:\Users\Olaf Henning\AppData\Roaming\Yycyk
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 11:02 - 2013-06-22 11:05 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-22 10:32 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerUpdateService.exe
2013-06-22 10:31 - 2013-06-22 10:31 - 00000000 ____D C:\Users\Olaf Henning\AppData\Roaming\File Scout
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-12 12:04 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 12:04 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 12:02 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 12:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 12:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 11:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:33 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:33 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 11:33 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 11:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 11:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 18:31 - 2013-06-10 20:40 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-09 12:17 - 2013-06-10 20:38 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
2013-05-31 10:21 - 2013-05-31 10:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-31 10:21 - 2013-05-31 10:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-31 10:21 - 2013-05-31 10:21 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-31 10:21 - 2013-05-31 10:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-31 10:21 - 2013-05-31 10:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-31 10:19 - 2013-05-31 10:23 - 00009518 ____A C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders ========
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-26 15:14 - 2011-01-10 10:43 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 15:10 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 15:10 - 2009-07-14 06:39 - 00149536 ____A C:\Windows\setupact.log
2013-06-25 20:58 - 2011-01-17 19:16 - 01303588 ____A C:\Windows\WindowsUpdate.log
2013-06-25 20:56 - 2013-06-25 20:56 - 01370263 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-06-25 20:54 - 2013-06-25 20:54 - 00009050 ____A C:\Users\Olaf Henning\Desktop\Gmer.log
2013-06-25 20:01 - 2012-08-02 15:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 16:36 - 2013-06-25 16:06 - 00093114 ____A C:\Users\Olaf Henning\Desktop\OTL.Txt
2013-06-25 16:31 - 2013-06-25 15:58 - 00000486 ____A C:\Users\Olaf Henning\Desktop\defogger_disable.log
2013-06-25 16:30 - 2013-06-25 16:30 - 00377856 ____A C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe
2013-06-25 16:07 - 2013-06-25 16:07 - 00062944 ____A C:\Users\Olaf Henning\Desktop\Extras.Txt
2013-06-25 15:59 - 2013-06-25 15:59 - 00602112 ____A (OldTimer Tools) C:\Users\Olaf Henning\Desktop\OTL.exe
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-25 15:58 - 2011-01-17 19:18 - 00000000 ____D C:\users\Olaf Henning
2013-06-25 15:56 - 2013-06-25 15:56 - 00050477 ____A C:\Users\Olaf Henning\Desktop\Defogger.exe
2013-06-25 15:44 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 15:44 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 15:08 - 2013-06-25 15:08 - 00000000 ____D C:\Users\Olaf Henning\AppData\Roaming\Yycyk
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 17:55 - 2012-08-02 15:06 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-22 17:55 - 2011-03-08 10:46 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-22 11:05 - 2013-06-22 11:02 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-22 10:31 - 2013-06-22 10:31 - 00000000 ____D C:\Users\Olaf Henning\AppData\Roaming\File Scout
2013-06-19 18:52 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 08:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:22 - 2012-03-03 13:15 - 00000000 ____D C:\Users\Olaf Henning\Desktop\ALS
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-13 07:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 12:05 - 2011-01-18 20:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 12:03 - 2011-01-17 19:44 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 12:01 - 2012-08-02 15:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:01 - 2011-06-21 07:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 20:40 - 2013-06-09 18:31 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-10 20:38 - 2013-06-09 12:17 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 11:56 - 2011-09-06 15:35 - 00000000 ____D C:\Users\Olaf Henning\Documents\Schriftverkehr allgemein
2013-06-08 13:42 - 2013-06-12 12:04 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 12:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-05 06:56 - 2013-04-04 10:51 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-06-05 06:56 - 2011-01-20 15:32 - 00024376 ____A C:\Windows\PFRO.log
2013-05-31 10:23 - 2013-05-31 10:19 - 00009518 ____A C:\Windows\IE10_main.log
2013-05-31 10:21 - 2013-05-31 10:21 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-31 10:21 - 2013-05-31 10:21 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-31 10:21 - 2013-05-31 10:21 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-31 10:21 - 2013-05-31 10:21 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-31 10:21 - 2013-05-31 10:21 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-31 10:21 - 2013-05-31 10:21 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-31 10:21 - 2013-05-31 10:21 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-28 15:05 - 2013-06-22 10:32 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerUpdateService.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-18 08:05
==================== End Of Log ============================
Schon mal vielen Dank für die Unterstützung!!! |
|
26.06.2013, 17:04
| #5 | |
| /// the machine /// TB-Ausbilder | Apothekenmahnung mit Dos File als AnhangCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.06.2013, 08:40
| #6 |
| | Apothekenmahnung mit Dos File als Anhang So, da ist auch der Log. Weiterhin vielen Dank für die Hilfe!!!! Code:
ATTFilter ComboFix 13-06-28.01 - Olaf Henning 28.06.2013 9:24.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3253.2305 [GMT 2:00]
ausgeführt von:: c:\users\Olaf Henning\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Olaf Henning\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\users\Olaf Henning\AppData\Roaming\srvdsplay.exe
c:\users\OLAFHE~1\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-28 bis 2013-06-28 ))))))))))))))))))))))))))))))
.
.
2013-06-28 07:31 . 2013-06-28 07:34 -------- d-----w- c:\users\Olaf Henning\AppData\Local\temp
2013-06-28 07:31 . 2013-06-28 07:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-28 07:24 . 2013-06-28 07:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB8B7246-ABB2-4EAC-B6CD-E549F73183ED}\offreg.dll
2013-06-28 07:05 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB8B7246-ABB2-4EAC-B6CD-E549F73183ED}\mpengine.dll
2013-06-26 13:15 . 2013-06-26 13:15 -------- d-----w- C:\FRST
2013-06-25 13:08 . 2013-06-25 13:08 -------- d-----w- c:\users\Olaf Henning\AppData\Roaming\Yycyk
2013-06-22 15:55 . 2013-06-22 15:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 08:32 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-22 08:31 . 2013-06-22 08:31 -------- d-----w- c:\users\Olaf Henning\AppData\Roaming\File Scout
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-17 09:13 . 2013-06-17 09:13 -------- d-----w- c:\program files\QuickTime
2013-06-17 09:13 . 2013-06-17 09:13 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 10:04 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 10:04 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 09:33 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 09:33 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:33 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:33 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 09:33 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 09:33 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 09:33 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 09:33 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 09:33 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 09:33 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 09:33 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 09:33 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 15:55 . 2012-08-02 13:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 15:55 . 2011-03-08 08:46 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 10:01 . 2012-08-02 13:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 10:01 . 2011-06-21 05:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 10:52 . 2013-05-06 10:52 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2011-01-17 17:31 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-13 04:45 . 2013-05-16 05:38 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 05:06 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-16 05:38 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-16 05:38 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-16 05:38 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 08:50 . 2013-04-04 08:50 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE" [2011-04-25 219008]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"lweuyvxk"="c:\users\Olaf Henning\AppData\Roaming\Yycyk\xqjfyvxk.exe" [2013-06-26 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-07 9210400]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserProtect.dll
.
R3 adptahci;adptahci;c:\windows\system32\DRIVERS\adptahci.sys [2008-10-31 321072]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\tools\everest\kerneld.wnt [x]
R3 IAMT03;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMT03.sys [2007-04-11 40848]
R3 IAMTV;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTV.sys [2007-04-11 38288]
R3 IAMTXP;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTXP.sys [2007-04-11 47496]
R3 ioatdma;ioatdma;c:\windows\System32\Drivers\ioatdma.sys [2009-07-14 36552]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd26032.sys [2009-11-16 37576]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-12-11 112344]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 ioatdma1;Intel(R) QuickData Technology device ver.1;c:\windows\System32\Drivers\qd16032.sys [2009-11-16 36552]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-04 242240]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-06-03 3085264]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2011-04-25 130944]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 13:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2abfe6410000000000001caff7680d57
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15799
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.010:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-logonoeplay - c:\users\Olaf Henning\AppData\Roaming\logonoeplay.exe
HKCU-Run-srvdsplay - c:\users\Olaf Henning\AppData\Roaming\srvdsplay.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\tools\everest\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5868)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-28 09:38:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-28 07:38
.
Vor Suchlauf: 10 Verzeichnis(se), 238.847.283.200 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 239.742.070.784 Bytes frei
.
- - End Of File - - 3309D1D9B82FF312E77C93CCCCB53A69
A36C5E4F47E84449FF07ED3517B43A31
|
|
28.06.2013, 09:05
| #7 |
| /// the machine /// TB-Ausbilder | Apothekenmahnung mit Dos File als Anhang Combofix-Skript
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 10:23
| #8 |
| | Apothekenmahnung mit Dos File als Anhang C:\ComboFix.txt - Habe ich zweimal laufen lassen, da ich vergessen hatte die Antivir auszustellen. Dies ist die Datei vom 2. Durchlauf. Der erste ist futsch. Code:
ATTFilter ComboFix 13-07-07.01 - Olaf Henning 07.07.2013 10:50:05.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3253.2185 [GMT 2:00]
ausgeführt von:: c:\users\Olaf Henning\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Olaf Henning\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Olaf Henning\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\users\OLAFHE~1\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-07 bis 2013-07-07 ))))))))))))))))))))))))))))))
.
.
2013-07-07 08:54 . 2013-07-07 08:56 -------- d-----w- c:\users\Olaf Henning\AppData\Local\temp
2013-07-07 08:54 . 2013-07-07 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 08:24 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E42184A-92F0-468F-B8A1-EE4891F9E95C}\mpengine.dll
2013-06-26 13:15 . 2013-06-26 13:15 -------- d-----w- C:\FRST
2013-06-22 15:55 . 2013-06-22 15:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 08:32 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-22 08:31 . 2013-06-22 08:31 -------- d-----w- c:\users\Olaf Henning\AppData\Roaming\File Scout
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-17 09:13 . 2013-06-17 09:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-17 09:13 . 2013-06-17 09:13 -------- d-----w- c:\program files\QuickTime
2013-06-17 09:13 . 2013-06-17 09:13 -------- d-----w- c:\programdata\Apple Computer
2013-06-12 10:04 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 10:04 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 09:33 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 09:33 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:33 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:33 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 09:33 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 09:33 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 09:33 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 09:33 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 09:33 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 09:33 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 09:33 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 09:33 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 08:43 . 2013-05-06 10:52 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-22 15:55 . 2012-08-02 13:06 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 15:55 . 2011-03-08 08:46 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 10:01 . 2012-08-02 13:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 10:01 . 2011-06-21 05:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-31 08:21 . 2013-05-31 08:21 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-31 08:21 . 2013-05-31 08:21 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-31 08:21 . 2013-05-31 08:21 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-31 08:21 . 2013-05-31 08:21 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-31 08:21 . 2013-05-31 08:21 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-31 08:21 . 2013-05-31 08:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-31 08:21 . 2013-05-31 08:21 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-31 08:21 . 2013-05-31 08:21 361984 ----a-w- c:\windows\system32\html.iec
2013-05-31 08:21 . 2013-05-31 08:21 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-31 08:21 . 2013-05-31 08:21 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-31 08:21 . 2013-05-31 08:21 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-31 08:21 . 2013-05-31 08:21 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-31 08:21 . 2013-05-31 08:21 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-31 08:21 . 2013-05-31 08:21 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-31 08:21 . 2013-05-31 08:21 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-31 08:21 . 2013-05-31 08:21 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-31 08:21 . 2013-05-31 08:21 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-02 00:06 . 2011-01-17 17:31 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-13 04:45 . 2013-05-16 05:38 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 05:06 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-16 05:38 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-16 05:38 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-16 05:38 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE" [2011-04-25 219008]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-07 960440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-07 9210400]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-07 345144]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserProtect.dll
.
R3 adptahci;adptahci;c:\windows\system32\DRIVERS\adptahci.sys [2008-10-31 321072]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 30312]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\tools\everest\kerneld.wnt [x]
R3 IAMT03;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMT03.sys [2007-04-11 40848]
R3 IAMTV;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTV.sys [2007-04-11 38288]
R3 IAMTXP;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTXP.sys [2007-04-11 47496]
R3 ioatdma;ioatdma;c:\windows\System32\Drivers\ioatdma.sys [2009-07-14 36552]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd26032.sys [2009-11-16 37576]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [2009-12-11 112344]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 ioatdma1;Intel(R) QuickData Technology device ver.1;c:\windows\System32\Drivers\qd16032.sys [2009-11-16 36552]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-04 242240]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-07-07 84024]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-06-03 3085264]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2011-04-25 130944]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 13:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 2abfe6410000000000001caff7680d57
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15799
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.010:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\tools\everest\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1572)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-07 11:00:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-07 09:00
ComboFix2.txt 2013-06-28 07:38
.
Vor Suchlauf: 13 Verzeichnis(se), 239.756.361.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 239.726.428.160 Bytes frei
.
- - End Of File - - AA3D820957EAB9AA84DBAF782BED25BB
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter # AdwCleaner v2.304 - Datei am 07/07/2013 um 11:04:58 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Olaf Henning - OH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Olaf Henning\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Olaf Henning\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\59578c8fe13ae840
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\59578c8fe13ae840
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\prefs.js
C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=1215612&babsrc=HP_ss&mnt[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=1215612&babsrc=NT_ss&mntrId=2ABF[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "2abfe6410000000000001caff7680d57");
Gelöscht : user_pref("extensions.delta.instlDay", "15799");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.010:51:26");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
*************************
AdwCleaner[S1].txt - [6778 octets] - [07/07/2013 11:04:58]
########## EOF - C:\AdwCleaner[S1].txt - [6838 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Olaf Henning on 07.07.2013 at 11:10:45,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\prefs.js
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.2.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Olaf Henn
Emptied folder: C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\minidumps [383 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2013 at 11:11:32,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Olaf Henning (administrator) on 07-07-2013 11:16:25
Running from C:\Users\Olaf Henning\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2010-05-07] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-07] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" [219008 2011-04-25] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [960440 2012-08-07] (Samsung)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-07] (Avira Operations GmbH & Co. KG)
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
==================== Drivers (Whitelisted) ====================
S3 adptahci; C:\Windows\system32\DRIVERS\adptahci.sys [321072 2008-10-31] (Adaptec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-04] (DT Soft Ltd)
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [36552 2009-07-14] (Intel Corporation)
R0 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [112344 2009-12-11] (Intel Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\Users\OLAFHE~1\AppData\Local\Temp\catchme.sys [x]
S3 EverestDriver; \??\C:\tools\everest\kerneld.wnt [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 11:15 - 2013-07-07 11:15 - 01373373 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-07-07 11:11 - 2013-07-07 11:11 - 00001210 ____A C:\Users\Olaf Henning\Desktop\JRT.txt
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\JRT
2013-07-07 11:09 - 2013-07-07 11:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Olaf Henning\Desktop\JRT.exe
2013-07-07 11:04 - 2013-07-07 11:05 - 00006907 ____A C:\AdwCleaner[S1].txt
2013-07-07 11:04 - 2013-07-07 11:04 - 00650027 ____A C:\Users\Olaf Henning\Desktop\adwcleaner.exe
2013-07-07 11:00 - 2013-07-07 11:00 - 00016860 ____A C:\ComboFix.txt
2013-07-07 10:45 - 2013-07-07 10:45 - 05087096 ____R (Swearware) C:\Users\Olaf Henning\Desktop\ComboFix.exe
2013-06-28 09:22 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 09:22 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 09:22 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 09:19 - 2013-07-07 11:00 - 00000000 ____D C:\Qoobox
2013-06-28 09:19 - 2013-06-28 09:37 - 00000000 ____D C:\Windows\erdnt
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 11:02 - 2013-06-22 11:05 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-22 10:32 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerUpdateService.exe
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-12 12:04 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 12:04 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 12:02 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 12:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 12:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 11:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:33 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:33 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 11:33 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 11:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 11:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 18:31 - 2013-06-10 20:40 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-09 12:17 - 2013-06-10 20:38 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
==================== One Month Modified Files and Folders ========
2013-07-07 11:15 - 2013-07-07 11:15 - 01373373 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-07-07 11:13 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:13 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:11 - 2013-07-07 11:11 - 00001210 ____A C:\Users\Olaf Henning\Desktop\JRT.txt
2013-07-07 11:11 - 2013-03-09 11:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 11:11 - 2011-01-10 10:43 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\JRT
2013-07-07 11:09 - 2013-07-07 11:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Olaf Henning\Desktop\JRT.exe
2013-07-07 11:06 - 2009-07-14 06:39 - 00149872 ____A C:\Windows\setupact.log
2013-07-07 11:05 - 2013-07-07 11:04 - 00006907 ____A C:\AdwCleaner[S1].txt
2013-07-07 11:05 - 2011-01-17 19:16 - 01439127 ____A C:\Windows\WindowsUpdate.log
2013-07-07 11:04 - 2013-07-07 11:04 - 00650027 ____A C:\Users\Olaf Henning\Desktop\adwcleaner.exe
2013-07-07 11:00 - 2013-07-07 11:00 - 00016860 ____A C:\ComboFix.txt
2013-07-07 11:00 - 2013-06-28 09:19 - 00000000 ____D C:\Qoobox
2013-07-07 10:56 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-07-07 10:55 - 2011-01-20 15:32 - 00026008 ____A C:\Windows\PFRO.log
2013-07-07 10:45 - 2013-07-07 10:45 - 05087096 ____R (Swearware) C:\Users\Olaf Henning\Desktop\ComboFix.exe
2013-07-07 10:43 - 2013-05-06 12:52 - 00067168 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-28 09:38 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-28 09:37 - 2013-06-28 09:19 - 00000000 ____D C:\Windows\erdnt
2013-06-26 17:01 - 2012-08-02 15:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-26 15:10 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-25 15:58 - 2011-01-17 19:18 - 00000000 ____D C:\users\Olaf Henning
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 17:55 - 2012-08-02 15:06 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-22 17:55 - 2011-03-08 10:46 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-22 11:05 - 2013-06-22 11:02 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-19 18:52 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 08:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:22 - 2012-03-03 13:15 - 00000000 ____D C:\Users\Olaf Henning\Desktop\ALS
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-13 07:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 12:05 - 2011-01-18 20:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 12:03 - 2011-01-17 19:44 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 12:01 - 2012-08-02 15:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:01 - 2011-06-21 07:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 20:40 - 2013-06-09 18:31 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-10 20:38 - 2013-06-09 12:17 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 11:56 - 2011-09-06 15:35 - 00000000 ____D C:\Users\Olaf Henning\Documents\Schriftverkehr allgemein
2013-06-08 13:42 - 2013-06-12 12:04 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 12:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-18 08:05
==================== End Of Log ============================
--- --- --- Mal wieder besten Dank für die Hilfe. Hoffentlich ist der Rechner nun gerettet!? Grüße Carlos |
|
07.07.2013, 10:28
| #9 |
| /// the machine /// TB-Ausbilder | Apothekenmahnung mit Dos File als Anhang Supi, noch nen Onlinescan und wir sind durch  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Logfile. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 11:49
| #10 |
| | Apothekenmahnung mit Dos File als Anhang Eset - habs versaut. Da studiert man und kann nicht lesen. Ich hatte den Haken bei remove found threads natürlich gesetzt. Vielleicht ist der Code trotzdem nützlich: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f946969ea94903478be6af07d960301e
# engine=14301
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-07 10:33:18
# local_time=2013-07-07 12:33:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 6578 238616488 0 0
# compatibility_mode=5893 16776573 100 94 4144 124824389 0 0
# scanned=129740
# found=1
# cleaned=0
# scan_time=2631
sh=DFC729B1A0DDAD565DE8919D6051DCD17C8477EC ft=1 fh=639f7e8a03ba98f0 vn="Win32/Spy.Bebloh.J trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Olaf Henning\AppData\Roaming\srvdsplay.exe.vir"
security check: Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Olaf Henning (administrator) on 07-07-2013 12:46:37
Running from C:\Users\Olaf Henning\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Olaf Henning\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2010-05-07] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-07] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" [219008 2011-04-25] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [960440 2012-08-07] (Samsung)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Olaf Henning\AppData\Roaming\Mozilla\Firefox\Profiles\5v921moe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-07] (Avira Operations GmbH & Co. KG)
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
==================== Drivers (Whitelisted) ====================
S3 adptahci; C:\Windows\system32\DRIVERS\adptahci.sys [321072 2008-10-31] (Adaptec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-04] (DT Soft Ltd)
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [36552 2009-07-14] (Intel Corporation)
R0 ioatdma1; C:\Windows\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [112344 2009-12-11] (Intel Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\Users\OLAFHE~1\AppData\Local\Temp\catchme.sys [x]
S3 EverestDriver; \??\C:\tools\everest\kerneld.wnt [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 12:46 - 2013-07-07 12:46 - 01373373 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-07-07 12:41 - 2013-07-07 12:41 - 00890988 ____A C:\Users\Olaf Henning\Desktop\SecurityCheck.exe
2013-07-07 11:47 - 2013-07-07 11:47 - 00000000 ____D C:\Program Files\ESET
2013-07-07 11:45 - 2013-07-07 11:45 - 02347384 ____A (ESET) C:\Users\Olaf Henning\Desktop\esetsmartinstaller_enu.exe
2013-07-07 11:11 - 2013-07-07 11:11 - 00001210 ____A C:\Users\Olaf Henning\Desktop\JRT.txt
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\JRT
2013-07-07 11:09 - 2013-07-07 11:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Olaf Henning\Desktop\JRT.exe
2013-07-07 11:04 - 2013-07-07 11:05 - 00006907 ____A C:\AdwCleaner[S1].txt
2013-07-07 11:04 - 2013-07-07 11:04 - 00650027 ____A C:\Users\Olaf Henning\Desktop\adwcleaner.exe
2013-07-07 11:00 - 2013-07-07 11:00 - 00016860 ____A C:\ComboFix.txt
2013-07-07 10:45 - 2013-07-07 10:45 - 05087096 ____R (Swearware) C:\Users\Olaf Henning\Desktop\ComboFix.exe
2013-06-28 09:22 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-28 09:22 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-28 09:22 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-28 09:22 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-28 09:19 - 2013-07-07 11:00 - 00000000 ____D C:\Qoobox
2013-06-28 09:19 - 2013-06-28 09:37 - 00000000 ____D C:\Windows\erdnt
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 11:02 - 2013-06-22 11:05 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-22 10:32 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerUpdateService.exe
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-12 12:04 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 12:04 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 12:04 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 12:02 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 12:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 12:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 12:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 11:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:33 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:33 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 11:33 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 11:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 11:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 18:31 - 2013-06-10 20:40 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-09 12:17 - 2013-06-10 20:38 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
==================== One Month Modified Files and Folders ========
2013-07-07 12:46 - 2013-07-07 12:46 - 01373373 ____A (Farbar) C:\Users\Olaf Henning\Desktop\FRST.exe
2013-07-07 12:41 - 2013-07-07 12:41 - 00890988 ____A C:\Users\Olaf Henning\Desktop\SecurityCheck.exe
2013-07-07 11:47 - 2013-07-07 11:47 - 00000000 ____D C:\Program Files\ESET
2013-07-07 11:45 - 2013-07-07 11:45 - 02347384 ____A (ESET) C:\Users\Olaf Henning\Desktop\esetsmartinstaller_enu.exe
2013-07-07 11:45 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:45 - 2009-07-14 06:34 - 00018480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 11:42 - 2011-01-10 10:43 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 11:41 - 2011-01-17 19:16 - 01448567 ____A C:\Windows\WindowsUpdate.log
2013-07-07 11:38 - 2009-07-14 06:39 - 00149928 ____A C:\Windows\setupact.log
2013-07-07 11:11 - 2013-07-07 11:11 - 00001210 ____A C:\Users\Olaf Henning\Desktop\JRT.txt
2013-07-07 11:11 - 2013-03-09 11:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-07 11:10 - 2013-07-07 11:10 - 00000000 ____D C:\JRT
2013-07-07 11:09 - 2013-07-07 11:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Olaf Henning\Desktop\JRT.exe
2013-07-07 11:05 - 2013-07-07 11:04 - 00006907 ____A C:\AdwCleaner[S1].txt
2013-07-07 11:04 - 2013-07-07 11:04 - 00650027 ____A C:\Users\Olaf Henning\Desktop\adwcleaner.exe
2013-07-07 11:00 - 2013-07-07 11:00 - 00016860 ____A C:\ComboFix.txt
2013-07-07 11:00 - 2013-06-28 09:19 - 00000000 ____D C:\Qoobox
2013-07-07 10:56 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-07-07 10:55 - 2011-01-20 15:32 - 00026008 ____A C:\Windows\PFRO.log
2013-07-07 10:45 - 2013-07-07 10:45 - 05087096 ____R (Swearware) C:\Users\Olaf Henning\Desktop\ComboFix.exe
2013-07-07 10:43 - 2013-05-06 12:52 - 00067168 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-28 09:38 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-28 09:37 - 2013-06-28 09:19 - 00000000 ____D C:\Windows\erdnt
2013-06-26 17:01 - 2012-08-02 15:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 15:15 - 2013-06-26 15:15 - 00000000 ____D C:\FRST
2013-06-26 15:10 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 15:58 - 2013-06-25 15:58 - 00000156 ____A C:\Users\Olaf Henning\defogger_reenable
2013-06-25 15:58 - 2011-01-17 19:18 - 00000000 ____D C:\users\Olaf Henning
2013-06-24 12:10 - 2013-06-24 12:10 - 00000000 ____D C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
2013-06-22 17:55 - 2013-06-22 17:55 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-22 17:55 - 2013-06-22 17:55 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-22 17:55 - 2012-08-02 15:06 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-22 17:55 - 2011-03-08 10:46 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-22 11:05 - 2013-06-22 11:02 - 00012631 ____A C:\Users\Olaf Henning\Desktop\Mappe1 mit Kommentaren von Tanja.xlsx
2013-06-19 18:52 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 08:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-17 18:22 - 2012-03-03 13:15 - 00000000 ____D C:\Users\Olaf Henning\Desktop\ALS
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 11:13 - 2013-06-17 11:13 - 00000000 ____D C:\Program Files\QuickTime
2013-06-13 07:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 12:05 - 2011-01-18 20:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 12:03 - 2011-01-17 19:44 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 12:01 - 2012-08-02 15:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:01 - 2011-06-21 07:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 20:40 - 2013-06-09 18:31 - 06271378 ____A C:\Users\Olaf Henning\Desktop\Präsentation RS-Leiter.pptx
2013-06-10 20:38 - 2013-06-09 12:17 - 01235061 ____A C:\Users\Olaf Henning\Desktop\Präsentation ReLv.pptx
2013-06-10 15:48 - 2013-06-10 15:48 - 00011291 ____A C:\Users\Olaf Henning\Desktop\Spielkarten.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00003654 ____A C:\Users\Olaf Henning\Desktop\Lernplakate.html
2013-06-10 15:47 - 2013-06-10 15:47 - 00002704 ____A C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003495 ____A C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
2013-06-10 15:46 - 2013-06-10 15:46 - 00003322 ____A C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
2013-06-10 15:45 - 2013-06-10 15:45 - 00003201 ____A C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
2013-06-10 12:27 - 2013-06-10 12:27 - 00027292 ____A C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
2013-06-09 11:56 - 2011-09-06 15:35 - 00000000 ____D C:\Users\Olaf Henning\Documents\Schriftverkehr allgemein
2013-06-08 13:42 - 2013-06-12 12:04 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 12:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 12:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-18 08:05
==================== End Of Log ============================
So, ich hoffe trotz meiner freudschen Fehlleistung ist es vollbracht? Vielen Dank an den Schrauber |
|
07.07.2013, 12:46
| #11 |
| /// the machine /// TB-Ausbilder | Apothekenmahnung mit Dos File als Anhang Noch Probleme? Flash und Firefox bitte updaten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Apothekenmahnung mit Dos File als Anhang |
| anhang, dos, file, gemeinde, infektion, liebe, mahnung, natürlich, troja, trojaner, unterstützung |
WARNUNG für die MITLESER: 
Linear-Darstellung
