|
Log-Analyse und Auswertung: Win32.Zbot / Email Anwalt MahnungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.06.2013, 22:42 | #1 |
| Win32.Zbot / Email Anwalt Mahnung Schönen guten Tag, mein Vater hat gestern eine Spam Email von einer Anwaltskanzlei(Limango) erhalten, mit Mahnungen bzgl unbezahlten Rechnungen und diversen Drohungen. Er rief mich, um zu fragen was dies sei, doch bevor ich an seinem Platz war hatte er die doppelt gezippe Datei und die beeinhaltete .com Datei geöffnet. Seiner Ausführung nach beinhaltete die Datei "Kauderwelsch". Auf seinem PC ist KIS 2013 installiert doch das Programm hat keinen Virus erkannt. Ich habe die Datei bei virustotal hochgeladen und sie wurde von 4/47 erkannt, leider nicht von KIS. Erkannt wurde sie als Trojan/Win32.Zbot, W32/Injector.AIAO!tr, Trojan.Zbot.FV, Trojan.Agent/Gen-Multi . Ich habe bereits ein Virenremovetool für zbot von avg heruntergeladen und lasse es gerade auf seinem Programm laufen. Der PC ist vom Internet abgekoppelt. Das Kaspersky Tool zum Entfernen habe ich leider nicht runterladen können, 404 Fehler. Was hat er jetzt zu erwarten und was kann ich tun? Ich habe im Anhang ein OTL Log. Gmer verursacht bluescreen. Edit: AVG Removetool hat nichts gefunden... Geändert von GetBlack (26.06.2013 um 23:23 Uhr) |
27.06.2013, 00:07 | #2 | ||
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Hallo,
__________________Zitat:
Zitat:
Ich hab nämlich das Gefühl, das Ding konnte sich nicht installieren (oder ich hab im bisherigen Log noch nicht alles gesehen). Aber schauen wir nochmals: Scan mit Combofix
__________________ |
27.06.2013, 00:58 | #3 |
| Win32.Zbot / Email Anwalt Mahnung Huch, so spät noch jemand hier, sehr schön
__________________Ja, hat mich auch etwas erschrocken. Eigentlich habe ich mich mit Kaspersky immer ziemlich in Sicherheit gefühlt. Was empfiehlst du denn? Er hat das Zip File geöffnet, dann darin das zip file geöffnet und daran die .com Datei auch geöffnet (alles mit Doppelklick und direkt in Winrar). Wäre natürlich schön, wenn sich das nicht ausgebreitet hat... Combofix Logfile: Code:
ATTFilter ComboFix 13-06-26.01 - Christian 27.06.2013 1:52.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7893.6009 [GMT 2:00] ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\users\Christian\AppData\Local\assembly\tmp c:\users\Christian\AppData\Local\MSoft c:\users\Christian\AppData\Local\MSoft\meritum\ApplicationResources.dll c:\users\Christian\AppData\Local\MSoft\meritum\Arbeitszeitvereinbarung.dll c:\users\Christian\AppData\Local\MSoft\meritum\Baustelle.dll c:\users\Christian\AppData\Local\MSoft\meritum\Beitragsnachweis.dll c:\users\Christian\AppData\Local\MSoft\meritum\Client.dll c:\users\Christian\AppData\Local\MSoft\meritum\ClientProxy.dll c:\users\Christian\AppData\Local\MSoft\meritum\ClientProxy.XmlSerializers.dll c:\users\Christian\AppData\Local\MSoft\meritum\Einrichtung.dll c:\users\Christian\AppData\Local\MSoft\meritum\Erfassung.dll c:\users\Christian\AppData\Local\MSoft\meritum\Feiertage.dll c:\users\Christian\AppData\Local\MSoft\meritum\Firma.dll c:\users\Christian\AppData\Local\MSoft\meritum\Kostenstelle.dll c:\users\Christian\AppData\Local\MSoft\meritum\Krankenkasse.dll c:\users\Christian\AppData\Local\MSoft\meritum\Lohnart.dll c:\users\Christian\AppData\Local\MSoft\meritum\Meldecenter.dll c:\users\Christian\AppData\Local\MSoft\meritum\Monatsabschluss.dll c:\users\Christian\AppData\Local\MSoft\meritum\Personal.dll c:\users\Christian\AppData\Local\MSoft\meritum\Protocol.dll c:\users\Christian\AppData\Local\MSoft\meritum\ReportingProcess.dll c:\users\Christian\AppData\Local\MSoft\meritum\SharedFunctions.dll c:\users\Christian\AppData\Local\MSoft\meritum\Tarif.dll c:\users\Christian\AppData\Local\MSoft\meritum\WebServiceCalls.dll c:\users\Christian\AppData\Local\MSoft\meritum\WindowsClient.exe c:\users\Christian\AppData\Local\MSoft\meritum\Wpf.dll c:\users\Christian\AppData\Local\MSoft\meritum\WPFToolkit.dll c:\users\Christian\AppData\Local\MSoft\meritum\Zahlungsverkehr.dll c:\windows\IsUn0407.exe c:\windows\UA000061.DLL . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-26 bis 2013-06-26 )))))))))))))))))))))))))))))) . . 2013-06-26 23:54 . 2013-06-26 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-26 23:54 . 2013-06-26 23:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-06-26 03:47 . 2013-06-26 21:34 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EC6B9B8-A01B-4FB1-9D88-F87D34133A09}\offreg.dll 2013-06-25 17:10 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EC6B9B8-A01B-4FB1-9D88-F87D34133A09}\mpengine.dll 2013-06-12 17:17 . 2013-06-26 21:22 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp 2013-06-12 13:07 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\program files\iPod 2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-09 10:04 . 2013-06-09 10:04 -------- d-----w- c:\program files\iTunes 2013-05-30 13:06 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-05-30 13:06 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-05-30 13:06 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-05-30 13:06 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-05-30 13:06 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-05-30 13:06 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-05-30 13:06 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-05-30 13:06 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-05-30 13:06 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-26 21:22 . 2012-09-23 00:55 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2013-06-25 12:29 . 2013-05-22 16:47 164880 ---ha-w- c:\users\Christian\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2013-06-17 09:41 . 2012-06-08 09:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-06-12 17:02 . 2012-09-27 14:35 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 11:27 . 2012-09-22 19:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 11:27 . 2012-09-22 19:38 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-07 01:00 . 2013-05-07 01:00 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-07 01:00 . 2013-05-07 01:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-07 01:00 . 2013-05-07 01:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-07 01:00 . 2013-05-07 01:00 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-07 01:00 . 2013-05-07 01:00 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-07 01:00 . 2013-05-07 01:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-07 01:00 . 2013-05-07 01:00 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-07 01:00 . 2013-05-07 01:00 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-07 01:00 . 2013-05-07 01:00 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-07 01:00 . 2013-05-07 01:00 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-07 01:00 . 2013-05-07 01:00 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-07 01:00 . 2013-05-07 01:00 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-07 01:00 . 2013-05-07 01:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-07 01:00 . 2013-05-07 01:00 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-07 01:00 . 2013-05-07 01:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-07 01:00 . 2013-05-07 01:00 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-07 01:00 . 2013-05-07 01:00 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-07 01:00 . 2013-05-07 01:00 441856 ----a-w- c:\windows\system32\html.iec 2013-05-07 01:00 . 2013-05-07 01:00 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-07 01:00 . 2013-05-07 01:00 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-07 01:00 . 2013-05-07 01:00 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-07 01:00 . 2013-05-07 01:00 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-07 01:00 . 2013-05-07 01:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-07 01:00 . 2013-05-07 01:00 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-07 01:00 . 2013-05-07 01:00 235008 ----a-w- c:\windows\system32\url.dll 2013-05-07 01:00 . 2013-05-07 01:00 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-07 01:00 . 2013-05-07 01:00 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-07 01:00 . 2013-05-07 01:00 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-07 01:00 . 2013-05-07 01:00 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-07 01:00 . 2013-05-07 01:00 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-07 01:00 . 2013-05-07 01:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-07 01:00 . 2013-05-07 01:00 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-07 01:00 . 2013-05-07 01:00 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-07 01:00 . 2013-05-07 01:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-07 01:00 . 2013-05-07 01:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-07 01:00 . 2013-05-07 01:00 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-07 01:00 . 2013-05-07 01:00 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-07 01:00 . 2013-05-07 01:00 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-07 01:00 . 2013-05-07 01:00 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-07 01:00 . 2013-05-07 01:00 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-07 01:00 . 2013-05-07 01:00 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-07 01:00 . 2013-05-07 01:00 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-07 01:00 . 2013-05-07 01:00 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-07 01:00 . 2013-05-07 01:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-07 01:00 . 2013-05-07 01:00 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-07 01:00 . 2013-05-07 01:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-07 01:00 . 2013-05-07 01:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-07 01:00 . 2013-05-07 01:00 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-07 01:00 . 2013-05-07 01:00 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-02 00:06 . 2012-09-22 19:47 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-22 10:38 . 2012-08-13 14:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-04-22 10:38 . 2012-09-22 19:32 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-04-22 10:38 . 2012-09-22 19:32 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-04-13 05:49 . 2013-05-15 16:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 16:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 16:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 16:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 16:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 16:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 16:59 . 2012-09-22 19:57 290816 ------w- c:\windows\Setup1.exe 2013-04-12 14:45 . 2013-04-24 04:53 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 16:59 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 16:59 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 16:59 3153920 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "LANCAPI"="b:\program files (x86)\LANCOM\LANCAPI\rcapi.exe" [2011-06-16 482816] "LANconfig"="b:\program files (x86)\LANCOM\LANconfig\lanconf.exe" [2013-04-17 4709376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-13 356376] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "“FjISIS WIA Service Checker"="c:\windows\pixtran\fujitsu\FiWiaChecker.exe" [2009-10-21 86016] "Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2009-07-08 131072] "FTPWRENV"="c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe" [2007-10-16 45056] "FiWIA Service Checker"="c:\windows\Twain_32\Fjscan32\FiWiaChecker.exe" [2009-10-21 86016] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "iTunesHelper"="b:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VR-NetWorld Auftragsprüfung.lnk - b:\vr-networld\VRToolCheckOrder.exe /autostart [2012-9-23 1136640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "wave2"=AvmSnd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys;c:\windows\SYSNATIVE\DRIVERS\OxPPort.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys;c:\windows\SYSNATIVE\DRIVERS\imdisk.sys [x] R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe;c:\windows\SYSNATIVE\imdsksvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x] R4 SQLAgent$DAVID;SQL Server Agent (DAVID);c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\SQLAGENT.EXE [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x] S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 LcsFwTool;LANCOM Systems FWTool;b:\program files (x86)\LANCOM\LANCAPI\fwtool.exe;b:\program files (x86)\LANCOM\LANCAPI\fwtool.exe [x] S2 MSSQL$DAVID;SQL Server (DAVID);c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\sqlservr.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x] S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 LcsCapiDrv;LANCAPI Driver;c:\windows\system32\DRIVERS\rcapi.sys;c:\windows\SYSNATIVE\DRIVERS\rcapi.sys [x] S3 LCSWAN;LANCOM NDISWAN;c:\windows\system32\DRIVERS\lcswan.sys;c:\windows\SYSNATIVE\DRIVERS\lcswan.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 MSSQLFDLauncher$DAVID;SQL Full-text Filter Daemon Launcher (DAVID);c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\fdlauncher.exe [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 11:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.delta-search.com/?affID=119370&tt=040413_9114&babsrc=HP_ss&mntrId=20DEBC5FF43658E8 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - %ProgramFiles(x86)%\ELOprofessional\Prog\Client\EloArcConnect.exe IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - %ProgramFiles(x86)%\ELOprofessional\Prog\Client\EloInternetExplorer.htm TCP: Interfaces\{5B1FBBE4-F061-4129-8F0D-BF08D34F237C}: NameServer = 192.168.0.1 FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3t87li6m.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: 2013-06-06 07:09; {84b24861-62f6-364b-eba5-2e5e2061d7e6}; c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3t87li6m.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 20de0f2e000000000000bc5ff43658e8 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15799 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:14 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file) Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe Wow6432Node-HKLM-Run-NWEReboot - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-DATA BECKER - Die große CD-Druckerei - c:\windows\IsUn0407.exe AddRemove-ScheerWin - c:\windows\IsUn0407.exe AddRemove-T-Com MMS - c:\windows\IsUn0407.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77, 51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56, 77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41 "{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e, 9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:f8,82,62,76,9c,66,ce,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,4c,cf,92,36,ab,a4,4b,97,ff,64,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,4c,cf,92,36,ab,a4,4b,97,ff,64,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-27 01:56:05 ComboFix-quarantined-files.txt 2013-06-26 23:56 . Vor Suchlauf: 16 Verzeichnis(se), 111.543.668.736 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 113.413.427.200 Bytes frei . - - End Of File - - B6FC054035B2E422BB669A6F5589ACDE D41D8CD98F00B204E9800998ECF8427E |
27.06.2013, 10:59 | #4 | |
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Hallo, Zitat:
Ein Antivirenprogramm kann dich nicht schützen. Das musst du selbst tun. Das AVP unterstützt dich dabei, mehr nicht. Spielt auch keine grosse Rolle, welches Produkt du wählst, Kaspersky ist schon ok. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
27.06.2013, 12:06 | #5 |
| Win32.Zbot / Email Anwalt Mahnung ADW Cleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 27/06/2013 um 12:17:15 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : Christian - CHRISTIAN-PC # Bootmodus : Normal # Ausgeführt unter : B:\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3t87li6m.default\searchplugins\delta.xml Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\ProgramData\IBUpdaterService Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Claro LTD Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Delta Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DSite ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\bProtector Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\5968a8cb46aee14 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5968a8cb46aee14 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LanConfig Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370&tt=040413_9114&babsrc=HP_ss&mntrId=20DEBC5FF43658E8 --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3t87li6m.default\prefs.js C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3t87li6m.default\user.js ... Gelöscht ! Gelöscht : user_pref("extensions.delta.admin", false); Gelöscht : user_pref("extensions.delta.aflt", "babsst"); Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Gelöscht : user_pref("extensions.delta.dfltLng", "en"); Gelöscht : user_pref("extensions.delta.excTlbr", false); Gelöscht : user_pref("extensions.delta.id", "20de0f2e000000000000bc5ff43658e8"); Gelöscht : user_pref("extensions.delta.instlDay", "15799"); Gelöscht : user_pref("extensions.delta.instlRef", "sst"); Gelöscht : user_pref("extensions.delta.newTab", false); Gelöscht : user_pref("extensions.delta.prdct", "delta"); Gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Gelöscht : user_pref("extensions.delta.rvrt", "false"); Gelöscht : user_pref("extensions.delta.smplGrp", "none"); Gelöscht : user_pref("extensions.delta.tlbrId", "base"); Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0"); Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.018:14:41"); Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0"); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [7782 octets] - [27/06/2013 12:17:15] ########## EOF - C:\AdwCleaner[S1].txt - [7842 octets] ########## OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2013 12:38:22 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = B:\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 73,75% Memory free 15,41 Gb Paging File | 13,40 Gb Available in Paging File | 86,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 167,58 Gb Total Space | 105,73 Gb Free Space | 63,09% Space Free | Partition Type: NTFS Drive K: | 59,61 Gb Total Space | 5,82 Gb Free Space | 9,76% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - B:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\PIXTRAN\Fujitsu\FiWiaChecker.exe (PFU LIMITED) PRC - C:\Windows\twain_32\Fjscan32\FjtwMkup.exe (FUJITSU LIMITED) PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) PRC - C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED) PRC - C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe (PFU LIMITED) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\44163df57c05328264e0c61965f35220\System.Configuration.ni.dll () MOD - C:\Users\Christian\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e0654ac2d06b03e8636eccc99cbdb149\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d44314c2a48691577c6b0c93a75e76c1\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Users\Christian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () ========== Services (SafeList) ========== SRV:64bit: - (ImDskSvc) -- C:\Windows\SysNative\imdsksvc.exe (Olof Lagerkvist) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LcsFwTool) -- B:\Program Files (x86)\LANCOM\LANCAPI\fwtool.exe (LANCOM Systems GmbH, Würselen (Germany)) SRV - (MSSQLFDLauncher$DAVID) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (MSSQL$DAVID) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$DAVID) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DAVID\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) SRV - (FJTWMKSV) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe (PFU LIMITED) ========== Driver Services (SafeList) ========== DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys () DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys () DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys () DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys () DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (LcsCapiDrv) -- C:\Windows\SysNative\drivers\rcapi.sys (LANCOM Systems) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (LCSWAN) -- C:\Windows\SysNative\drivers\lcswan.sys (LANCOM Systems) DRV:64bit: - (ImDisk) -- C:\Windows\SysNative\drivers\imdisk.sys (Olof Lagerkvist) DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation) DRV:64bit: - (AWEAlloc) -- C:\Windows\SysNative\drivers\awealloc.sys (Olof Lagerkvist) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM) DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = B:\Downloads IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B4 1B FC 5B A2 CD 01 [binary data] IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B84b24861-62f6-364b-eba5-2e5e2061d7e6%7D:0.9.4 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 12:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 12:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 12:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 12:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 12:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.30 16:02:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.30 16:02:39 | 000,000,000 | ---D | M] [2012.10.08 16:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2013.06.15 15:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\3t87li6m.default\Extensions [2013.06.06 07:09:09 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\3t87li6m.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2013.06.15 15:34:02 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\3t87li6m.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.23 06:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 06:08:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.06.27 01:55:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Seagull Drivers] C:\Windows\ssdal_nc.exe () O4 - HKLM..\Run: [“FjISIS WIA Service Checker] C:\Windows\PIXTRAN\Fujitsu\FiWiaChecker.exe (PFU LIMITED) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe (PFU LIMITED) O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000..\Run: [LANCAPI] B:\Program Files (x86)\LANCOM\LANCAPI\rcapi.exe (LANCOM Systems GmbH, Würselen (Germany)) O4 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000..\Run: [LANconfig] B:\Program Files (x86)\LANCOM\LANconfig\lanconf.exe (LANCOM Systems GmbH, Würselen (Germany)) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - %ProgramFiles%\ELOprofessional\Prog\Client\EloArcConnect.exe File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - %ProgramFiles%\ELOprofessional\Prog\Client\EloInternetExplorer.htm File not found O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOprofessional\Prog\Client\EloArcConnect.exe () O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOprofessional\Prog\Client\EloInternetExplorer.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3352109736-2394544337-1827286217-1000\..Trusted Domains: Windowsserver ([]file in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B1FBBE4-F061-4129-8F0D-BF08D34F237C}: NameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.27 01:57:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.27 01:51:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.27 01:51:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.27 01:51:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.27 01:51:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.27 01:51:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.27 01:51:28 | 005,083,236 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe [2013.06.26 23:22:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.06.09 12:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.09 12:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.09 12:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.09 12:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.30 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.05.30 14:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.27 12:34:01 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.06.27 12:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.27 12:33:58 | 1912,397,823 | -HS- | M] () -- C:\hiberfil.sys [2013.06.27 12:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.27 12:17:22 | 001,689,792 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.27 12:17:22 | 000,726,568 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.27 12:17:22 | 000,685,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.27 12:17:22 | 000,156,430 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.27 12:17:22 | 000,132,516 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.27 01:55:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.27 01:49:30 | 005,083,236 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe [2013.06.26 23:29:56 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 23:29:56 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 23:22:47 | 830,717,286 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.26 12:45:39 | 000,002,284 | -H-- | M] () -- C:\Users\Christian\Documents\Default.rdp [2013.06.23 18:14:03 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT [2013.06.18 18:55:45 | 000,331,654 | ---- | M] () -- C:\Users\Christian\screenshot2.png [2013.06.18 18:55:32 | 000,303,285 | ---- | M] () -- C:\Users\Christian\screenshot.png [2013.06.17 11:41:23 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.06.10 07:41:11 | 000,001,057 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.10 07:41:06 | 000,001,033 | ---- | M] () -- C:\Users\Christian\Desktop\Dropbox.lnk [2013.06.09 12:04:38 | 000,001,622 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.08 15:31:50 | 002,360,832 | ---- | M] () -- C:\Users\Christian\Desktop\upload.exe [2013.05.30 14:07:01 | 003,199,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.27 01:51:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.27 01:51:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.27 01:51:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.27 01:51:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.27 01:51:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.26 23:22:47 | 830,717,286 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.18 18:55:45 | 000,331,654 | ---- | C] () -- C:\Users\Christian\screenshot2.png [2013.06.18 18:55:32 | 000,303,285 | ---- | C] () -- C:\Users\Christian\screenshot.png [2013.06.13 18:14:16 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT [2013.06.11 08:20:51 | 002,360,832 | ---- | C] () -- C:\Users\Christian\Desktop\upload.exe [2013.04.12 20:23:08 | 000,000,288 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\.backup.dm [2013.03.28 15:23:53 | 000,296,928 | ---- | C] () -- C:\Users\Christian\Schriftverkehr ausgehend_.PDF [2013.03.12 20:49:15 | 000,003,431 | ---- | C] () -- C:\Windows\DBCDDFMT.INI [2013.03.01 11:06:26 | 000,207,875 | ---- | C] () -- C:\Users\Christian\Düsenverschluss.pdf [2013.02.25 16:11:16 | 000,000,218 | ---- | C] () -- C:\Windows\ktel.ini [2013.02.24 17:16:14 | 000,000,712 | R--- | C] () -- C:\Windows\FJTWSTI.INI [2013.01.22 16:19:53 | 000,215,090 | ---- | C] () -- C:\Users\Christian\1992-10-1.zip [2012.12.25 15:23:42 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\AvmFaxSP.dll [2012.12.25 15:23:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\AvmSnd.dll [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.11.25 17:15:57 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2012.11.20 12:09:01 | 000,098,304 | R--- | C] () -- C:\Windows\SysWow64\fjstdp64.exe [2012.11.20 12:09:01 | 000,001,850 | R--- | C] () -- C:\Windows\SysWow64\FJOEMINF.ini [2012.11.20 12:09:01 | 000,001,026 | R--- | C] () -- C:\Windows\SysWow64\copyres.ini [2012.11.20 12:09:00 | 000,131,072 | R--- | C] () -- C:\Windows\SysWow64\fsipdcbw.dll [2012.11.20 12:08:59 | 000,000,197 | R--- | C] () -- C:\Windows\SysWow64\fjdeskew.ini [2012.11.17 15:30:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.10.16 16:00:38 | 000,000,086 | ---- | C] () -- C:\Windows\Tobit.ini [2012.10.11 13:09:33 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.10.09 08:41:53 | 000,000,031 | ---- | C] () -- C:\Windows\pixcache.ini [2012.10.08 17:10:16 | 000,099,840 | ---- | C] () -- C:\Windows\IMGMSGMO.dll [2012.10.08 17:10:16 | 000,099,840 | ---- | C] () -- C:\Windows\IMGMSGMO(43).dll [2012.09.27 12:02:59 | 000,000,081 | ---- | C] () -- C:\Windows\setscan.ini [2012.09.25 13:41:32 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2012.09.24 12:16:42 | 000,000,000 | ---- | C] () -- C:\Users\Christian\Benutzerwörterbuch.dic [2012.09.24 11:13:41 | 000,000,339 | ---- | C] () -- C:\Windows\MSTCTI.INI [2012.09.24 11:11:54 | 000,000,104 | ---- | C] () -- C:\Windows\MS_PW.INI [2012.09.24 07:28:25 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.23 12:59:40 | 000,000,364 | ---- | C] () -- C:\Windows\ODBC.INI [2012.09.23 12:07:40 | 000,004,308 | ---- | C] () -- C:\Windows\WOSDB.DLL [2012.09.23 12:07:36 | 000,001,761 | ---- | C] () -- C:\Windows\WOS.INI [2012.09.23 02:48:19 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.09.23 02:48:19 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.09.22 21:54:04 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll [2012.09.22 21:54:04 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll [2012.09.22 21:52:27 | 000,000,109 | ---- | C] () -- C:\Windows\cdlli40.INI [2012.07.26 22:35:40 | 000,063,488 | ---- | C] () -- C:\Windows\ssdal_nc.exe [2012.04.20 09:19:34 | 001,171,856 | ---- | C] () -- C:\Windows\SysWow64\SoftekBarcode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.22 08:37:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ARDIS [2013.01.02 09:09:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avery [2013.02.25 16:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2013.06.27 12:34:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox [2012.09.22 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Elo [2012.11.20 12:08:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\EMC [2013.04.02 19:54:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla [2012.09.27 11:20:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Fujitsu [2013.05.22 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GetRightToGo [2012.11.20 12:21:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ISIS Drivers [2013.02.26 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\klickTel [2012.11.20 12:16:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Kofax [2012.10.09 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PamFax Office Integrations [2012.09.23 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCCUStubInstaller [2012.11.25 12:12:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ProtectDISC [2013.04.13 10:08:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SanDisk SecureAccess [2012.10.08 16:02:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Softland [2012.11.27 14:45:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TCom [2013.04.02 13:07:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer [2012.10.11 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Tobit [2013.01.02 08:52:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ulead Systems [2013.01.21 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinTrack ========== Purity Check ========== < End of report > |
27.06.2013, 12:19 | #6 |
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Kleine Zwischenfrage: Die Logs werden in dem Benutzerkonto erstellt, in welchem dein Vater das File geöffnet hat?
__________________ --> Win32.Zbot / Email Anwalt Mahnung |
27.06.2013, 12:25 | #7 |
| Win32.Zbot / Email Anwalt Mahnung Hallo, ja, gibt eigentlich auch nur ein Benutzerkonto! |
27.06.2013, 12:31 | #8 |
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Ok, wollte nur sicher gehen. Für mich sieht das gut aus, aber wir lassen uns noch eine Zweitmeinung von zwei Scannern geben: Schritt 1 Fixen mit OTL
Code:
ATTFilter :commands [emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
05.07.2013, 00:37 | #9 |
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ cheers, Leo |
05.07.2013, 07:08 | #10 |
| Win32.Zbot / Email Anwalt Mahnung Hey! Danke, sollte soweit gut sein. Malware AntiBytes hat nichts gefunden. Auch Kaspersky hat auf meine Anfrage hin den Virus untersucht und in ihre Datenbank aufgenommen. Nach Rücksprache mit meinem Vater hat er den Virus wohl tatsächlich nicht richtig geöffnet sondern es öffnete sich ein Editor. Vielen Dank dir. |
05.07.2013, 10:27 | #11 |
/// TB-Ausbilder | Win32.Zbot / Email Anwalt Mahnung Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Win32.Zbot / Email Anwalt Mahnung |
.com, anhang, anwalt, ausführung, bluescreen, datei, diverse, doppelt, email, entfernen, frage, fragen, gmer, guten, installiert, internet, kaspersky, programm, spam, spam email, trojan/win32.zbot, verursacht, virus, virustotal |