|
Log-Analyse und Auswertung: weißer Bildschirm nach BundestrojanerbefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.07.2013, 09:21 | #1 |
| weißer Bildschirm nach Bundestrojanerbefall Mein PC war mit dem Bundestrojaner befallen. Habe kav_rescue 10 laufen lassen. Nach dem Neustart erhalte ich ganz kurz meinen alten Desktop, danach nur noch einen weißen Bildschirm. Im abgesicherten Modus läuft das System. Habe im abgesicherten Modus Kaspersky laufen lassen, einige Viren entfernt, trotzdem bleibt nach dem Start der Bildschirm weiß. Habe heute einen OTLPE-Scan durchgeführt. Hier das Protokoll:Anhang 57749 need help LG Peter |
11.07.2013, 10:54 | #2 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Hi,
__________________So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
11.07.2013, 20:21 | #3 |
| weißer Bildschirm nach BundestrojanerbefallCode:
ATTFilter OTL logfile created on: 7/11/2013 10:52:52 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.08 Gb Total Space | 20.59 Gb Free Space | 7.15% Space Free | Partition Type: NTFS Drive D: | 9.99 Gb Total Space | 4.65 Gb Free Space | 46.54% Space Free | Partition Type: FAT32 Drive H: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.29% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2013/07/04 03:09:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/23 17:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011/08/03 03:24:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/10/01 16:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2010/09/27 05:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009/12/21 11:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009/11/18 18:05:00 | 000,065,536 | ---- | M] (CodeGear) [Auto] -- C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe -- (BlackfishSQL) SRV - [2008/09/16 06:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/01 07:11:04 | 002,105,344 | ---- | M] (Borland Software Corporation) [On_Demand] -- C:\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db) SRV - [2007/08/01 07:11:04 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto] -- C:\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db) SRV - [2007/06/27 03:40:44 | 000,069,120 | ---- | M] (Google) [Disabled] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007/04/13 12:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2006/02/15 05:56:40 | 000,184,320 | ---- | M] () [Auto] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt) SRV - [2006/02/07 10:10:14 | 000,106,496 | ---- | M] ( ) [Auto] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1) SRV - [2005/05/12 20:00:00 | 000,374,206 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (DMSKSSRh) DRV - [2011/09/07 04:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2011/05/13 14:35:22 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2010/11/09 22:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2010/11/09 22:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010/09/27 05:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/12/14 06:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009/12/14 06:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009/11/26 07:10:20 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2009/10/14 15:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG) DRV - [2009/10/02 13:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 08:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009/09/01 09:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/11/16 12:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/02/10 00:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007/02/05 04:22:02 | 000,134,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007/02/01 18:24:42 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006/10/30 18:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2005/10/31 06:28:04 | 000,015,616 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ECS_Loader_220.sys -- (ECS_Loader_220) DRV - [2005/05/12 20:00:00 | 000,452,736 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005/04/06 09:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} IE - HKU\Svetlana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Svetlana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\NPSibelius.dll () FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/23 13:43:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 07:54:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012/07/04 06:12:28 | 000,000,000 | ---D | M] [2012/11/19 12:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/01/26 10:04:11 | 000,000,000 | ---D | M] (Amazon-Startcenter) -- C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2008/01/26 10:04:11 | 000,000,000 | ---D | M] (Home Extension) -- C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2008/01/26 10:04:10 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2008/01/26 10:04:08 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2008/01/26 10:04:12 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2008/01/26 10:04:09 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} [2008/04/25 12:50:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010/06/13 13:36:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/27 01:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/09 05:40:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/07 12:30:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/04/02 12:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/09 07:46:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/11/19 12:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2008/01/26 10:04:10 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2010/12/08 13:56:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011/12/20 04:39:30 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010/12/08 13:56:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2009/03/18 16:07:24 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2009/03/18 16:07:14 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/03/18 16:07:14 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/03/18 16:07:14 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/03/18 16:07:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/03/18 16:07:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/03/18 16:07:22 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009/03/18 16:07:22 | 000,001,063 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2007/06/12 06:49:42 | 000,004,292 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml [2009/03/18 16:07:22 | 000,000,998 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009/03/18 16:07:22 | 000,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\Svetlana_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Svetlana_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Svetlana_ON_C..\Run: [] File not found O4 - HKU\Svetlana_ON_C..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\Svetlana_ON_C..\Run: [GameXN GO] File not found O4 - HKU\Svetlana_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\Svetlana_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\Svetlana_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - Startup: Error locating startup folders. O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Svetlana_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Svetlana_ON_C Winlogon: Shell - (C:\Users\Svetlana\AppData\Roaming\skype.dat) - C:\Users\Svetlana\AppData\Roaming\skype.dat () O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/07/09 05:09:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013/07/05 05:09:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/05 05:09:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2013/07/05 05:09:34 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/05 05:09:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/05 05:09:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/05 05:09:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/05 05:09:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2013/07/05 05:09:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/05 05:09:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/05 05:09:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/05 04:37:40 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2013/07/05 04:37:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013/07/04 03:43:17 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/07/04 03:43:16 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/07/04 03:41:08 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/07/04 03:41:08 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/07/04 03:32:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013/07/04 03:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013/07/11 03:14:23 | 000,000,004 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini [2013/07/11 03:03:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/11 02:59:55 | 000,643,586 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/07/11 02:59:55 | 000,608,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/11 02:59:55 | 000,133,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/07/11 02:59:55 | 000,109,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/11 02:52:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/11 02:52:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/11 02:52:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/11 02:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/11 02:51:50 | 2012,667,904 | -HS- | M] () -- C:\hiberfil.sys [2013/07/09 12:48:59 | 000,008,160 | ---- | M] () -- C:\Users\Svetlana\AppData\Local\d3d9caps.dat [2013/07/09 12:20:13 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/05 07:06:18 | 000,058,880 | ---- | M] () -- C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/07/04 03:08:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/04 03:08:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/07/11 02:51:50 | 2012,667,904 | -HS- | C] () -- C:\hiberfil.sys [2013/07/09 02:12:34 | 000,000,004 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini [2012/10/15 04:12:12 | 000,023,580 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\UserTile.png [2012/04/25 03:16:11 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins21.dat [2012/04/25 01:59:51 | 000,186,493 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2012/04/25 01:59:51 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2012/02/01 13:37:49 | 000,000,432 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012/01/18 06:22:19 | 000,156,672 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\skype.dat [2011/12/20 04:39:04 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011/12/20 04:39:04 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011/11/28 11:15:06 | 000,000,166 | ---- | C] () -- C:\Users\Svetlana\AppData\default.pls [2011/10/24 03:34:26 | 001,849,344 | ---- | C] () -- C:\Windows\System32\Qt4Pas5.dll [2011/09/27 06:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2011/09/27 06:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2011/09/27 06:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2011/06/17 13:45:12 | 000,041,984 | ---- | C] () -- C:\Windows\System32\AntUsbCIv1.dll [2011/05/31 06:17:55 | 000,000,249 | ---- | C] () -- C:\Windows\BUHL.INI [2011/02/28 03:06:54 | 000,008,160 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\d3d9caps.dat [2011/02/23 13:06:03 | 000,058,880 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/18 06:00:43 | 000,000,096 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\fusioncache.dat [2011/02/17 14:20:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/11/09 22:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010/10/21 08:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2010/10/21 08:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2010/10/21 08:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010/09/27 06:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010/08/23 12:53:15 | 000,023,664 | ---- | C] () -- C:\Windows\hpqins15.dat [2010/05/26 14:26:59 | 000,171,008 | ---- | C] () -- C:\Windows\KPCP32.DLL [2010/05/26 14:26:59 | 000,093,184 | ---- | C] () -- C:\Windows\KPAPI32.DLL [2010/05/26 14:26:59 | 000,038,912 | ---- | C] () -- C:\Windows\KPSYS32.DLL [2010/05/26 14:26:59 | 000,000,170 | ---- | C] () -- C:\Windows\PHOTOS30.INI [2010/05/26 14:25:43 | 000,000,127 | ---- | C] () -- C:\Windows\KPCMS.INI [2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009/12/13 06:07:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/12/05 15:33:55 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/12/05 14:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009/12/05 14:29:31 | 000,000,093 | ---- | C] () -- C:\Windows\ulead32.ini [2009/12/05 14:29:31 | 000,000,014 | ---- | C] () -- C:\Windows\dswplug.ini [2009/11/02 18:02:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes140.dll [2009/11/02 18:02:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes.dll [2009/10/22 11:56:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/22 11:56:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/30 07:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll [2009/09/13 05:09:39 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2009/09/09 13:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009/07/12 06:28:46 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009/07/02 13:37:10 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll [2009/07/02 13:36:06 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2009/05/15 11:33:01 | 003,211,264 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi [2009/04/15 16:21:16 | 000,001,093 | ---- | C] () -- C:\Windows\wiso.ini [2008/12/17 12:57:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/11/30 13:13:51 | 004,268,576 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat [2008/11/30 13:13:51 | 000,868,384 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat [2008/10/30 13:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll [2008/10/30 12:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll [2008/04/06 12:07:01 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2008/02/12 05:50:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008/02/03 12:53:56 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008/01/25 09:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008/01/25 07:04:25 | 000,097,392 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2007/09/05 14:26:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat [2007/04/27 08:01:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007/04/27 08:01:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/04/27 08:01:55 | 000,146,037 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006/11/02 11:33:31 | 000,643,586 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006/11/02 11:33:31 | 000,133,236 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,608,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,109,744 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2000/04/25 18:40:42 | 000,196,608 | ---- | C] () -- C:\Windows\System32\VisShe32.dll [1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2011/10/29 18:15:40 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Borland [2009/04/27 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Buhl Data Service [2011/05/31 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Buhl Data Service GmbH [2012/08/13 03:00:14 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\calibre [2008/04/25 11:33:12 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\ChessBase [2011/10/29 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\CodeGear [2009/01/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DataDesign [2012/10/29 04:37:49 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DVDVideoSoft [2011/04/18 04:02:37 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DVDVideoSoftIEHelpers [2012/10/11 01:22:17 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\e-academy Inc [2011/10/29 14:07:19 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Embarcadero [2013/04/08 04:34:30 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\GARMIN [2011/07/22 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Guitar Pro 6 [2010/12/12 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\LANGMaster [2010/12/12 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\langmaster.com [2011/02/17 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Leadertech [2012/02/20 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Lexware [2012/10/29 04:36:25 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\OpenCandy [2012/10/15 04:12:11 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\PeerNetworking [2012/04/16 03:30:28 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\SCCmdr [2013/02/05 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\SharePod [2012/10/29 04:41:44 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\TuneUp Software [2009/04/13 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Visio [2011/11/09 13:41:06 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Wise Registry Cleaner [2013/05/03 03:47:41 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/09/04 11:46:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ant [2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2013/07/11 03:12:34 | 000,000,000 | ---D | M] -- C:\ProgramData\BOINC [2010/11/01 03:08:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl [2012/11/26 06:39:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH [2008/01/25 12:15:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2011/10/27 04:35:38 | 000,000,000 | ---D | M] -- C:\ProgramData\CodeGear [2012/10/29 04:40:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2010/02/14 08:51:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2011/12/09 05:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Embarcadero [2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/09/04 12:22:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Garmin [2007/06/25 07:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab [2011/01/17 13:10:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Guitar Pro 6 [2012/08/24 10:35:20 | 000,000,000 | ---D | M] -- C:\ProgramData\kinoma [2012/02/20 06:23:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware [2008/01/26 09:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Maxtor [2010/09/27 09:19:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Musicnotes [2011/07/07 14:26:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic [2011/10/21 03:23:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Software [2010/03/21 15:46:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Solero [2010/02/01 14:40:57 | 000,000,000 | ---D | M] -- C:\ProgramData\StarMoney 7.0 [2012/10/17 07:37:51 | 000,000,000 | ---D | M] -- C:\ProgramData\StarMoney 8.0 [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010/12/12 18:26:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012/10/29 04:41:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2009/10/04 07:33:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2011/04/12 13:27:14 | 000,000,000 | ---D | M] -- C:\ProgramData\World Money [2011/10/29 16:15:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{01F2D2DE-8BA7-41BD-8001-3CD11C14BA7F} [2007/06/25 08:47:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2011/10/29 14:20:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2563F97A-045F-4E4C-9DB1-D5D26C269882} [2011/10/29 14:21:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D} [2011/06/07 06:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/10/29 14:28:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\{6A883631-DE6E-4096-9348-4D606A536BCB} [2011/11/07 10:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012/10/29 04:40:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/07/09 12:40:59 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A291950B < End of report > |
12.07.2013, 09:40 | #4 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach BundestrojanerbefallFixen mit OTL
Code:
ATTFilter :OTL O20 - HKU\Svetlana_ON_C Winlogon: Shell - (C:\Users\Svetlana\AppData\Roaming\skype.dat) - C:\Users\Svetlana\AppData\Roaming\skype.dat () [2013/07/11 03:14:23 | 000,000,004 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini :files C:\Users\Svetlana\AppData\Roaming\skype.dat
neu booten, freuen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.07.2013, 10:18 | #5 | |
| weißer Bildschirm nach BundestrojanerbefallZitat:
Hallo schrauber, wie bekomme ich den Inhalt auf meinen USB-Stick, damit ich diesen auf dem gestörten Rechner einsetze? Gruß beckerpe |
12.07.2013, 11:24 | #6 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Auf nem anderen Rechner als Textdatei speichern und auf den Stick kopieren.
__________________ --> weißer Bildschirm nach Bundestrojanerbefall |
12.07.2013, 11:37 | #7 |
| weißer Bildschirm nach Bundestrojanerbefall hallo schrauber, habe es doch geschafft, Probleme beim Kopieren waren mein Fehler. Nach Neustart läuft der Rechner wieder, herzlichen Dank für die schnelle Hilfe !!! Gruß beckerpe hier noch die Datei Code:
ATTFilter ========== OTL ========== Registry value HKEY_USERS\Svetlana_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Svetlana\AppData\Roaming\skype.dat deleted successfully. C:\Users\Svetlana\AppData\Roaming\skype.dat moved successfully. C:\Users\Svetlana\AppData\Roaming\skype.ini moved successfully. ========== FILES ========== File\Folder C:\Users\Svetlana\AppData\Roaming\skype.dat not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 07122013_141608 |
12.07.2013, 12:22 | #8 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Dann jetzt Kontrollscans im normalen Modus Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2013, 10:45 | #9 |
| weißer Bildschirm nach Bundestrojanerbefall Hi schrauber, habe die Scans durchgeführt, hier die entsprechenden logfiles. nochmals verbindlichen Dank. mfg beckerpe Code:
ATTFilter # AdwCleaner v2.305 - Datei am 12/07/2013 um 17:51:17 erstellt # Aktualisiert am 11/07/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Svetlana - PETER # Bootmodus : Normal # Ausgeführt unter : I:\USB info\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg Datei Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB Ordner Gelöscht : C:\Users\Svetlana\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\DVDVideoSoftTB Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Conduit Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\CT2269050 Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\staged Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC} Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v2.0.0.20 (de) Datei : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\prefs.js Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2269050.CTID", "CT2269050"); Gelöscht : user_pref("CT2269050.CurrentServerDate", "20-10-2010"); Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Oct 20 2010 11:44:51 GMT+0200"); Gelöscht : user_pref("CT2269050.FirstServerDate", "20-10-2010"); Gelöscht : user_pref("CT2269050.FirstTime", true); Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2269050.Initialize", true); Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Oct 20 2010 11:44:48 GMT+0200"); Gelöscht : user_pref("CT2269050.InvalidateCache", false); Gelöscht : user_pref("CT2269050.IsGrouping", false); Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false); Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200"); Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Wed Oct 20 2010 11:44:50 GMT+0200"); Gelöscht : user_pref("CT2269050.LatestVersion", "2.7.2.0"); Gelöscht : user_pref("CT2269050.Locale", "en"); Gelöscht : user_pref("CT2269050.LoginCache", 4); Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2269050.RadioIsPodcast", false); Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200"); Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383"); Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties"); Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200"); Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Oct 20 2010 11:44:43 GMT+0200"); Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1287061610"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Oct 20 2010 11:44:43 GMT+0200"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Gelöscht : user_pref("CT2269050.UserID", "UN62156755735315366"); Gelöscht : user_pref("CT2269050.WeatherNetwork", ""); Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Oct 20 2010 11:44:49 GMT+0200"); Gelöscht : user_pref("CT2269050.WeatherUnit", "C"); Gelöscht : user_pref("CT2269050.alertChannelId", "666138"); Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true); Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT2269050.myStuffEnabled", true); Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...] Gelöscht : user_pref("extensions.snipit.askTbInstalled", true); Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpe[...] Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&[...] -\\ Google Chrome v28.0.1500.71 Datei : C:\Users\Svetlana\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.8] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=[...] Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=Snapdo[...] Gelöscht [l.1343] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b[...] Gelöscht [l.1581] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpe[...] ************************* AdwCleaner[S1].txt - [14059 octets] - [12/07/2013 17:51:17] ########## EOF - C:\AdwCleaner[S1].txt - [14120 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.7 (07.11.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Svetlana on 12.07.2013 at 18:13:23,72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\software" ~~~ FireFox Successfully deleted the following from C:\Users\Svetlana\AppData\Roaming\mozilla\firefox\profiles\ge067xfe.default\prefs.js user_pref("extensions.home_extension.RadioGroupDefaultTab", 0); user_pref("extensions.home_extension.keywordQuelle", "search_free=([^&]*)"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.07.2013 at 18:17:54,32 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2013 01 Ran by Svetlana at 2013-07-14 08:34:15 Running from I:\USB info Boot Mode: Normal ========================================================== 32 Bit HP CIO Components Installer (Version: 7.1.8) Accu-Chek Compass Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Acrobat 8 Standard - English, Français, Deutsch (Version: 8.0.0) Adobe Digital Editions Adobe Flash Player 10 Plugin (Version: 10.0.22.87) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Photoshop Elements 7.0 (Version: 7.0) Adobe Photoshop Elements 7.0 (Version: 7.0.0.3) Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6) AIO_Scan (Version: 90.0.222.000) Als HTML speichern (Version: 6.0.1000) ANNO 1503 (Version: 1.04.00) Anzeige von CAD-Zeichnungen (Version: 6.0.1000) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ATI Catalyst Install Manager (Version: 3.0.641.0) AVM FRITZ!WLAN AVS Audio Converter version 6.2 AVS Update Manager 1.0 AVS Video Converter 6 AVS Video Editor 4 4.2.1.165 AVS Video Recorder 2.4 (Service Version) AVS YouTube Uploader version 2.1 AVS4YOU Software Navigator 1.3 Beschriftungen und Verbinder (Version: 6.0.1000) Blockdiagramm (Version: 6.0.1000) BOINC (Version: 6.10.58) Bonjour (Version: 3.0.0.10) Boost Libraries for C++Builder 2010 Boost Libraries for C++Builder 2010 (Version: 7.0) Borland InterBase 2007 [instance = gds_db] (Version: InterBase 2007) BufferChm (Version: 90.0.146.000) C7200 (Version: 90.0.222.000) C7200_doccd (Version: 90.0.222.000) c7200_Help (Version: 90.0.222.000) calibre (Version: 0.8.65) CameraHelperMsi (Version: 13.10.1217.0) Catalyst Control Center Core Implementation (Version: 2007.0209.1621.29091) Catalyst Control Center Graphics Full Existing (Version: 2007.0209.1621.29091) Catalyst Control Center Graphics Full New (Version: 2007.0209.1621.29091) Catalyst Control Center Graphics Light (Version: 2007.0209.1621.29091) Catalyst Control Center Graphics Previews Vista (Version: 2007.0209.1621.29091) Catalyst Control Center Localization German (Version: 2007.0209.1621.29091) CCC Help German (Version: 2007.0209.1620.29091) ccc-core-static (Version: 2007.0209.1621.29091) ccc-utility (Version: 2007.0209.1621.29091) CHIPDRIVE Smartcard Commander Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7) Clipart und Symbole (Version: 6.0.1000) Copy (Version: 90.0.146.000) Corel Uninstaller CustomerResearchQFolder (Version: 1.00.0000) DAO (Version: 1.0.0.1) Datenbankassistent (Version: 6.0.1000) Datenfeld-Berichts-Assistent (Version: 6.0.1000) Datenfeld-Editor (Version: 6.0.1000) DDBAC (Version: 5.3.2) Destination Component (Version: 090.000.091.086) DeviceDiscovery (Version: 90.0.205.000) DeviceManagementQFolder (Version: 1.00.0000) DocProc (Version: 9.0.0.0) DocProcQFolder (Version: 1.00.0000) Embarcadero Delphi and C++Builder 2010 Database Pack Embarcadero Delphi and C++Builder 2010 Database Pack (Version: 7.0) Embarcadero Delphi and C++Builder 2010 Help System Embarcadero Delphi and C++Builder 2010 Help System (Version: 7.0) Embarcadero RAD Studio 2010 Embarcadero RAD Studio 2010 (Version: 7.0) erLT (Version: 1.20.138.34) eSupportQFolder (Version: 1.00.0000) Fax (Version: 90.0.146.000) Flußdiagramme (Version: 6.0.1000) Formulare und Diagramme (Version: 6.0.1000) Free Audio CD Burner version 1.4.7 Free YouTube Download 2.2 Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015) funScreenScraping Client Version (Version: 1.0.173) funScreenScraping Microsoft Systemdateien (Version: 1.0.6) Garmin ANT Agent (Version: 2.3.4) Garmin Communicator Plugin (Version: 3.0.1) Garmin Training Center (Version: 3.6.5) Garmin USB Drivers (Version: 2.3.1.0) Google Chrome (Version: 28.0.1500.71) Google Desktop (Version: -) Google Earth (Version: 7.0.3.8542) Google Update Helper (Version: 1.3.21.149) Grafikfilter (Version: 6.0.1000) Guitar Explorer 1.0 Guitar Pro 6.0 HD Writer AE 2.6T (Version: 2.06.110.1031) Hilfe fur Visio 2000 (HTML Help) (Version: 1.0.0.1) Hilfe zu Beschriftungen und Verbindern (Version: 6.0.1000) Hilfe zu Blockdiagrammen (Version: 6.0.1000) Hilfe zu Clipart und Symbolen (Version: 6.0.1000) Hilfe zu Developing Visio Solutions (Version: 6.0.1000) Hilfe zu Flußdiagrammen (Version: 6.0.1000) Hilfe zu Formularen und Diagrammen (Version: 6.0.1000) Hilfe zu Landkarten (Version: 1.0.0.0) Hilfe zu Netzwerkdiagrammen (Version: 6.0.1000) Hilfe zu Organigrammen (Version: 6.0.1000) Hilfe zu Programmdateien (Version: 6.0.1000) Hilfe zu Projektplänen (Version: 6.0.1000) Hilfe zu Rahmen und Hintergründen (Version: 6.0.1000) Hilfe zu Raumplänen (Version: 6.0.1000) HP Customer Participation Program 9.0 (Version: 9.0) HP Imaging Device Functions 9.0 (Version: 9.0) HP OCR Software 9.0 (Version: 9.0) HP Photosmart All-In-One Software 9.0 (Version: 9.0) HP Photosmart Essential 2.01 (Version: 2.01) HP Photosmart Essential2.01 (Version: 1.01.0000) HP Product Assistant (Version: 100.000.001.000) HP Solution Center 9.0 (Version: 9.0) HP Update (Version: 5.003.001.001) HPDiagnosticAlert (Version: 1.00.0000) HPProductAssistant (Version: 90.0.146.000) HPSSupply (Version: 2.2.0.0000) iCloud (Version: 1.1.0.40) iTunes (Version: 11.0.2.26) Java 7 Update 7 (Version: 7.0.70) Java Auto Updater (Version: 2.1.9.0) Java(TM) 6 Update 37 (Version: 6.0.370) Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0) Kaspersky PURE (Version: 9.1.0.124) Landkarten (Version: 1.0.0.0) Lazarus 0.9.30.2RC1 (Version: 0.9.30.2RC1) Lexware online banking 4.90 (Version: 4.90) LightScribe 1.4.124.1 (Version: 1.4.124.1) Logitech Vid HD (Version: 7.2 (7248)) Logitech Webcam Software (Version: 2.0) Lösungen (Version: 1.0.0.0) Ludwig (Version: 1) LWS Facebook (Version: 13.10.1216.0) LWS Gallery (Version: 13.10.1216.0) LWS Help_main (Version: 13.10.1224.0) LWS Launcher (Version: 13.10.1224.0) LWS Motion Detection (Version: 13.10.1218.0) LWS Pictures And Video (Version: 13.10.1218.0) LWS Twitter (Version: 13.00.1216.0) LWS Video Mask Maker (Version: 13.10.1216.0) LWS VideoEffects (Version: 13.00.1774.0) LWS Webcam Software (Version: 13.00.1774.0) LWS WLM Plugin (Version: 1.00.1774.0) LWS YouTube Plugin (Version: 13.10.1216.0) MarketResearch (Version: 90.0.146.000) Maxtor Backup (Version: 1.00.0040) Maxtor OneTouch III (Version: 3.02.0060) MEDIONbox (Version: 1.09.0000.00050) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Document Explorer 2008 Microsoft Document Explorer 2008 (Version: 9.0.21022) Microsoft Document Explorer 2008 Language Pack - DEU Microsoft Document Explorer 2008 Language Pack - DEU (Version: 9.0.21022) Microsoft Mathe 3.0 (Version: 2007) Microsoft Office 2000 Professional (Version: 9.00.2816) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0) Microsoft Visio 2000 (DE) (Version: 06.00.1001) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727) Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.4) Microsoft Works (Version: 08.05.0822) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft XML Parser (Version: 8.70.1104.04) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox (2.0.0.20) (Version: 2.0.0.20 (de)) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Musicnotes Software Suite 1.5.5 (Version: 1.5.5) Nero 7 Essentials (Version: 7.02.4288) NetDeviceManager (Version: 90.0.205.000) Netzwerkdiagramme (Version: 6.0.1000) OpenOffice.org 2.2 (Version: 2.2.9161) Organigramme (Version: 6.0.1000) PanoStandAlone (Version: 90.0.146.000) PL-2303HXD Vista Driver Installer (Version: 3.0.0.1) Programmdateien (Version: 06.00.1001) Projektpläne (Version: 6.0.1000) PS_AIO_02_ProductContext (Version: 90.0.222.000) PS_AIO_02_Software (Version: 90.0.222.000) PS_AIO_02_Software_min (Version: 90.0.222.000) PSSWCORE (Version: 2.01.0000) QuickTime (Version: 7.73.80.64) Rahmen und Hintergrunde (Version: 6.0.1000) Raumplan (Version: 6.0.1000) Rave Reports 7.7.0 BE Reader for PC (Version: 2.0.01.11080) Realtek High Definition Audio Driver (Version: 6.0.1.5413) RUBICon (Version: 2.0.25) Safari (Version: 5.34.57.2) Scan (Version: 9.0.0.0) SCR3xxx Smart Card Reader (Version: 8.41) Secure Download Manager (Version: 3.0.5) Seitenlayout-Assistent (Version: 6.0.1000) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Shape-Explorer (Version: 6.0.1000) Shape-Explorer-Hilfe (Version: 6.0.1000) Skins (Version: 2007.0209.1621.29091) Skype™ 6.5 (Version: 6.5.158) Solero Music Viewer 8.0.29.370 (Version: 8.0.29.370) SolutionCenter (Version: 90.0.146.000) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) StarMoney (Version: 1.0) StarMoney (Version: 2.0) StarMoney (Version: 3.0.1.31) Status (Version: 90.0.146.000) Toolbox (Version: 90.0.146.000) TrayApp (Version: 90.0.146.000) Uninstall 1.0.0.1 UnloadSupport (Version: 9.0.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) VBA (2816b) (Version: 6.01.00.1234) Versionshinweise (Version: 6.0.1000) VideoToolkit01 (Version: 90.0.146.000) Visio (Version: 1.0.0.1) Visio Core Files (Version: 06.00.1000) VLC media player 1.1.0 (Version: 1.1.0) WebReg (Version: 90.0.146.000) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (Version: 02/06/2007 3.1) WinSTAT (Version: 7.01.0000) Wise Registry Cleaner 6.21 WISO Monats-CD WISO Sparbuch 2008 (Version: 15.00.0000) WISO Sparbuch 2009 (Version: 16.00.6228) WISO Sparbuch 2010 (Version: 17.00.6531) WISO Steuer-Sparbuch 2011 (Version: 18.00.6928) WISO Steuer-Sparbuch 2012 (Version: 19.00.7303) Zusatzprogramme (Version: 1.0.0.0) ==================== Restore Points ========================= 12-07-2013 16:19:05 Windows Update ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1B9BCDAE-BBA0-4532-BD46-36DB60181637} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Svetlana => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2641A702-94DD-4788-B490-18CB66F6CF2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {79F1B2BD-055C-4FD4-87C3-5A1FBD71CC8D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {803C982A-DA92-4B0F-A22C-37635A904141} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.) Task: {88BD4307-4E4F-44FA-BB77-00A824CC1F82} - System32\Tasks\{B9DCCB52-A31C-4A46-AD6D-70B957E5CA95} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.) Task: {92EF816A-6347-4798-805B-ECC35EF43ECD} - System32\Tasks\{F80CB8BB-8BA1-4214-865F-5EAA995C4A95} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) Task: {B02B87B7-059B-4118-B33D-F8CB6103B987} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {BF197F80-42E7-4436-9611-2549D35761C4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {BF87FDEA-7F82-4734-95A2-082DBEAAC668} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation) Task: {C5D5FF3E-E4D1-4A42-90AB-C875B5B6EE2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-04] (Adobe Systems Incorporated) Task: {CA03E408-C338-4C00-A6B8-8476D4DF5B7C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2763598808-591417749-325035483-1002 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {CBEAEA8B-5D73-48E9-AFD1-5DC55D4964E3} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) Task: {D95C4E9C-F172-489F-98EB-EF583B8B245A} - System32\Tasks\{14609A13-E4EC-4A3D-B5DF-8E1D3C11366F} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {F57E143B-CB3D-4217-885E-541A9385B5E6} - System32\Tasks\{32E5D96C-1535-4935-8E1A-31947724200F} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Photosmart C7200 series Description: Photosmart C7200 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/14/2013 08:19:32 AM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (07/14/2013 08:14:52 AM) (Source: DCOM) (User: ) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (07/14/2013 08:14:04 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PETER-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{57EBB8D0-02AE-45BB-8004-3FFA01B66-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/14/2013 08:13:10 AM) (Source: Service Control Manager) (User: ) Description: InterBase 2007 Guardian gds_db1 Error: (07/14/2013 08:13:10 AM) (Source: Service Control Manager) (User: ) Description: 30000InterBase 2007 Server gds_db Error: (07/14/2013 08:09:10 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-14 08:32:43.642 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:43.066 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:42.544 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:41.984 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:41.246 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:40.716 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:40.138 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-14 08:32:39.610 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-18 12:35:00.462 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-02-18 12:34:59.867 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 77% Total physical RAM: 1918.7 MB Available physical RAM: 437.34 MB Total Pagefile: 4081.84 MB Available Pagefile: 1641.17 MB Total Virtual: 2047.88 MB Available Virtual: 1929.73 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:288.08 GB) (Free:18.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:9.99 GB) (Free:4.65 GB) FAT32 Drive i: () (Removable) (Total:1.87 GB) (Free:1.85 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2BAB359D) Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10 GB) - (Type=OF Extended) ======================================================== Disk: 4 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ |
14.07.2013, 12:48 | #10 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Supi ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.07.2013, 12:49 | #11 |
| weißer Bildschirm nach Bundestrojanerbefall Hier die beiden Dateien: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=69320de74c822e4ea49f3311373fb909 # engine=14397 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-15 10:03:14 # local_time=2013-07-15 12:03:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1287 16777214 100 100 32485720 132877166 0 0 # compatibility_mode=5892 16776573 100 100 16797 211415322 0 0 # scanned=380428 # found=3 # cleaned=0 # scan_time=13790 sh=8EB45E215BB9C40066839626622E805A5E8E43D4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Svetlana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1a360bb7-57240e5c" sh=4B2B8885F8A0CE9F19A233D06B17110046A09158 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Svetlana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\691ce278-22c6fe2c" sh=7991CC1E3D988630E479F17433CC90F1F4A76996 ft=1 fh=67d48430c107a16e vn="a variant of Win32/Kryptik.BFIS trojan" ac=I fn="C:\_OTL\MovedFiles\07122013_141608\C_Users\Svetlana\AppData\Roaming\skype.dat" Code:
ATTFilter Results of screen317's Security Check version 0.99.69 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky PURE Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Wise Registry Cleaner 6.21 Java(TM) 6 Update 37 Java 7 Update 7 Java(TM) SE Runtime Environment 6 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (2.0.0 Firefox out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Gruß beckerpe |
15.07.2013, 12:57 | #12 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Alle Software die rot ist updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Frisches FRST log fehlt. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.07.2013, 13:23 | #13 |
| weißer Bildschirm nach Bundestrojanerbefall hallo schrauber, das System läuft ohne Probleme ! hier noch der FRST-log mfG beckerpe FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01 Ran by Svetlana (administrator) on 15-07-2013 14:06:49 Running from I:\USB info Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (GARMIN Corp.) C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe () C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.33_windows_intelx86__BRP4SSE.exe (Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe (Microsoft Corporation) C:\Windows\system32\RacAgent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x] HKLM\...\Run: [GnabTray] - C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart [327680 2007-04-13] (Empolis GmbH) HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( ) HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [boincmgr] - "C:\Program Files\BOINC\boincmgr.exe" /a /s [4862720 2010-07-01] (Space Sciences Laboratory) HKLM\...\Run: [boinctray] - "C:\Program Files\BOINC\boinctray.exe" [58112 2010-07-01] (Space Sciences Laboratory) HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [Reader Application Helper] - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation) HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -u auto-update [232368 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [] - [x] HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKCU\...\Run: [Logitech Vid] - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-13] (Logitech Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.) HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x] HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab Handler: ipp - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin: @Sibelius.com/Scorch Plugin - C:\Program Files\Musicnotes\npsibelius.dll () FF Plugin: @sony.com/ReaderDesktop - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org FF Extension: Amazon-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} FF Extension: Home Extension - C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} FF Extension: Google Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} FF Extension: eBay-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} FF Extension: Firefox (default) - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: eBay Statusbar Button - C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} FF Extension: eBay Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Amazon Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll () CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [374206 2005-05-13] (AVM Berlin) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab) S2 BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [65536 2009-11-19] (CodeGear) R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-06-27] (Google) S2 IBG_gds_db; C:\Borland\InterBase\bin\ibguard.exe [36864 2007-08-01] (Borland Software Corporation) S3 IBS_gds_db; C:\Borland\InterBase\bin\ibserver.exe [2105344 2007-08-01] (Borland Software Corporation) R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] () R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( ) ==================== Drivers (Whitelisted) ==================== R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 ECS_Loader_220; C:\Windows\System32\Drivers\ECS_Loader_220.sys [15616 2005-10-31] (WideView Technology Inc.) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [452736 2005-05-13] (AVM GmbH) R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab) R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2009-11-26] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-13] (hxxp://libusb-win32.sourceforge.net) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] () S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [134888 2007-02-05] (Realtek Semiconductor Corp.) S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 DMSKSSRh; \\??\\C:\\Users\\Svetlana\\AppData\\Local\\Temp\\DMSKSSRh.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-15 08:09 - 2013-07-15 08:09 - 00000000 ____D C:\Program Files\ESET 2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST 2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL 2013-07-12 18:32 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 18:32 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 18:32 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 18:32 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-12 18:32 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 18:32 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 18:32 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-12 18:32 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 18:32 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-12 18:32 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-12 18:32 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 18:32 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 18:32 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-12 18:32 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 18:32 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-12 18:32 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt 2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt 2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt 2013-07-12 17:51 - 2013-07-12 17:52 - 00014190 _____ C:\AdwCleaner[S1].txt 2013-07-12 13:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-12 13:18 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-12 13:14 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-07-12 13:14 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-07-12 13:14 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-07-12 13:14 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-07-12 13:14 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-12 13:14 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-07-11 16:36 - 2013-07-11 16:54 - 00083884 _____ C:\OTL.Txt 2013-07-09 11:09 - 2013-07-09 17:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-07-05 10:38 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-07-05 10:37 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-07-05 10:37 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-07-04 09:43 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-07-04 09:41 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-07-04 09:41 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-07-04 09:32 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2013-07-15 14:10 - 2010-08-26 19:05 - 00000000 ____D C:\ProgramData\BOINC 2013-07-15 14:03 - 2012-12-10 09:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-15 13:51 - 2011-12-20 10:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-15 13:31 - 2010-11-30 19:48 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-15 13:08 - 2008-01-25 12:34 - 01345706 _____ C:\Windows\WindowsUpdate.log 2013-07-15 12:51 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-15 12:51 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 08:31 - 2010-11-30 19:48 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-15 08:09 - 2013-07-15 08:09 - 00000000 ____D C:\Program Files\ESET 2013-07-15 06:52 - 2011-02-17 19:40 - 00000000 ____D C:\Windows\system32\logishrd 2013-07-15 06:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-14 14:27 - 2006-11-02 15:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-14 09:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST 2013-07-14 08:11 - 2006-11-02 14:47 - 00424888 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-14 08:09 - 2011-04-12 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-14 08:09 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL 2013-07-12 18:43 - 2006-11-02 12:33 - 01509498 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-12 18:34 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-07-12 18:19 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt 2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt 2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt 2013-07-12 17:52 - 2013-07-12 17:51 - 00014190 _____ C:\AdwCleaner[S1].txt 2013-07-12 17:51 - 2009-02-18 20:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-07-12 17:51 - 2008-01-25 15:49 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-12 14:29 - 2013-01-01 13:43 - 00002388 _____ C:\Windows\setupact.log 2013-07-11 16:54 - 2013-07-11 16:36 - 00083884 _____ C:\OTL.Txt 2013-07-11 16:33 - 2008-01-25 12:46 - 00000000 ____D C:\Users\Svetlana 2013-07-10 07:39 - 2009-12-23 23:40 - 00000000 ____D C:\Users\Svetlana\Documents\Kaspersky 2013-07-09 18:48 - 2011-02-28 09:06 - 00008160 _____ C:\Users\Svetlana\AppData\Local\d3d9caps.dat 2013-07-09 17:42 - 2013-07-09 11:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-07-05 13:06 - 2011-02-23 19:06 - 00058880 _____ C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-05 12:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-07-05 12:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-07-05 11:59 - 2011-07-07 20:27 - 00000000 ____D C:\HDW26T_TMP 2013-07-05 11:33 - 2011-02-17 20:15 - 00000000 ____D C:\Users\Svetlana\AppData\Roaming\Skype 2013-07-05 10:30 - 2007-06-19 15:54 - 00059316 _____ C:\Windows\PFRO.log 2013-07-04 09:10 - 2011-02-17 20:15 - 00000000 ____D C:\ProgramData\Skype 2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-07-04 09:09 - 2013-03-22 15:05 - 00000000 ___RD C:\Program Files\Skype 2013-07-04 09:08 - 2012-04-01 17:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-07-04 09:08 - 2012-04-01 17:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Svetlana\100_228_PS_AIO_02_Full_Net_deu_NB.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-15 07:09 ==================== End Of Log ============================ --- --- --- |
15.07.2013, 13:34 | #14 |
/// the machine /// TB-Ausbilder | weißer Bildschirm nach Bundestrojanerbefall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.07.2013, 19:46 | #15 |
| weißer Bildschirm nach Bundestrojanerbefall bisher keine weiteren Probleme beckerpe FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01 Ran by Svetlana (administrator) on 15-07-2013 20:28:34 Running from I:\USB info Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (CodeGear) C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe ( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (GARMIN Corp.) C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.33_windows_intelx86__BRP4SSE.exe (Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x] HKLM\...\Run: [GnabTray] - C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart [327680 2007-04-13] (Empolis GmbH) HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( ) HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [boincmgr] - "C:\Program Files\BOINC\boincmgr.exe" /a /s [4862720 2010-07-01] (Space Sciences Laboratory) HKLM\...\Run: [boinctray] - "C:\Program Files\BOINC\boinctray.exe" [58112 2010-07-01] (Space Sciences Laboratory) HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [Reader Application Helper] - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation) HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [] - [x] HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKCU\...\Run: [Logitech Vid] - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-13] (Logitech Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.) HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x] HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab Handler: ipp - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin: @Sibelius.com/Scorch Plugin - C:\Program Files\Musicnotes\npsibelius.dll () FF Plugin: @sony.com/ReaderDesktop - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org FF Extension: Amazon-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} FF Extension: Home Extension - C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} FF Extension: Google Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} FF Extension: eBay-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} FF Extension: Firefox (default) - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: eBay Statusbar Button - C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} FF Extension: eBay Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF Extension: Amazon Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll () CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [374206 2005-05-13] (AVM Berlin) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab) R2 BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [65536 2009-11-19] (CodeGear) R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-06-27] (Google) S2 IBG_gds_db; C:\Borland\InterBase\bin\ibguard.exe [36864 2007-08-01] (Borland Software Corporation) S3 IBS_gds_db; C:\Borland\InterBase\bin\ibserver.exe [2105344 2007-08-01] (Borland Software Corporation) R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] () R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( ) ==================== Drivers (Whitelisted) ==================== R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 ECS_Loader_220; C:\Windows\System32\Drivers\ECS_Loader_220.sys [15616 2005-10-31] (WideView Technology Inc.) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [452736 2005-05-13] (AVM GmbH) R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab) R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2009-11-26] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-13] (hxxp://libusb-win32.sourceforge.net) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] () S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [134888 2007-02-05] (Realtek Semiconductor Corp.) S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 DMSKSSRh; \\??\\C:\\Users\\Svetlana\\AppData\\Local\\Temp\\DMSKSSRh.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-15 20:26 - 2013-07-15 20:26 - 00000058 _____ C:\Users\Svetlana\Desktop\Fixlist.txt 2013-07-15 20:08 - 2013-07-15 20:08 - 01068176 _____ (Solid State Networks) C:\Users\Svetlana\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe 2013-07-15 16:28 - 2013-07-15 16:25 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-15 14:59 - 2013-07-15 14:59 - 00448512 _____ (OldTimer Tools) C:\Users\Svetlana\Desktop\TFC.exe 2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST 2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL 2013-07-12 18:32 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 18:32 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 18:32 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 18:32 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-12 18:32 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 18:32 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 18:32 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-12 18:32 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 18:32 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-12 18:32 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-12 18:32 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 18:32 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 18:32 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-12 18:32 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 18:32 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-12 18:32 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt 2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt 2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt 2013-07-12 17:51 - 2013-07-12 17:52 - 00014190 _____ C:\AdwCleaner[S1].txt 2013-07-12 13:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-12 13:18 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-12 13:14 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-07-12 13:14 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-07-12 13:14 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-07-12 13:14 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-07-12 13:14 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-07-12 13:14 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-12 13:14 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-07-11 16:36 - 2013-07-11 16:54 - 00083884 _____ C:\OTL.Txt 2013-07-09 11:09 - 2013-07-09 17:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-07-05 10:38 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-07-05 10:37 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-07-05 10:37 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-07-04 09:43 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-07-04 09:43 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-07-04 09:41 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-07-04 09:41 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-07-04 09:32 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype ==================== One Month Modified Files and Folders ======= 2013-07-15 20:31 - 2010-11-30 19:48 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-15 20:28 - 2010-08-26 19:05 - 00000000 ____D C:\ProgramData\BOINC 2013-07-15 20:26 - 2013-07-15 20:26 - 00000058 _____ C:\Users\Svetlana\Desktop\Fixlist.txt 2013-07-15 20:08 - 2013-07-15 20:08 - 01068176 _____ (Solid State Networks) C:\Users\Svetlana\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe 2013-07-15 20:06 - 2009-12-23 23:40 - 00000000 ____D C:\Users\Svetlana\Documents\Kaspersky 2013-07-15 20:03 - 2012-12-10 09:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-15 19:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-15 19:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 16:28 - 2008-04-25 18:50 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-15 16:25 - 2013-07-15 16:28 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-15 16:25 - 2013-07-15 16:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-15 16:25 - 2012-08-31 15:13 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-07-15 16:25 - 2010-06-13 19:36 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-07-15 15:50 - 2011-12-20 10:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-15 15:45 - 2011-02-17 19:40 - 00000000 ____D C:\Windows\system32\logishrd 2013-07-15 15:45 - 2010-11-30 19:48 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-15 15:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-15 14:59 - 2013-07-15 14:59 - 00448512 _____ (OldTimer Tools) C:\Users\Svetlana\Desktop\TFC.exe 2013-07-15 14:29 - 2008-01-25 12:34 - 01380677 _____ C:\Windows\WindowsUpdate.log 2013-07-15 14:17 - 2006-11-02 15:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-14 09:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST 2013-07-14 08:11 - 2006-11-02 14:47 - 00424888 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-14 08:09 - 2011-04-12 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-14 08:09 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL 2013-07-12 18:43 - 2006-11-02 12:33 - 01509498 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-12 18:34 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-07-12 18:19 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt 2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt 2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT 2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt 2013-07-12 17:52 - 2013-07-12 17:51 - 00014190 _____ C:\AdwCleaner[S1].txt 2013-07-12 17:51 - 2009-02-18 20:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-07-12 17:51 - 2008-01-25 15:49 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-12 14:29 - 2013-01-01 13:43 - 00002388 _____ C:\Windows\setupact.log 2013-07-11 16:54 - 2013-07-11 16:36 - 00083884 _____ C:\OTL.Txt 2013-07-11 16:33 - 2008-01-25 12:46 - 00000000 ____D C:\Users\Svetlana 2013-07-09 18:48 - 2011-02-28 09:06 - 00008160 _____ C:\Users\Svetlana\AppData\Local\d3d9caps.dat 2013-07-09 17:42 - 2013-07-09 11:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-07-05 13:06 - 2011-02-23 19:06 - 00058880 _____ C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-05 12:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-07-05 12:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-07-05 11:59 - 2011-07-07 20:27 - 00000000 ____D C:\HDW26T_TMP 2013-07-05 11:33 - 2011-02-17 20:15 - 00000000 ____D C:\Users\Svetlana\AppData\Roaming\Skype 2013-07-05 10:30 - 2007-06-19 15:54 - 00059316 _____ C:\Windows\PFRO.log 2013-07-04 09:10 - 2011-02-17 20:15 - 00000000 ____D C:\ProgramData\Skype 2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-07-04 09:09 - 2013-03-22 15:05 - 00000000 ___RD C:\Program Files\Skype 2013-07-04 09:08 - 2012-04-01 17:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-07-04 09:08 - 2012-04-01 17:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Svetlana\100_228_PS_AIO_02_Full_Net_deu_NB.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-15 15:54 ==================== End Of Log ============================ --- --- --- |
Themen zu weißer Bildschirm nach Bundestrojanerbefall |
abgesicherte, abgesicherten, abgesicherten modus, alten, bildschirm, bundes, bundestrojaner, bundestrojanerbefall, desktop, entfern, entfernt, erhalte, kaspersky, laufen, neustart, protokoll, rescue, viren, weiße, weißer, weißer bildschirm |