Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: weißer Bildschirm nach Bundestrojanerbefall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.07.2013, 09:21   #1
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Mein PC war mit dem Bundestrojaner befallen. Habe kav_rescue 10 laufen lassen. Nach dem Neustart erhalte ich ganz kurz meinen alten Desktop, danach nur noch einen weißen Bildschirm. Im abgesicherten Modus läuft das System. Habe im abgesicherten Modus Kaspersky laufen lassen, einige Viren entfernt, trotzdem bleibt nach dem Start der Bildschirm weiß.
Habe heute einen OTLPE-Scan durchgeführt.

Hier das Protokoll:Anhang 57749

need help

LG Peter

Alt 11.07.2013, 10:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.07.2013, 20:21   #3
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Code:
ATTFilter
OTL logfile created on: 7/11/2013 10:52:52 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.08 Gb Total Space | 20.59 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
Drive D: | 9.99 Gb Total Space | 4.65 Gb Free Space | 46.54% Space Free | Partition Type: FAT32
Drive H: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.29% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/07/04 03:09:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/23 17:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/08/03 03:24:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/01 16:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/09/27 05:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/12/21 11:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/11/18 18:05:00 | 000,065,536 | ---- | M] (CodeGear) [Auto] -- C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe -- (BlackfishSQL)
SRV - [2008/09/16 06:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/01 07:11:04 | 002,105,344 | ---- | M] (Borland Software Corporation) [On_Demand] -- C:\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db)
SRV - [2007/08/01 07:11:04 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto] -- C:\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db)
SRV - [2007/06/27 03:40:44 | 000,069,120 | ---- | M] (Google) [Disabled] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007/04/13 12:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006/02/15 05:56:40 | 000,184,320 | ---- | M] () [Auto] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 10:10:14 | 000,106,496 | ---- | M] ( ) [Auto] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2005/05/12 20:00:00 | 000,374,206 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (DMSKSSRh)
DRV - [2011/09/07 04:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2011/05/13 14:35:22 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/09 22:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/11/09 22:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/09/27 05:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/14 06:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 06:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/11/26 07:10:20 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 15:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG)
DRV - [2009/10/02 13:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 08:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 09:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/11/16 12:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/02/10 00:41:08 | 002,377,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/02/05 04:22:02 | 000,134,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/02/01 18:24:42 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/30 18:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/10/31 06:28:04 | 000,015,616 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ECS_Loader_220.sys -- (ECS_Loader_220)
DRV - [2005/05/12 20:00:00 | 000,452,736 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005/04/06 09:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms}
IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms}
IE - HKU\Svetlana_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms}
IE - HKU\Svetlana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Svetlana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\NPSibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/23 13:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 07:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012/07/04 06:12:28 | 000,000,000 | ---D | M]
 
[2012/11/19 12:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 10:04:11 | 000,000,000 | ---D | M] (Amazon-Startcenter) -- C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2008/01/26 10:04:11 | 000,000,000 | ---D | M] (Home Extension) -- C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
[2008/01/26 10:04:10 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2008/01/26 10:04:08 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
[2008/01/26 10:04:12 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
[2008/01/26 10:04:09 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
[2008/04/25 12:50:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/06/13 13:36:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 01:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 05:40:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 12:30:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/02 12:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/09 07:46:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/11/19 12:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2008/01/26 10:04:10 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2010/12/08 13:56:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/12/20 04:39:30 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/12/08 13:56:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2009/03/18 16:07:24 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/03/18 16:07:14 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/03/18 16:07:14 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/03/18 16:07:14 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/03/18 16:07:15 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/03/18 16:07:15 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/03/18 16:07:22 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009/03/18 16:07:22 | 000,001,063 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2007/06/12 06:49:42 | 000,004,292 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml
[2009/03/18 16:07:22 | 000,000,998 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/03/18 16:07:22 | 000,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\Svetlana_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Svetlana_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Svetlana_ON_C..\Run: []  File not found
O4 - HKU\Svetlana_ON_C..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\Svetlana_ON_C..\Run: [GameXN GO]  File not found
O4 - HKU\Svetlana_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\Svetlana_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Svetlana_ON_C..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: Error locating startup folders.
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Svetlana_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Svetlana_ON_C Winlogon: Shell - (C:\Users\Svetlana\AppData\Roaming\skype.dat) - C:\Users\Svetlana\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/09 05:09:58 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/07/05 05:09:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/05 05:09:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/07/05 05:09:34 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/05 05:09:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/05 05:09:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/05 05:09:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/05 05:09:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/07/05 05:09:32 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/05 05:09:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/05 05:09:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/05 04:37:40 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2013/07/05 04:37:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/07/04 03:43:17 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/07/04 03:43:16 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/07/04 03:41:08 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/07/04 03:41:08 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/07/04 03:32:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/07/04 03:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/11 03:14:23 | 000,000,004 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini
[2013/07/11 03:03:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/11 02:59:55 | 000,643,586 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/07/11 02:59:55 | 000,608,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/11 02:59:55 | 000,133,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/07/11 02:59:55 | 000,109,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/11 02:52:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 02:52:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 02:52:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/11 02:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/11 02:51:50 | 2012,667,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/09 12:48:59 | 000,008,160 | ---- | M] () -- C:\Users\Svetlana\AppData\Local\d3d9caps.dat
[2013/07/09 12:20:13 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 07:06:18 | 000,058,880 | ---- | M] () -- C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/04 03:08:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/04 03:08:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/07/11 02:51:50 | 2012,667,904 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/09 02:12:34 | 000,000,004 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini
[2012/10/15 04:12:12 | 000,023,580 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\UserTile.png
[2012/04/25 03:16:11 | 000,166,595 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/04/25 01:59:51 | 000,186,493 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2012/04/25 01:59:51 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012/02/01 13:37:49 | 000,000,432 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012/01/18 06:22:19 | 000,156,672 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\skype.dat
[2011/12/20 04:39:04 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/12/20 04:39:04 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/11/28 11:15:06 | 000,000,166 | ---- | C] () -- C:\Users\Svetlana\AppData\default.pls
[2011/10/24 03:34:26 | 001,849,344 | ---- | C] () -- C:\Windows\System32\Qt4Pas5.dll
[2011/09/27 06:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011/09/27 06:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011/09/27 06:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011/06/17 13:45:12 | 000,041,984 | ---- | C] () -- C:\Windows\System32\AntUsbCIv1.dll
[2011/05/31 06:17:55 | 000,000,249 | ---- | C] () -- C:\Windows\BUHL.INI
[2011/02/28 03:06:54 | 000,008,160 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\d3d9caps.dat
[2011/02/23 13:06:03 | 000,058,880 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 06:00:43 | 000,000,096 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\fusioncache.dat
[2011/02/17 14:20:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 22:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/21 08:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010/10/21 08:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010/10/21 08:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010/09/27 06:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010/08/23 12:53:15 | 000,023,664 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/26 14:26:59 | 000,171,008 | ---- | C] () -- C:\Windows\KPCP32.DLL
[2010/05/26 14:26:59 | 000,093,184 | ---- | C] () -- C:\Windows\KPAPI32.DLL
[2010/05/26 14:26:59 | 000,038,912 | ---- | C] () -- C:\Windows\KPSYS32.DLL
[2010/05/26 14:26:59 | 000,000,170 | ---- | C] () -- C:\Windows\PHOTOS30.INI
[2010/05/26 14:25:43 | 000,000,127 | ---- | C] () -- C:\Windows\KPCMS.INI
[2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/13 06:07:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/05 15:33:55 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/05 14:29:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/12/05 14:29:31 | 000,000,093 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/12/05 14:29:31 | 000,000,014 | ---- | C] () -- C:\Windows\dswplug.ini
[2009/11/02 18:02:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes140.dll
[2009/11/02 18:02:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\BDSShellRes.dll
[2009/10/22 11:56:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 11:56:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/30 07:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009/09/13 05:09:39 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2009/09/09 13:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/12 06:28:46 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/07/02 13:37:10 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll
[2009/07/02 13:36:06 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2009/05/15 11:33:01 | 003,211,264 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2009/04/15 16:21:16 | 000,001,093 | ---- | C] () -- C:\Windows\wiso.ini
[2008/12/17 12:57:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/30 13:13:51 | 004,268,576 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/11/30 13:13:51 | 000,868,384 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2008/10/30 13:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008/10/30 12:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008/04/06 12:07:01 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/12 05:50:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/02/03 12:53:56 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008/01/25 09:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/25 07:04:25 | 000,097,392 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007/09/05 14:26:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007/04/27 08:01:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/04/27 08:01:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/04/27 08:01:55 | 000,146,037 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:33:31 | 000,643,586 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,133,236 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,424,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,608,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,744 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004/12/14 12:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2000/04/25 18:40:42 | 000,196,608 | ---- | C] () -- C:\Windows\System32\VisShe32.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2011/10/29 18:15:40 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Borland
[2009/04/27 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Buhl Data Service
[2011/05/31 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Buhl Data Service GmbH
[2012/08/13 03:00:14 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\calibre
[2008/04/25 11:33:12 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\ChessBase
[2011/10/29 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\CodeGear
[2009/01/02 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DataDesign
[2012/10/29 04:37:49 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DVDVideoSoft
[2011/04/18 04:02:37 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/10/11 01:22:17 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\e-academy Inc
[2011/10/29 14:07:19 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Embarcadero
[2013/04/08 04:34:30 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\GARMIN
[2011/07/22 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Guitar Pro 6
[2010/12/12 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\LANGMaster
[2010/12/12 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\langmaster.com
[2011/02/17 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Leadertech
[2012/02/20 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Lexware
[2012/10/29 04:36:25 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\OpenCandy
[2012/10/15 04:12:11 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\PeerNetworking
[2012/04/16 03:30:28 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\SCCmdr
[2013/02/05 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\SharePod
[2012/10/29 04:41:44 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\TuneUp Software
[2009/04/13 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Visio
[2011/11/09 13:41:06 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Wise Registry Cleaner
[2013/05/03 03:47:41 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/09/04 11:46:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ant
[2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/07/11 03:12:34 | 000,000,000 | ---D | M] -- C:\ProgramData\BOINC
[2010/11/01 03:08:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl
[2012/11/26 06:39:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2008/01/25 12:15:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/10/27 04:35:38 | 000,000,000 | ---D | M] -- C:\ProgramData\CodeGear
[2012/10/29 04:40:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/02/14 08:51:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/12/09 05:14:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Embarcadero
[2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/09/04 12:22:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Garmin
[2007/06/25 07:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2011/01/17 13:10:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Guitar Pro 6
[2012/08/24 10:35:20 | 000,000,000 | ---D | M] -- C:\ProgramData\kinoma
[2012/02/20 06:23:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2008/01/26 09:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Maxtor
[2010/09/27 09:19:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Musicnotes
[2011/07/07 14:26:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2011/10/21 03:23:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Software
[2010/03/21 15:46:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Solero
[2010/02/01 14:40:57 | 000,000,000 | ---D | M] -- C:\ProgramData\StarMoney 7.0
[2012/10/17 07:37:51 | 000,000,000 | ---D | M] -- C:\ProgramData\StarMoney 8.0
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/12/12 18:26:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/10/29 04:41:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/01/25 06:43:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/10/04 07:33:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/04/12 13:27:14 | 000,000,000 | ---D | M] -- C:\ProgramData\World Money
[2011/10/29 16:15:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{01F2D2DE-8BA7-41BD-8001-3CD11C14BA7F}
[2007/06/25 08:47:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/29 14:20:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2563F97A-045F-4E4C-9DB1-D5D26C269882}
[2011/10/29 14:21:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
[2011/06/07 06:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/29 14:28:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\{6A883631-DE6E-4096-9348-4D606A536BCB}
[2011/11/07 10:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/10/29 04:40:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/07/09 12:40:59 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A291950B
< End of report >
         
__________________

Alt 12.07.2013, 09:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O20 - HKU\Svetlana_ON_C Winlogon: Shell - (C:\Users\Svetlana\AppData\Roaming\skype.dat) - C:\Users\Svetlana\AppData\Roaming\skype.dat ()
[2013/07/11 03:14:23 | 000,000,004 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini
:files
C:\Users\Svetlana\AppData\Roaming\skype.dat
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


neu booten, freuen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.07.2013, 10:18   #5
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Zitat:
Zitat von schrauber Beitrag anzeigen

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O20 - HKU\Svetlana_ON_C Winlogon: Shell - (C:\Users\Svetlana\AppData\Roaming\skype.dat) - C:\Users\Svetlana\AppData\Roaming\skype.dat ()
[2013/07/11 03:14:23 | 000,000,004 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\skype.ini
:files
C:\Users\Svetlana\AppData\Roaming\skype.dat
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


neu booten, freuen

Hallo schrauber,
wie bekomme ich den Inhalt auf meinen USB-Stick, damit ich diesen auf dem gestörten Rechner einsetze?
Gruß
beckerpe


Alt 12.07.2013, 11:24   #6
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Auf nem anderen Rechner als Textdatei speichern und auf den Stick kopieren.
__________________
--> weißer Bildschirm nach Bundestrojanerbefall

Alt 12.07.2013, 11:37   #7
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



hallo schrauber,

habe es doch geschafft, Probleme beim Kopieren waren mein Fehler.

Nach Neustart läuft der Rechner wieder, herzlichen Dank für die schnelle Hilfe !!!

Gruß
beckerpe

hier noch die Datei



Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Svetlana_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Svetlana\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Svetlana\AppData\Roaming\skype.dat moved successfully.
C:\Users\Svetlana\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
File\Folder C:\Users\Svetlana\AppData\Roaming\skype.dat not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07122013_141608
         

Alt 12.07.2013, 12:22   #8
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Dann jetzt Kontrollscans im normalen Modus

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.07.2013, 10:45   #9
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Hi schrauber,

habe die Scans durchgeführt, hier die entsprechenden logfiles.

nochmals verbindlichen Dank.

mfg

beckerpe

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 12/07/2013 um 17:51:17 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Svetlana - PETER
# Bootmodus : Normal
# Ausgeführt unter : I:\USB info\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Svetlana\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Svetlana\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Conduit
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\CT2269050
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\extensions\staged
Ordner Gelöscht : C:\Users\Svetlana\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0CDE44C-08D4-4CDD-BCD3-9DDE58152DBC}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b5301f-68da-45e9-b02b-0788826bd11b&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v2.0.0.20 (de)

Datei : C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\prefs.js

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "20-10-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Oct 20 2010 11:44:51 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "20-10-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Oct 20 2010 11:44:48 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Wed Oct 20 2010 11:44:50 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Oct 20 2010 11:44:43 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1287061610");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Oct 20 2010 11:44:43 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN62156755735315366");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Oct 20 2010 11:44:49 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Oct 20 2010 11:44:51 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpe[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&[...]

-\\ Google Chrome v28.0.1500.71

Datei : C:\Users\Svetlana\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=[...]
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=Snapdo[...]
Gelöscht [l.1343] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a1b[...]
Gelöscht [l.1581] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpe[...]

*************************

AdwCleaner[S1].txt - [14059 octets] - [12/07/2013 17:51:17]

########## EOF - C:\AdwCleaner[S1].txt - [14120 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.7 (07.11.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Svetlana on 12.07.2013 at 18:13:23,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\software"



~~~ FireFox

Successfully deleted the following from C:\Users\Svetlana\AppData\Roaming\mozilla\firefox\profiles\ge067xfe.default\prefs.js

user_pref("extensions.home_extension.RadioGroupDefaultTab", 0);
user_pref("extensions.home_extension.keywordQuelle", "search_free=([^&]*)");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2013 at 18:17:54,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2013 01
Ran by Svetlana at 2013-07-14 08:34:15
Running from I:\USB info
Boot Mode: Normal
==========================================================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Accu-Chek Compass
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.0.0)
Adobe Digital Editions
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
AIO_Scan (Version: 90.0.222.000)
Als HTML speichern (Version: 6.0.1000)
ANNO 1503 (Version: 1.04.00)
Anzeige von CAD-Zeichnungen (Version: 6.0.1000)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.641.0)
AVM FRITZ!WLAN
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4 4.2.1.165
AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Beschriftungen und Verbinder (Version: 6.0.1000)
Blockdiagramm (Version: 6.0.1000)
BOINC (Version: 6.10.58)
Bonjour (Version: 3.0.0.10)
Boost Libraries for C++Builder 2010
Boost Libraries for C++Builder 2010 (Version: 7.0)
Borland InterBase 2007 [instance = gds_db] (Version: InterBase 2007)
BufferChm (Version: 90.0.146.000)
C7200 (Version: 90.0.222.000)
C7200_doccd (Version: 90.0.222.000)
c7200_Help (Version: 90.0.222.000)
calibre (Version: 0.8.65)
CameraHelperMsi (Version: 13.10.1217.0)
Catalyst Control Center Core Implementation (Version: 2007.0209.1621.29091)
Catalyst Control Center Graphics Full Existing (Version: 2007.0209.1621.29091)
Catalyst Control Center Graphics Full New (Version: 2007.0209.1621.29091)
Catalyst Control Center Graphics Light (Version: 2007.0209.1621.29091)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0209.1621.29091)
Catalyst Control Center Localization German (Version: 2007.0209.1621.29091)
CCC Help German (Version: 2007.0209.1620.29091)
ccc-core-static (Version: 2007.0209.1621.29091)
ccc-utility (Version: 2007.0209.1621.29091)
CHIPDRIVE Smartcard Commander
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Clipart und Symbole (Version: 6.0.1000)
Copy (Version: 90.0.146.000)
Corel Uninstaller
CustomerResearchQFolder (Version: 1.00.0000)
DAO (Version: 1.0.0.1)
Datenbankassistent (Version: 6.0.1000)
Datenfeld-Berichts-Assistent (Version: 6.0.1000)
Datenfeld-Editor (Version: 6.0.1000)
DDBAC (Version: 5.3.2)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Embarcadero Delphi and C++Builder 2010 Database Pack
Embarcadero Delphi and C++Builder 2010 Database Pack (Version: 7.0)
Embarcadero Delphi and C++Builder 2010 Help System
Embarcadero Delphi and C++Builder 2010 Help System (Version: 7.0)
Embarcadero RAD Studio 2010
Embarcadero RAD Studio 2010 (Version: 7.0)
erLT (Version: 1.20.138.34)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 90.0.146.000)
Flußdiagramme (Version: 6.0.1000)
Formulare und Diagramme (Version: 6.0.1000)
Free Audio CD Burner version 1.4.7
Free YouTube Download 2.2
Free YouTube to MP3 Converter version 3.11.34.1015 (Version: 3.11.34.1015)
funScreenScraping Client Version (Version: 1.0.173)
funScreenScraping Microsoft Systemdateien (Version: 1.0.6)
Garmin ANT Agent (Version: 2.3.4)
Garmin Communicator Plugin (Version: 3.0.1)
Garmin Training Center (Version: 3.6.5)
Garmin USB Drivers (Version: 2.3.1.0)
Google Chrome (Version: 28.0.1500.71)
Google Desktop (Version: -)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.149)
Grafikfilter (Version: 6.0.1000)
Guitar Explorer 1.0
Guitar Pro 6.0
HD Writer AE 2.6T (Version: 2.06.110.1031)
Hilfe fur Visio 2000 (HTML Help) (Version: 1.0.0.1)
Hilfe zu Beschriftungen und Verbindern (Version: 6.0.1000)
Hilfe zu Blockdiagrammen (Version: 6.0.1000)
Hilfe zu Clipart und Symbolen (Version: 6.0.1000)
Hilfe zu Developing Visio Solutions (Version: 6.0.1000)
Hilfe zu Flußdiagrammen (Version: 6.0.1000)
Hilfe zu Formularen und Diagrammen (Version: 6.0.1000)
Hilfe zu Landkarten (Version: 1.0.0.0)
Hilfe zu Netzwerkdiagrammen (Version: 6.0.1000)
Hilfe zu Organigrammen (Version: 6.0.1000)
Hilfe zu Programmdateien (Version: 6.0.1000)
Hilfe zu Projektplänen (Version: 6.0.1000)
Hilfe zu Rahmen und Hintergründen (Version: 6.0.1000)
Hilfe zu Raumplänen (Version: 6.0.1000)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
iCloud (Version: 1.1.0.40)
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 37 (Version: 6.0.370)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
Kaspersky PURE (Version: 9.1.0.124)
Landkarten (Version: 1.0.0.0)
Lazarus 0.9.30.2RC1 (Version: 0.9.30.2RC1)
Lexware online banking 4.90 (Version: 4.90)
LightScribe  1.4.124.1 (Version: 1.4.124.1)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
Lösungen (Version: 1.0.0.0)
Ludwig (Version: 1)
LWS Facebook (Version: 13.10.1216.0)
LWS Gallery (Version: 13.10.1216.0)
LWS Help_main (Version: 13.10.1224.0)
LWS Launcher (Version: 13.10.1224.0)
LWS Motion Detection (Version: 13.10.1218.0)
LWS Pictures And Video (Version: 13.10.1218.0)
LWS Twitter (Version: 13.00.1216.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.10.1216.0)
MarketResearch (Version: 90.0.146.000)
Maxtor Backup (Version: 1.00.0040)
Maxtor OneTouch III (Version: 3.02.0060)
MEDIONbox (Version: 1.09.0000.00050)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft Document Explorer 2008 Language Pack - DEU (Version: 9.0.21022)
Microsoft Mathe 3.0 (Version: 2007)
Microsoft Office 2000 Professional (Version: 9.00.2816)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visio 2000 (DE) (Version: 06.00.1001)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.4)
Microsoft Works (Version: 08.05.0822)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XML Parser (Version: 8.70.1104.04)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox (2.0.0.20) (Version: 2.0.0.20 (de))
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicnotes Software Suite 1.5.5 (Version: 1.5.5)
Nero 7 Essentials (Version: 7.02.4288)
NetDeviceManager (Version: 90.0.205.000)
Netzwerkdiagramme (Version: 6.0.1000)
OpenOffice.org 2.2 (Version: 2.2.9161)
Organigramme (Version: 6.0.1000)
PanoStandAlone (Version: 90.0.146.000)
PL-2303HXD Vista Driver Installer (Version: 3.0.0.1)
Programmdateien (Version: 06.00.1001)
Projektpläne (Version: 6.0.1000)
PS_AIO_02_ProductContext (Version: 90.0.222.000)
PS_AIO_02_Software (Version: 90.0.222.000)
PS_AIO_02_Software_min (Version: 90.0.222.000)
PSSWCORE (Version: 2.01.0000)
QuickTime (Version: 7.73.80.64)
Rahmen und Hintergrunde (Version: 6.0.1000)
Raumplan (Version: 6.0.1000)
Rave Reports 7.7.0 BE
Reader for PC (Version: 2.0.01.11080)
Realtek High Definition Audio Driver (Version: 6.0.1.5413)
RUBICon (Version: 2.0.25)
Safari (Version: 5.34.57.2)
Scan (Version: 9.0.0.0)
SCR3xxx Smart Card Reader (Version: 8.41)
Secure Download Manager (Version: 3.0.5)
Seitenlayout-Assistent (Version: 6.0.1000)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
Shape-Explorer (Version: 6.0.1000)
Shape-Explorer-Hilfe (Version: 6.0.1000)
Skins (Version: 2007.0209.1621.29091)
Skype™ 6.5 (Version: 6.5.158)
Solero Music Viewer 8.0.29.370 (Version: 8.0.29.370)
SolutionCenter (Version: 90.0.146.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
StarMoney (Version: 1.0)
StarMoney (Version: 2.0)
StarMoney (Version: 3.0.1.31)
Status (Version: 90.0.146.000)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
Uninstall 1.0.0.1
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VBA (2816b) (Version: 6.01.00.1234)
Versionshinweise (Version: 6.0.1000)
VideoToolkit01 (Version: 90.0.146.000)
Visio (Version: 1.0.0.1)
Visio Core Files (Version: 06.00.1000)
VLC media player 1.1.0 (Version: 1.1.0)
WebReg (Version: 90.0.146.000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (Version: 02/06/2007 3.1)
WinSTAT (Version: 7.01.0000)
Wise Registry Cleaner 6.21
WISO Monats-CD
WISO Sparbuch 2008 (Version: 15.00.0000)
WISO Sparbuch 2009 (Version: 16.00.6228)
WISO Sparbuch 2010 (Version: 17.00.6531)
WISO Steuer-Sparbuch 2011 (Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (Version: 19.00.7303)
Zusatzprogramme (Version: 1.0.0.0)
 

==================== Restore Points  =========================

12-07-2013 16:19:05 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1B9BCDAE-BBA0-4532-BD46-36DB60181637} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Svetlana => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2641A702-94DD-4788-B490-18CB66F6CF2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {79F1B2BD-055C-4FD4-87C3-5A1FBD71CC8D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {803C982A-DA92-4B0F-A22C-37635A904141} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {88BD4307-4E4F-44FA-BB77-00A824CC1F82} - System32\Tasks\{B9DCCB52-A31C-4A46-AD6D-70B957E5CA95} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {92EF816A-6347-4798-805B-ECC35EF43ECD} - System32\Tasks\{F80CB8BB-8BA1-4214-865F-5EAA995C4A95} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {B02B87B7-059B-4118-B33D-F8CB6103B987} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {BF197F80-42E7-4436-9611-2549D35761C4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {BF87FDEA-7F82-4734-95A2-082DBEAAC668} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {C5D5FF3E-E4D1-4A42-90AB-C875B5B6EE2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-04] (Adobe Systems Incorporated)
Task: {CA03E408-C338-4C00-A6B8-8476D4DF5B7C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2763598808-591417749-325035483-1002 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {CBEAEA8B-5D73-48E9-AFD1-5DC55D4964E3} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {D95C4E9C-F172-489F-98EB-EF583B8B245A} - System32\Tasks\{14609A13-E4EC-4A3D-B5DF-8E1D3C11366F} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F57E143B-CB3D-4217-885E-541A9385B5E6} - System32\Tasks\{32E5D96C-1535-4935-8E1A-31947724200F} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/14/2013 08:19:32 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/14/2013 08:14:52 AM) (Source: DCOM) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (07/14/2013 08:14:04 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PETER-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{57EBB8D0-02AE-45BB-8004-3FFA01B66-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/14/2013 08:13:10 AM) (Source: Service Control Manager) (User: )
Description: InterBase 2007 Guardian gds_db1

Error: (07/14/2013 08:13:10 AM) (Source: Service Control Manager) (User: )
Description: 30000InterBase 2007 Server gds_db

Error: (07/14/2013 08:09:10 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: 


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-14 08:32:43.642
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:43.066
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:42.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:41.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:41.246
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:40.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:40.138
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-14 08:32:39.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-18 12:35:00.462
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-18 12:34:59.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 1918.7 MB
Available physical RAM: 437.34 MB
Total Pagefile: 4081.84 MB
Available Pagefile: 1641.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.73 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:288.08 GB) (Free:18.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:9.99 GB) (Free:4.65 GB) FAT32
Drive i: () (Removable) (Total:1.87 GB) (Free:1.85 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================
         

Alt 14.07.2013, 12:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Supi


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 12:49   #11
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Hier die beiden Dateien:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=69320de74c822e4ea49f3311373fb909
# engine=14397
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-15 10:03:14
# local_time=2013-07-15 12:03:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1287 16777214 100 100 32485720 132877166 0 0
# compatibility_mode=5892 16776573 100 100 16797 211415322 0 0
# scanned=380428
# found=3
# cleaned=0
# scan_time=13790
sh=8EB45E215BB9C40066839626622E805A5E8E43D4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Svetlana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1a360bb7-57240e5c"
sh=4B2B8885F8A0CE9F19A233D06B17110046A09158 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Svetlana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\691ce278-22c6fe2c"
sh=7991CC1E3D988630E479F17433CC90F1F4A76996 ft=1 fh=67d48430c107a16e vn="a variant of Win32/Kryptik.BFIS trojan" ac=I fn="C:\_OTL\MovedFiles\07122013_141608\C_Users\Svetlana\AppData\Roaming\skype.dat"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.69  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky PURE   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Wise Registry Cleaner 6.21  
 Java(TM) 6 Update 37  
 Java 7 Update 7  
 Java(TM) SE Runtime Environment 6 
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (2.0.0 Firefox out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Windows Defender MSASCui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Gruß
beckerpe

Alt 15.07.2013, 12:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Alle Software die rot ist updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Frisches FRST log fehlt. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 13:23   #13
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



hallo schrauber,

das System läuft ohne Probleme !

hier noch der FRST-log

mfG

beckerpe

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01
Ran by Svetlana (administrator) on 15-07-2013 14:06:49
Running from I:\USB info
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\GnabTray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(GARMIN Corp.) C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
() C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.33_windows_intelx86__BRP4SSE.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
(Microsoft Corporation) C:\Windows\system32\RacAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [GnabTray] - C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart [327680 2007-04-13] (Empolis GmbH)
HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [boincmgr] - "C:\Program Files\BOINC\boincmgr.exe" /a /s [4862720 2010-07-01] (Space Sciences Laboratory)
HKLM\...\Run: [boinctray] - "C:\Program Files\BOINC\boinctray.exe" [58112 2010-07-01] (Space Sciences Laboratory)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Reader Application Helper] - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -u auto-update [232368 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKCU\...\Run: [Logitech Vid] - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: ipp - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @sony.com/ReaderDesktop - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
FF Extension: Amazon-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
FF Extension: Home Extension - C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
FF Extension: Google Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
FF Extension: eBay-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
FF Extension: Firefox (default) - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: eBay Statusbar Button - C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
FF Extension: eBay Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Amazon Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [374206 2005-05-13] (AVM Berlin)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
S2 BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [65536 2009-11-19] (CodeGear)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-06-27] (Google)
S2 IBG_gds_db; C:\Borland\InterBase\bin\ibguard.exe [36864 2007-08-01] (Borland Software Corporation)
S3 IBS_gds_db; C:\Borland\InterBase\bin\ibserver.exe [2105344 2007-08-01] (Borland Software Corporation)
R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] ()
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( )

==================== Drivers (Whitelisted) ====================

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ECS_Loader_220; C:\Windows\System32\Drivers\ECS_Loader_220.sys [15616 2005-10-31] (WideView Technology Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [452736 2005-05-13] (AVM GmbH)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2009-11-26] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-13] (hxxp://libusb-win32.sourceforge.net)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [134888 2007-02-05] (Realtek Semiconductor Corp.)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 DMSKSSRh; \\??\\C:\\Users\\Svetlana\\AppData\\Local\\Temp\\DMSKSSRh.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 08:09 - 2013-07-15 08:09 - 00000000 ____D C:\Program Files\ESET
2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST
2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL
2013-07-12 18:32 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 18:32 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 18:32 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 18:32 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 18:32 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 18:32 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 18:32 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 18:32 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 18:32 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 18:32 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 18:32 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 18:32 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 18:32 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 18:32 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 18:32 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 18:32 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt
2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt
2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt
2013-07-12 17:51 - 2013-07-12 17:52 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-07-12 13:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 13:18 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 13:14 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-12 13:14 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-12 13:14 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-12 13:14 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-12 13:14 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 13:14 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 16:36 - 2013-07-11 16:54 - 00083884 _____ C:\OTL.Txt
2013-07-09 11:09 - 2013-07-09 17:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-05 10:38 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-05 10:37 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-05 10:37 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-04 09:43 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-04 09:41 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-04 09:41 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-04 09:32 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2013-07-15 14:10 - 2010-08-26 19:05 - 00000000 ____D C:\ProgramData\BOINC
2013-07-15 14:03 - 2012-12-10 09:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 13:51 - 2011-12-20 10:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-15 13:31 - 2010-11-30 19:48 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 13:08 - 2008-01-25 12:34 - 01345706 _____ C:\Windows\WindowsUpdate.log
2013-07-15 12:51 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 12:51 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 08:31 - 2010-11-30 19:48 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 08:09 - 2013-07-15 08:09 - 00000000 ____D C:\Program Files\ESET
2013-07-15 06:52 - 2011-02-17 19:40 - 00000000 ____D C:\Windows\system32\logishrd
2013-07-15 06:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 14:27 - 2006-11-02 15:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 09:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST
2013-07-14 08:11 - 2006-11-02 14:47 - 00424888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 08:09 - 2011-04-12 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 08:09 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL
2013-07-12 18:43 - 2006-11-02 12:33 - 01509498 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 18:34 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 18:19 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt
2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt
2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt
2013-07-12 17:52 - 2013-07-12 17:51 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-07-12 17:51 - 2009-02-18 20:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-12 17:51 - 2008-01-25 15:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-12 14:29 - 2013-01-01 13:43 - 00002388 _____ C:\Windows\setupact.log
2013-07-11 16:54 - 2013-07-11 16:36 - 00083884 _____ C:\OTL.Txt
2013-07-11 16:33 - 2008-01-25 12:46 - 00000000 ____D C:\Users\Svetlana
2013-07-10 07:39 - 2009-12-23 23:40 - 00000000 ____D C:\Users\Svetlana\Documents\Kaspersky
2013-07-09 18:48 - 2011-02-28 09:06 - 00008160 _____ C:\Users\Svetlana\AppData\Local\d3d9caps.dat
2013-07-09 17:42 - 2013-07-09 11:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-05 13:06 - 2011-02-23 19:06 - 00058880 _____ C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-05 12:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-07-05 12:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-07-05 11:59 - 2011-07-07 20:27 - 00000000 ____D C:\HDW26T_TMP
2013-07-05 11:33 - 2011-02-17 20:15 - 00000000 ____D C:\Users\Svetlana\AppData\Roaming\Skype
2013-07-05 10:30 - 2007-06-19 15:54 - 00059316 _____ C:\Windows\PFRO.log
2013-07-04 09:10 - 2011-02-17 20:15 - 00000000 ____D C:\ProgramData\Skype
2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-04 09:09 - 2013-03-22 15:05 - 00000000 ___RD C:\Program Files\Skype
2013-07-04 09:08 - 2012-04-01 17:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-04 09:08 - 2012-04-01 17:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Svetlana\100_228_PS_AIO_02_Full_Net_deu_NB.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 07:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.07.2013, 13:34   #14
schrauber
/// the machine
/// TB-Ausbilder
 

weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 19:46   #15
beckerpe
 
weißer Bildschirm nach Bundestrojanerbefall - Standard

weißer Bildschirm nach Bundestrojanerbefall



bisher keine weiteren Probleme

beckerpe

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01
Ran by Svetlana (administrator) on 15-07-2013 20:28:34
Running from I:\USB info
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\GnabTray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(CodeGear) C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(GARMIN Corp.) C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\ProgramData\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.33_windows_intelx86__BRP4SSE.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [GnabTray] - C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart [327680 2007-04-13] (Empolis GmbH)
HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [boincmgr] - "C:\Program Files\BOINC\boincmgr.exe" /a /s [4862720 2010-07-01] (Space Sciences Laboratory)
HKLM\...\Run: [boinctray] - "C:\Program Files\BOINC\boinctray.exe" [58112 2010-07-01] (Space Sciences Laboratory)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Reader Application Helper] - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKCU\...\Run: [Logitech Vid] - "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-13] (Logitech Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKCU\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ipp - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @sony.com/ReaderDesktop - C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SP_ebay_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ge067xfe.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
FF Extension: Amazon-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
FF Extension: Home Extension - C:\Program Files\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
FF Extension: Google Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
FF Extension: eBay-Startcenter - C:\Program Files\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
FF Extension: Firefox (default) - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: eBay Statusbar Button - C:\Program Files\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
FF Extension: eBay Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF Extension: Amazon Kontextmenü - C:\Program Files\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [374206 2005-05-13] (AVM Berlin)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
R2 BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [65536 2009-11-19] (CodeGear)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2007-06-27] (Google)
S2 IBG_gds_db; C:\Borland\InterBase\bin\ibguard.exe [36864 2007-08-01] (Borland Software Corporation)
S3 IBS_gds_db; C:\Borland\InterBase\bin\ibserver.exe [2105344 2007-08-01] (Borland Software Corporation)
R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] ()
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( )

==================== Drivers (Whitelisted) ====================

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ECS_Loader_220; C:\Windows\System32\Drivers\ECS_Loader_220.sys [15616 2005-10-31] (WideView Technology Inc.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [452736 2005-05-13] (AVM GmbH)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2009-11-26] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2011-05-13] (hxxp://libusb-win32.sourceforge.net)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [134888 2007-02-05] (Realtek Semiconductor Corp.)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 DMSKSSRh; \\??\\C:\\Users\\Svetlana\\AppData\\Local\\Temp\\DMSKSSRh.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 20:26 - 2013-07-15 20:26 - 00000058 _____ C:\Users\Svetlana\Desktop\Fixlist.txt
2013-07-15 20:08 - 2013-07-15 20:08 - 01068176 _____ (Solid State Networks) C:\Users\Svetlana\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe
2013-07-15 16:28 - 2013-07-15 16:25 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-15 14:59 - 2013-07-15 14:59 - 00448512 _____ (OldTimer Tools) C:\Users\Svetlana\Desktop\TFC.exe
2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST
2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL
2013-07-12 18:32 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 18:32 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 18:32 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 18:32 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 18:32 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 18:32 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 18:32 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 18:32 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 18:32 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 18:32 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 18:32 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 18:32 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 18:32 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 18:32 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 18:32 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 18:32 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt
2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt
2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt
2013-07-12 17:51 - 2013-07-12 17:52 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-07-12 13:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 13:18 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 13:14 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-12 13:14 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-12 13:14 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-12 13:14 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-12 13:14 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-12 13:14 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 13:14 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 16:36 - 2013-07-11 16:54 - 00083884 _____ C:\OTL.Txt
2013-07-09 11:09 - 2013-07-09 17:42 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-05 10:38 - 2013-05-08 06:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-05 10:37 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-05 10:37 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-04 09:43 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-04 09:43 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-04 09:41 - 2013-05-03 00:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-04 09:41 - 2013-05-03 00:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-04 09:32 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2013-07-15 20:31 - 2010-11-30 19:48 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 20:28 - 2010-08-26 19:05 - 00000000 ____D C:\ProgramData\BOINC
2013-07-15 20:26 - 2013-07-15 20:26 - 00000058 _____ C:\Users\Svetlana\Desktop\Fixlist.txt
2013-07-15 20:08 - 2013-07-15 20:08 - 01068176 _____ (Solid State Networks) C:\Users\Svetlana\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe
2013-07-15 20:06 - 2009-12-23 23:40 - 00000000 ____D C:\Users\Svetlana\Documents\Kaspersky
2013-07-15 20:03 - 2012-12-10 09:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 19:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 19:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 16:28 - 2008-04-25 18:50 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-15 16:25 - 2013-07-15 16:28 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-15 16:25 - 2013-07-15 16:25 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-15 16:25 - 2012-08-31 15:13 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-15 16:25 - 2010-06-13 19:36 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-15 15:50 - 2011-12-20 10:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-15 15:45 - 2011-02-17 19:40 - 00000000 ____D C:\Windows\system32\logishrd
2013-07-15 15:45 - 2010-11-30 19:48 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 15:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 14:59 - 2013-07-15 14:59 - 00448512 _____ (OldTimer Tools) C:\Users\Svetlana\Desktop\TFC.exe
2013-07-15 14:29 - 2008-01-25 12:34 - 01380677 _____ C:\Windows\WindowsUpdate.log
2013-07-15 14:17 - 2006-11-02 15:01 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 09:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 08:30 - 2013-07-14 08:30 - 00000000 ____D C:\FRST
2013-07-14 08:11 - 2006-11-02 14:47 - 00424888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 08:09 - 2011-04-12 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 08:09 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-12 20:16 - 2013-07-12 20:16 - 00000000 ____D C:\_OTL
2013-07-12 18:43 - 2006-11-02 12:33 - 01509498 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 18:34 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-12 18:19 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 18:18 - 2013-07-12 18:18 - 00000989 _____ C:\Users\Public\Documents\JRT.txt
2013-07-12 18:17 - 2013-07-12 18:17 - 00000989 _____ C:\Users\Svetlana\Desktop\JRT.txt
2013-07-12 18:12 - 2013-07-12 18:12 - 00000000 ____D C:\Windows\ERUNT
2013-07-12 18:09 - 2013-07-12 18:09 - 00014190 _____ C:\Users\Public\Documents\AdwCleaner[S1].txt
2013-07-12 17:52 - 2013-07-12 17:51 - 00014190 _____ C:\AdwCleaner[S1].txt
2013-07-12 17:51 - 2009-02-18 20:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-12 17:51 - 2008-01-25 15:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-12 14:29 - 2013-01-01 13:43 - 00002388 _____ C:\Windows\setupact.log
2013-07-11 16:54 - 2013-07-11 16:36 - 00083884 _____ C:\OTL.Txt
2013-07-11 16:33 - 2008-01-25 12:46 - 00000000 ____D C:\Users\Svetlana
2013-07-09 18:48 - 2011-02-28 09:06 - 00008160 _____ C:\Users\Svetlana\AppData\Local\d3d9caps.dat
2013-07-09 17:42 - 2013-07-09 11:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-05 13:06 - 2011-02-23 19:06 - 00058880 _____ C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-05 12:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-07-05 12:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-07-05 11:59 - 2011-07-07 20:27 - 00000000 ____D C:\HDW26T_TMP
2013-07-05 11:33 - 2011-02-17 20:15 - 00000000 ____D C:\Users\Svetlana\AppData\Roaming\Skype
2013-07-05 10:30 - 2007-06-19 15:54 - 00059316 _____ C:\Windows\PFRO.log
2013-07-04 09:10 - 2011-02-17 20:15 - 00000000 ____D C:\ProgramData\Skype
2013-07-04 09:09 - 2013-07-04 09:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-04 09:09 - 2013-03-22 15:05 - 00000000 ___RD C:\Program Files\Skype
2013-07-04 09:08 - 2012-04-01 17:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-04 09:08 - 2012-04-01 17:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Svetlana\100_228_PS_AIO_02_Full_Net_deu_NB.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 15:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Antwort

Themen zu weißer Bildschirm nach Bundestrojanerbefall
abgesicherte, abgesicherten, abgesicherten modus, alten, bildschirm, bundes, bundestrojaner, bundestrojanerbefall, desktop, entfern, entfernt, erhalte, kaspersky, laufen, neustart, protokoll, rescue, viren, weiße, weißer, weißer bildschirm




Ähnliche Themen: weißer Bildschirm nach Bundestrojanerbefall


  1. Win 7: Weißer Bildschirm nach Hochfahren
    Log-Analyse und Auswertung - 30.10.2015 (12)
  2. Weißer Bildschirm nach Laptopstart
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (37)
  3. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  4. weißer Bildschirm nach Systemstart
    Log-Analyse und Auswertung - 09.11.2013 (11)
  5. weißer BIldschirm nach PC Start.
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (14)
  6. Weißer Bildschirm nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (25)
  7. weißer Bildschirm nach dem hochfahren
    Log-Analyse und Auswertung - 17.07.2013 (8)
  8. Weißer Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (11)
  9. Weißer Bildschirm nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (14)
  10. weißer bildschirm nach systemstart
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (5)
  11. Weißer Bildschirm nach Start Win XP
    Log-Analyse und Auswertung - 03.06.2013 (2)
  12. Weißer Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (17)
  13. Nach Hochfahren weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  14. 2x | Weißer Bildschirm nach anmelden
    Mülltonne - 02.02.2013 (1)
  15. weißer bildschirm nach anmelden
    Log-Analyse und Auswertung - 02.02.2013 (1)
  16. weißer Bildschirm nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (13)
  17. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)

Zum Thema weißer Bildschirm nach Bundestrojanerbefall - Mein PC war mit dem Bundestrojaner befallen. Habe kav_rescue 10 laufen lassen. Nach dem Neustart erhalte ich ganz kurz meinen alten Desktop, danach nur noch einen weißen Bildschirm. Im abgesicherten - weißer Bildschirm nach Bundestrojanerbefall...
Archiv
Du betrachtest: weißer Bildschirm nach Bundestrojanerbefall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.