Wie entferne ich den ihavenet-Trojaner?

schrauber · 21.09.2013, 16:16

Jetzt hast Du den Fix wiederholt

Kopier folgendes in OTL in die Box und klicke Scan:

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /600

Caris · 21.09.2013, 17:25

Jetzt aber wirklich.

Code:

ATTFilter

OTL logfile created on: 21.09.2013 18:15:20 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,86 Mb Total Physical Memory | 369,52 Mb Available Physical Memory | 36,45% Memory free
3,89 Gb Paging File | 3,12 Gb Available in Paging File | 80,03% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 36,33 Gb Total Space | 10,83 Gb Free Space | 29,80% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 16,38 Gb Free Space | 83,87% Space Free | Partition Type: NTFS
 
Computer Name: LAUSITZ000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.13 15:56:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2013.08.17 09:21:21 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.07.20 22:03:21 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.03.12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.12.16 21:35:04 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009.10.15 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.09.25 05:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.09.25 05:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.09.25 05:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.09.25 05:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2009.08.31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009.08.31 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009.08.31 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009.08.31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008.11.06 15:53:59 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Programme\Huawei Modems\DataCardMonitor.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.25 18:49:44 | 000,457,248 | ---- | M] (Birdstep Technology) -- C:\Programme\T-Mobile\web'n'walk Manager\AutoUpdateSrv.exe
PRC - [2007.02.09 15:48:26 | 000,176,128 | ---- | M] (OptionNV) -- C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
PRC - [2006.11.17 16:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006.09.27 07:38:22 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes7.0.2\ntmulti.exe
PRC - [2006.09.27 07:38:06 | 000,016,896 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes7.0.2\nsl.exe
PRC - [2006.09.27 07:38:06 | 000,007,680 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes7.0.2\nslsvice.exe
PRC - [2006.04.07 14:02:14 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\NCWatch\NCWatch.exe
PRC - [2006.02.27 09:51:00 | 000,225,280 | ---- | M] (matrix42 AG) -- C:\WINDOWS\system32\EMPIRUM\SWDEPOT.EXE
PRC - [2006.01.26 01:03:14 | 000,278,528 | ---- | M] (InterVideo Inc.) -- C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2005.12.07 10:50:00 | 000,118,784 | ---- | M] (matrix42 AG) -- C:\WINDOWS\system32\EMPIRUM\SETUPSVC.EXE
PRC - [2005.10.12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005.10.12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005.08.09 11:53:06 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005.07.21 15:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.07.21 15:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005.02.09 10:01:00 | 000,073,728 | ---- | M] (matrix42 AG) -- C:\WINDOWS\system32\EMPIRUM\EMPAUTSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.09.03 15:54:02 | 000,301,056 | ---- | M] () -- c:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2009.09.25 05:50:00 | 000,065,536 | ---- | M] () -- c:\Programme\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2007.04.19 14:53:48 | 000,109,408 | ---- | M] () -- c:\Programme\Microsoft Office\OFFICE11\OUTLCTL.DLL
MOD - [2007.04.18 21:30:46 | 000,471,040 | ---- | M] () -- C:\Programme\McAfee\Common Framework\ccme_base.dll
MOD - [2007.04.18 21:30:46 | 000,393,216 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll
MOD - [2006.09.27 07:40:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Lotus\Notes7.0.2\smarttags.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.09.20 15:13:29 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.17 09:21:21 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.20 22:03:21 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010.12.16 21:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.10.15 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.09.25 05:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.08.31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009.08.31 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009.08.31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2007.02.09 15:48:26 | 000,176,128 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2006.09.27 07:38:22 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes7.0.2\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2006.09.27 07:38:06 | 000,007,680 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes7.0.2\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2006.04.07 14:02:14 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\NCWatch\NCWatch.exe -- (NCWatch)
SRV - [2005.12.07 10:50:00 | 000,118,784 | ---- | M] (matrix42 AG) [Auto | Running] -- C:\WINDOWS\system32\EMPIRUM\SETUPSVC.EXE -- (SetupService)
SRV - [2005.10.12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
SRV - [2005.02.09 10:01:00 | 000,073,728 | ---- | M] (matrix42 AG) [Auto | Running] -- C:\WINDOWS\system32\EMPIRUM\EMPAUTSVC.EXE -- (MATRIXAUT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TDProtocol)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\TESTPR~1\NETSTU~1\Aircrack\AIRCRA~1.41\win32\PEEK5.SYS -- (PEEK5)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Unknown] -- C:\WINDOWS\system32\ntqs61ep.sys -- (ntqs61ep)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | Auto | Stopped] -- c:\Programme\NavNT\NAVAPEL.SYS -- (NAVAPEL)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\Programme\NavNT\NAVAP.sys -- (NAVAP)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010.12.16 21:43:22 | 000,084,336 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_700_17289.SYS -- (NEOFLTR_700_17289)
DRV - [2010.12.16 21:11:14 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010.10.07 14:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2009.08.31 21:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.08.31 21:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.08.31 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.08.31 21:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009.08.31 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.08.31 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.12.18 21:50:51 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
DRV - [2007.08.06 13:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.05.31 16:27:30 | 000,115,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mdvdrv.sys -- (mdvdrv)
DRV - [2007.05.28 19:00:22 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2007.05.15 10:28:06 | 000,015,104 | R--- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\snidmi.sys -- (SniDmi)
DRV - [2007.03.08 05:03:32 | 000,021,248 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2007.02.01 17:25:30 | 000,166,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007.01.15 16:43:20 | 000,035,200 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2007.01.15 16:43:18 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006.08.08 15:57:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2006.07.12 10:44:16 | 001,158,816 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.07.11 12:45:40 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006.07.11 12:45:38 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2006.07.11 12:39:20 | 000,092,561 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2006.07.06 09:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.01.25 14:27:42 | 000,162,688 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WTDDI.sys -- (TDDIWAN)
DRV - [2005.12.09 17:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005.07.21 15:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.06.10 06:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.12.14 16:38:38 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2004.06.26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004.06.26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004.01.17 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2003.11.26 16:47:04 | 000,037,264 | ---- | M] (T-Systems Nova GmbH, Berkom Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TDPPPoE.sys -- (TDAdapter)
DRV - [2001.08.18 05:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{F247096B-BE0D-40FA-A1D3-64B9FB9EF664}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: c:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.08.17 09:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.09.13 15:22:55 | 000,000,000 | ---D | M]
 
[2008.10.15 20:09:41 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2013.09.11 15:59:34 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0qsvmauj.default\extensions
[2010.06.11 19:45:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0qsvmauj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.14 23:19:32 | 000,000,000 | ---D | M] (Move Media Player) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0qsvmauj.default\extensions\moveplayer@movenetworks.com
[2013.07.31 11:34:18 | 000,824,302 | ---- | M] () (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\0qsvmauj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.08.31 18:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions
[2013.08.17 09:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.08.17 09:21:22 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.31 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
 
O1 HOSTS File: ([2013.09.07 09:52:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [_UserEnv] C:\WINDOWS\system32\EMPIRUM\ENV.EXE (matrix42 AG)
O4 - HKLM..\Run: [Adobe ARM] c:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] c:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [McAfeeUpdaterUI] c:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RunSWDepot1] SWDEPOT /WU /S /T /Q File not found
O4 - HKLM..\Run: [ShStatEXE] c:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - Startup: c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Aktualisierungsagent.lnk = C:\Programme\T-Mobile\web'n'walk Manager\AutoUpdateSrv.exe (Birdstep Technology)
O4 - Startup: c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: wundm001 ([]file in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342648210265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://employees.vionfood.com/,DanaInfo=DEMUNDOM16M.vionfood.local,ST=1+/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://employees.vionfood.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employees.vionfood.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BBD802A-5492-4AAF-8153-F1097B7AC7B9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\t-mobile - No CLSID value found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FJWSEL: DllName - (FJWSWNP.dll) - C:\WINDOWS\System32\FJWSWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.21 17:20:00 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\.thumbnails
[2013.09.15 16:52:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.09.13 15:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.09.13 15:44:13 | 000,358,923 | ---- | C] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Desktop\FSS.exe
[2013.09.13 15:43:05 | 000,448,512 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe
[2013.09.13 15:38:54 | 000,000,000 | ---D | C] -- C:\FRST
[2013.09.13 15:37:44 | 001,082,459 | ---- | C] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
[2013.09.13 15:33:42 | 000,000,000 | ---D | C] -- C:\Quarantine
[2013.09.13 14:44:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.09.13 14:24:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.09.11 16:09:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.09.11 15:51:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.09 16:42:33 | 005,120,615 | R--- | C] (Swearware) -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ComboFix.exe
[2013.09.09 16:42:19 | 001,081,729 | ---- | C] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\FRST.exe
[2013.09.07 09:34:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.09.07 09:30:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.09.07 09:30:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.09.07 09:30:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.09.07 09:30:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.09.07 09:28:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.09.07 09:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.09.06 18:59:58 | 005,125,578 | R--- | C] (Swearware) -- c:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.08.31 18:29:51 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2013.08.31 18:29:34 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.21 18:13:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.09.21 18:12:31 | 000,002,607 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2013.09.21 17:57:52 | 000,006,433 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2013.09.21 17:41:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.21 09:41:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.21 09:13:10 | 000,514,466 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.09.21 09:13:10 | 000,490,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.09.21 09:13:10 | 000,100,170 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.09.21 09:13:10 | 000,083,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.09.21 09:13:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.09.21 09:11:04 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Vyjr.job
[2013.09.21 09:11:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.09.20 16:55:39 | 000,000,490 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Ski Challenge 2012  starten.lnk
[2013.09.20 16:51:33 | 000,001,564 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Ski Challenge 2013 starten.lnk
[2013.09.20 16:51:30 | 000,001,487 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Game Alarm.lnk
[2013.09.20 15:13:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.09.20 15:13:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.09.13 15:56:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.09.13 15:44:15 | 000,358,923 | ---- | M] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Desktop\FSS.exe
[2013.09.13 15:43:09 | 000,448,512 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe
[2013.09.13 15:38:02 | 001,082,459 | ---- | M] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
[2013.09.13 14:21:16 | 005,125,578 | R--- | M] (Swearware) -- c:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
[2013.09.11 15:59:36 | 000,000,731 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\DV90 Forms6 WTS.lnk
[2013.09.09 16:27:29 | 000,000,762 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ Malwarebytes Anti-Malware .lnk
[2013.09.07 09:52:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.09.07 09:34:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.09.06 19:00:35 | 005,120,615 | R--- | M] (Swearware) -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ComboFix.exe
[2013.09.06 14:22:51 | 001,081,729 | ---- | M] (Farbar) -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\FRST.exe
 
========== Files Created - No Company Name ==========
 
[2013.09.21 17:57:52 | 000,006,433 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
[2013.09.09 16:42:50 | 000,000,762 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ Malwarebytes Anti-Malware .lnk
[2013.09.07 09:34:41 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013.09.07 09:34:39 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.09.07 09:30:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.09.07 09:30:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.09.07 09:30:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.09.07 09:30:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.09.07 09:30:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.02 17:04:13 | 000,147,968 | RHS- | C] () -- C:\WINDOWS\System32\compactn.dll
[2012.02.18 22:43:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.07 12:30:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.02.11 16:10:18 | 000,000,001 | R--- | C] () -- c:\Dokumente und Einstellungen\Administrator\serverport
[2009.04.16 20:22:06 | 000,001,233 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\jinitiator13128.trace
[2008.10.02 16:02:14 | 000,022,016 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008.04.19 13:06:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.02.17 15:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderFileName0" = unimdm.tsp -- [2008.04.14 07:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation)
"ProviderID0" = 1
"ProviderFileName1" = kmddsp.tsp -- [2008.04.14 07:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation)
"ProviderID1" = 2
"ProviderFileName2" = ndptsp.tsp -- [2008.04.14 07:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation)
"ProviderID2" = 3
"ProviderFileName3" = ipconf.tsp -- [2008.04.14 07:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation)
"ProviderID3" = 4
"ProviderFileName4" = h323.tsp -- [2008.04.14 07:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation)
"ProviderID4" = 5
"ProviderFileName5" = hidphone.tsp -- [2008.04.14 07:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation)
"ProviderID5" = 6
"NumProviders" = 6
"NextProviderID" = 7
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.06.10 08:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Enum]
"0" = Root\LEGACY_LANMANWORKSTATION\0000
"Count" = 1
"NextInstance" = 1
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008.04.14 07:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = DNS-Client
"Group" = TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" =  [binary data]
"ObjectName" = NT AUTHORITY\NetworkService
"Description" = Wertet DNS-Namen (Domain Name System) für diesen Computer aus und speichert sie zwischen. Falls dieser Dienst beendet wird, kann der Computer keine DNS-Namen auflösen und Active Directory-Domänencontroller ermitteln. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2009.04.20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 A8 00 00 00 B4 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 78 00 05 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Enum]
"0" = Root\LEGACY_DNSCACHE\0000
"Count" = 1
"NextInstance" = 1
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"HTTPFilter" = HTTPFilter [binary data]
"LocalService" = AlerterWebClientLmHostsRemoteRe [Binary data over 200 bytes]
"NetworkService" = DnsCache [binary data]
"netsvcs" = 6to4AppMgmtAudioSrvBrowserCryp [Binary data over 200 bytes]
"DcomLaunch" = DcomLaunchTermService [binary data]
"rpcss" = RpcSs [binary data] -- [2009.02.09 12:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"termsvcs" = TermService [binary data]
"eapsvcs" = eaphost [binary data]
"dot3svc" = dot3svc [binary data] -- [2008.04.14 07:52:10 | 000,133,120 | ---- | M] (Microsoft Corporation)
"WudfServiceGroup" = WUDFSvc [binary data] -- [2006.09.28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2008.04.14 07:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\h323.tsp
[2008.04.14 07:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidphone.tsp
[2008.04.14 07:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipconf.tsp
[2008.04.14 07:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kmddsp.tsp
[2008.04.14 07:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ndptsp.tsp
[2008.04.14 07:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\remotesp.tsp
[2008.04.14 07:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /600 >
[2013.02.06 02:47:28 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advpack.dll
[2012.12.16 14:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.07.06 15:59:07 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdm.dll
[2013.05.02 17:04:13 | 000,147,968 | RHS- | M] () -- C:\Windows\system32\compactn.dll
[2013.02.06 02:47:28 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\corpol.dll
[2012.06.01 18:50:01 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.07.20 22:03:16 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.11.02 04:02:36 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.02.06 02:47:29 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.02.06 02:47:29 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.02.06 02:47:29 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\extmgr.dll
[2013.02.06 02:47:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.02.06 02:47:29 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2013.02.06 02:47:29 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2013.02.04 07:57:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2013.02.06 02:47:29 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.02.06 02:47:29 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.02.06 02:47:29 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieencode.dll
[2013.02.06 02:47:30 | 006,105,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.02.06 02:47:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.02.06 02:47:30 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.02.06 02:47:31 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.02.29 16:09:48 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.02.06 02:47:31 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.10.03 06:58:00 | 001,063,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.05.14 11:22:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2013.02.06 02:47:31 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.02.06 02:47:31 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.02.06 02:47:32 | 003,620,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.02.06 02:47:32 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.02.06 02:47:32 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2013.02.06 02:47:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstime.dll
[2012.06.05 17:49:29 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.06 04:01:31 | 001,371,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.07.06 15:59:07 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2013.07.20 22:03:16 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2013.02.06 02:47:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2013.01.26 05:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oleaut32.dll
[2013.02.06 02:47:32 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2013.01.02 08:49:00 | 001,297,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.06.04 06:32:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.08 16:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.10.02 20:04:21 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.02.06 02:47:32 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.02.06 02:47:32 | 001,168,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2013.02.06 02:47:33 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2013.07.20 22:03:25 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2013.02.06 02:47:33 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 15:53:51 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltui.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuweb.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> c:\Dokumente und Einstellungen\Administrator\Desktop\PRINCE 2.EXE.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> c:\Dokumente und Einstellungen\Administrator\Desktop\4D_PRINCE.EXE.pif:SummaryInformation

< End of report >

schrauber · 21.09.2013, 21:10

Supi, noch Probleme?

Caris · 22.09.2013, 08:35

Zwar nicht mehr so häufig wie anfangs, aber leider noch immer.

An was kann es liegen?

schrauber · 22.09.2013, 13:32

welche Probleme?

Caris · 22.09.2013, 13:38

Wenn ich bei google einen Link aufrufe, werde ich zum Teil noch immer auf andere Seiten umgeleitet. Zu Beginn war das noch schlimmer, jetzt klappt es häufiger sogar einwandfrei. Trotzdem gibt es noch vereinzelte Fälle, in denen die gewünschte Seite nicht aufzurufen geht. :/

schrauber · 22.09.2013, 18:56

in allen Browsern?

Caris · 06.10.2013, 12:43

Sorry, dass es so lang gedauert hat, aber ich war im Urlaub.
--
Ich habe zwar nur zwei Browser installiert, von denen ich nur einen nutze, aber das Problem tritt bei beiden (Firefox und Inet Explorer) auf, ja.

schrauber · 06.10.2013, 16:50

Router auf Werkseinstellungen zurücksetzen, Firefox deinstallieren, keine Daten behalten, neu installieren.
IE komplett zurücksetzen.

dann ein frisches FRST log bitte.

Caris · 08.10.2013, 16:42

Er ließ sich leider nicht zurücksetzen.

Habe aber Firefox und IE rausgeschmissen und neu installiert.

Außerdem habe ich einfach nochmal adwcleaner durchlaufen lassen, der findet aber nichts.

Hier der Scan:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Administrator (administrator) on 000 on 08-10-2013 17:37:24
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IBM Corp) C:\program files\lotus\notes7.0.2\nslsvice.exe
(IBM Corp) C:\program files\lotus\notes7.0.2\nsl.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Huawei Technologies Co., Ltd.) C:\Programme\Huawei Modems\DataCardMonitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(McAfee, Inc.) C:\Programme\McAfee\Common Framework\udaterui.exe
(FUJITSU LIMITED) C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Addon\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
(Intel Corporation) C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Birdstep Technology) C:\Programme\T-Mobile\web'n'walk Manager\AutoUpdateSrv.exe
(InterVideo Inc.) C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
(Juniper Networks) C:\Programme\Juniper Networks\Common Files\dsNcService.exe
(OptionNV) C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
(Intel Corporation) C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(matrix42 AG) C:\WINDOWS\system32\EMPIRUM\empautsvc.exe
(McAfee, Inc.) C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) c:\Programme\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(IBM Corp) C:\program files\lotus\notes7.0.2\ntmulti.exe
(Fujitsu Siemens Computers) C:\Programme\Fujitsu Siemens Computers\NCWatch\NCWatch.exe
(matrix42 AG) C:\WINDOWS\system32\EMPIRUM\SetupSvc.exe
(McAfee, Inc.) C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
(matrix42 AG) C:\WINDOWS\system32\EMPIRUM\SwDepot.exe
(McAfee, Inc.) C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) c:\Programme\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) c:\Programme\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) c:\Programme\McAfee\Common Framework\McScript_InUse.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Programme\Synaptics\SynTP\SynTPEnh.exe [761946 2006-08-16] (Synaptics, Inc.)
HKLM\...\Run: [AGRSMMSG] - C:\Windows\AGRSMMSG.exe [88365 2006-07-12] (Agere Systems)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [15691264 2005-12-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [_UserEnv] - C:\WINDOWS\system32\EMPIRUM\env.exe [53248 2004-10-18] (matrix42 AG)
HKLM\...\Run: [RunSWDepot1] - SWDEPOT /WU /S /T /Q
HKLM\...\Run: [DataCardMonitor] - C:\Programme\Huawei Modems\DataCardMonitor.exe [249856 2008-11-06] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [McAfeeUpdaterUI] - c:\Programme\McAfee\Common Framework\udaterui.exe [136512 2009-09-25] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] - c:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2009-10-15] (McAfee, Inc.)
HKLM\...\Run: [IndicatorUtility] - C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [81920 2005-08-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFUJ02E3] - c:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe [80688 2006-11-17] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Addon\Fujitsu\Application Panel\QuickTouch.exe [353792 2005-07-21] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe [61440 2005-07-21] (FUJITSU LIMITED)
HKLM\...\Run: [IAAnotif] - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe [139264 2005-10-12] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - c:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - c:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\FJWSEL: C:\Windows\system32\FJWSWNP.dll (FUJITSU LIMITED)
HKLM\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://employees.vionfood.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employees.vionfood.com/dana-cached/sc/JuniperSetupClient.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: t-mobile - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jw5untiz.default-1381080832279
FF DefaultSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - c:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 dsNcService; C:\Programme\Juniper Networks\Common Files\dsNcService.exe [660848 2010-12-16] (Juniper Networks)
R2 GtFlashSwitch; C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [176128 2007-02-09] (OptionNV)
S2 gupdate1c992011e9ef008; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-02-18] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-02-18] (Google Inc.)
R2 IAANTMon; C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-10-12] (Intel Corporation)
R2 Lotus Notes Single Logon; C:\program files\lotus\notes7.0.2\nslsvice.exe [7680 2006-09-27] (IBM Corp)
S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 MATRIXAUT; C:\WINDOWS\system32\EMPIRUM\empautsvc.exe [73728 2005-02-09] (matrix42 AG)
R2 McAfeeEngineService; C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe [21256 2009-08-31] (McAfee, Inc.)
R2 McAfeeFramework; c:\Programme\McAfee\Common Framework\FrameworkService.exe [120128 2009-09-25] (McAfee, Inc.)
R2 McShield; C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe [146448 2009-08-31] (McAfee, Inc.)
R2 McTaskManager; C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2009-10-15] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [70728 2009-08-31] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [118680 2013-10-03] (Mozilla Foundation)
R2 Multi-user Cleanup Service; C:\program files\lotus\notes7.0.2\ntmulti.exe [53248 2006-09-27] (IBM Corp)
R2 NCWatch; C:\Programme\Fujitsu Siemens Computers\NCWatch\NCWatch.exe [204800 2006-04-07] (Fujitsu Siemens Computers)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 SetupService; C:\WINDOWS\system32\EMPIRUM\SetupSvc.exe [118784 2005-12-07] (matrix42 AG)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 AF15BDA; C:\Windows\System32\Drivers\AF15BDA.sys [283776 2007-12-18] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 BtnHnd; C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys [21120 2005-07-21] (FUJITSU LIMITED)
S3 cpudrv; c:\Programme\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-12-16] (Juniper Networks)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5248 2004-12-14] (FUJITSU LIMITED)
R3 FUJ02E1; C:\Windows\System32\Drivers\FUJ02E1.sys [5632 2006-08-08] (Fujitsu Limited)
R3 GTF32BUS; C:\Windows\System32\DRIVERS\gtf32bus.sys [35200 2007-01-15] (Option N.V.)
R3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-01-15] (Option N.V.)
S3 GTSCSER; C:\Windows\System32\DRIVERS\gtscser.sys [21248 2007-03-08] (Option N.V.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-08] (Malwarebytes Corporation)
R3 mdvdrv; C:\Windows\System32\DRIVERS\mdvdrv.sys [115200 2007-05-31] ()
R2 mdvrmng; C:\WINDOWS\system32\drivers\mdvrmng.sys [10240 2007-05-28] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-08-31] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91672 2009-08-31] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-08-31] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343664 2009-08-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65448 2009-08-31] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63728 2009-08-31] (McAfee, Inc.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NEOFLTR_700_17289; C:\WINDOWS\system32\Drivers\NEOFLTR_700_17289.SYS [84336 2010-12-16] (Juniper Networks)
S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscr.sys [92561 2006-07-11] (O2Micro)
S3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-06-10] (Funk Software, Inc.)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\Windows\System32\DRIVERS\smcirda.sys [35913 2001-08-18] (SMC)
R2 SniDmi; C:\WINDOWS\system32\drivers\snidmi.sys [15104 2007-05-15] (Fujitsu Siemens Computers)
R3 TDAdapter; C:\Windows\System32\DRIVERS\TDPPPoE.sys [37264 2003-11-26] (T-Systems Nova GmbH, Berkom Berlin)
R3 TDDIWAN; C:\Windows\System32\DRIVERS\WTDDI.SYS [162688 2006-01-25] (T-Systems Nova GmbH)
S3 TDProtocol; C:\Windows\System32\DRIVERS [0 2013-10-08] ()
R2 vnccom; C:\Windows\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft)
R3 vncdrv; C:\Windows\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft)
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [248832 2006-07-06] (Marvell)
S3 catchme; \??\c:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
S3 NAVAP; \??\c:\Programme\NavNT\NAVAP.sys [x]
S2 NAVAPEL; \??\c:\Programme\NavNT\NAVAPEL.SYS [x]
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [x]
U1 ntqs61ep; \??\C:\WINDOWS\system32\ntqs61ep.sys [x]
S3 PCASp50; System32\Drivers\PCASp50.sys [x]
S3 PEEK5; \??\D:\TESTPR~1\NETSTU~1\Aircrack\AIRCRA~1.41\win32\PEEK5.SYS [x]
S4 s24trans; system32\DRIVERS\s24trans.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 17:36 - 2013-10-08 17:36 - 01087213 _____ (Farbar) c:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-10-07 14:10 - 2013-10-08 16:54 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-07 13:50 - 2013-10-07 13:50 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-10-07 13:28 - 2013-10-07 13:28 - 00000000 _____ C:\autoexec.bat
2013-10-07 13:27 - 2013-10-07 13:27 - 00000000 ____D C:\Programme\Enigma Software Group
2013-10-07 13:26 - 2013-10-07 13:26 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-10-06 18:17 - 2013-10-07 09:01 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-10-03 19:27 - 2013-10-07 09:01 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-09-21 17:57 - 2013-09-21 17:57 - 00006433 _____ c:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
2013-09-21 17:20 - 2013-09-21 17:20 - 00000000 ____D c:\Dokumente und Einstellungen\Administrator\.thumbnails
2013-09-15 16:52 - 2013-09-15 16:52 - 00000000 ____D C:\_OTL
2013-09-13 15:38 - 2013-09-13 15:40 - 00000000 ____D C:\FRST
2013-09-13 15:33 - 2013-09-20 16:42 - 00000000 ____D C:\Quarantine
2013-09-13 14:24 - 2013-09-13 14:45 - 00000000 ___SD C:\ComboFix
2013-09-11 16:09 - 2013-09-11 16:09 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-11 15:51 - 2013-10-07 09:35 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified Files and Folders =======

2013-10-08 17:36 - 2013-10-08 17:36 - 01087213 _____ (Farbar) c:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-10-08 17:28 - 2007-05-27 17:15 - 00000000 __SHD c:\Dokumente und Einstellungen\Administrator\UserData
2013-10-08 17:28 - 2007-05-15 10:26 - 00000000 ____D c:\Dokumente und Einstellungen\Administrator
2013-10-08 17:25 - 2007-05-15 10:21 - 01200705 ____N C:\WINDOWS\WindowsUpdate.log
2013-10-08 17:22 - 2007-05-15 11:15 - 00000000 ___RD C:\Programme
2013-10-08 17:21 - 2007-05-15 11:15 - 01205234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-08 17:21 - 1980-01-01 01:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-08 17:20 - 2013-05-02 17:04 - 00000320 _____ C:\WINDOWS\Tasks\Vyjr.job
2013-10-08 17:20 - 2009-07-02 19:08 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 17:20 - 2007-05-15 10:27 - 00000000 ____D C:\WINDOWS\system32\Lang
2013-10-08 17:20 - 2007-05-15 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-08 17:19 - 2007-05-15 10:26 - 00032446 ____N C:\WINDOWS\SchedLgU.Txt
2013-10-08 17:19 - 2007-05-15 10:26 - 00000300 ___SH c:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-10-08 17:13 - 2012-04-13 21:00 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-08 16:54 - 2013-10-07 14:10 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-08 16:42 - 2007-05-15 11:15 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared
2013-10-08 16:41 - 2009-07-02 19:08 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 16:27 - 2009-02-08 11:39 - 00002607 _____ c:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
2013-10-07 13:50 - 2013-10-07 13:50 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-10-07 13:28 - 2013-10-07 13:28 - 00000000 _____ C:\autoexec.bat
2013-10-07 13:27 - 2013-10-07 13:27 - 00000000 ____D C:\Programme\Enigma Software Group
2013-10-07 13:26 - 2013-10-07 13:26 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-10-07 09:35 - 2013-09-11 15:51 - 00000000 ____D C:\AdwCleaner
2013-10-07 09:01 - 2013-10-06 18:17 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-10-07 09:01 - 2013-10-03 19:27 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-10-06 18:48 - 2008-10-15 20:09 - 00000702 _____ c:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-10-06 18:19 - 2007-05-15 10:27 - 00000000 ____D c:\Dokumente und Einstellungen\EmpInstWs
2013-10-06 18:19 - 2007-05-15 10:26 - 00000000 __SHD c:\Dokumente und Einstellungen\NetworkService
2013-10-06 18:19 - 2007-05-15 10:26 - 00000000 __SHD c:\Dokumente und Einstellungen\LocalService
2013-10-06 18:18 - 2007-05-15 10:20 - 00000000 ____D C:\WINDOWS\Registration
2013-10-06 18:17 - 2011-05-14 21:32 - 00000000 __HDC C:\WINDOWS\ie7
2013-10-06 18:15 - 2007-05-15 10:20 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-06 18:11 - 2011-05-14 21:33 - 00000000 ____D C:\WINDOWS\ie7updates
2013-10-06 18:10 - 2008-09-28 11:26 - 00000000 ____D C:\WINDOWS\system32\de-de
2013-10-06 18:10 - 2007-05-15 11:09 - 00000000 ____D C:\WINDOWS\Help
2013-09-21 17:57 - 2013-09-21 17:57 - 00006433 _____ c:\Dokumente und Einstellungen\Administrator\.recently-used.xbel
2013-09-21 17:57 - 2011-12-03 17:24 - 00000000 ____D c:\Dokumente und Einstellungen\Administrator\.gimp-2.6
2013-09-21 17:20 - 2013-09-21 17:20 - 00000000 ____D c:\Dokumente und Einstellungen\Administrator\.thumbnails
2013-09-20 16:57 - 1980-01-01 01:00 - 00000435 _____ C:\WINDOWS\system.ini
2013-09-20 16:55 - 2011-11-29 18:27 - 00000490 _____ c:\Dokumente und Einstellungen\Administrator\Desktop\Ski Challenge 2012  starten.lnk
2013-09-20 16:51 - 2012-12-04 19:06 - 00001564 _____ c:\Dokumente und Einstellungen\Administrator\Desktop\Ski Challenge 2013 starten.lnk
2013-09-20 16:51 - 2010-01-25 22:30 - 00001487 _____ c:\Dokumente und Einstellungen\Administrator\Desktop\Game Alarm.lnk
2013-09-20 16:50 - 2010-01-01 17:23 - 00000000 ____D C:\Spiele
2013-09-20 16:42 - 2013-09-13 15:33 - 00000000 ____D C:\Quarantine
2013-09-20 15:13 - 2012-04-13 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-20 15:13 - 2011-07-21 14:27 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-15 16:52 - 2013-09-15 16:52 - 00000000 ____D C:\_OTL
2013-09-13 15:40 - 2013-09-13 15:38 - 00000000 ____D C:\FRST
2013-09-13 15:01 - 2010-01-25 22:26 - 00000000 ____D C:\Games
2013-09-13 14:45 - 2013-09-13 14:24 - 00000000 ___SD C:\ComboFix
2013-09-13 14:26 - 2013-09-07 09:28 - 00000000 ____D C:\Qoobox
2013-09-11 16:09 - 2013-09-11 16:09 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-11 15:59 - 2009-04-16 20:16 - 00000731 _____ c:\Dokumente und Einstellungen\Administrator\Desktop\DV90 Forms6 WTS.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[1980-01-01 01:00] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[1980-01-01 01:00] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[1980-01-01 01:00] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[1980-01-01 01:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[1980-01-01 01:00] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[1980-01-01 01:00] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[1980-01-01 01:00] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== End Of Log ============================

--- --- ---

schrauber · 09.10.2013, 08:19

Zitat:

Er ließ sich leider nicht zurücksetzen.

Geht das genauer? JEDER Router lässt sich zurücksetzen.

21.09.2013, 21:10	#18
schrauber /// the machine /// TB-Ausbilder	Wie entferne ich den ihavenet-Trojaner? Supi, noch Probleme? __________________ __________________

22.09.2013, 13:32	#20
schrauber /// the machine /// TB-Ausbilder	Wie entferne ich den ihavenet-Trojaner? welche Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

22.09.2013, 18:56	#22
schrauber /// the machine /// TB-Ausbilder	Wie entferne ich den ihavenet-Trojaner? in allen Browsern? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Wie entferne ich den ihavenet-Trojaner?

Plagegeister aller Art und deren Bekämpfung: Wie entferne ich den ihavenet-Trojaner?