| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ungewöhnlicher DatentransferWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.09.2013, 21:59
| #1 |
 |  ungewöhnlicher Datentransfer Hello again! Leider brauche ich schon wieder Eure fachliche Hilfe. Ich bilde mir ein, daß mein PC seit kurzem langsamer ist als sonst und wenn ich versuche, über meinen TOR Browser ins Netz zu gehen, muß ich wegen ungewöhnlichem Datentransfer ein Captcha ausfüllen. Kaspersky und MBam finden allerdings nichts. Ich hoffe, ich habe nichts falsch gemacht, aber ich habe einfach schon einmal die ersten Schritten des letzten Males wiederholt, damit ich Euch ein paar Logs zeigen kann. Code:
ATTFilter OTL Extras logfile created on: 13.09.2013 20:58:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,97 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,82% Memory free
3,82 Gb Paging File | 3,07 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,69 Gb Total Space | 7,68 Gb Free Space | 10,01% Space Free | Partition Type: NTFS
Drive D: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 76,68 Gb Total Space | 7,38 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
Computer Name: XXX | User Name: ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [1a-farbbilder-Fotowelt] -- "C:\Programme\1a-farbbilder\1a-farbbilder-Fotowelt\1a-farbbilder-Fotowelt.exe" "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Programme\1a-farbbilder\1a-farbbilder-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "E:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OpenAsAWebSite] -- C:\Programme\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Microsoft Games\Age of Empires Online\Spartan.exe" = C:\Programme\Microsoft Games\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online -- (Microsoft Studios)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}" = MySQL Connector/ODBC 5.1
"{3B2BEBFF-32B8-471D-9422-039A8F19C87E}" = Microsoft WebMatrix
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.78
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}" = Webtools von Microsoft SQL Server Compact 4.0 DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{920DF926-D85A-4ED9-8F4D-7D98F0EAF2C6}" = CEWE FOTOBUCH PRO
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A39DAD32-3515-438D-8617-F8AE2A301031}" = Nero 8
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
"{BE7DB168-4B8C-11D4-A5A5-00105A13D95C}" = KISS Psycho Circus - The Nightmare Child
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B227BD-3CAD-430D-A036-6B9B3AA2341F}_is1" = Jewel Master - Collector's Edition
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}" = Microsoft SQL Server Compact 4.0 DEU
"{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}" = Intel(R) Network Connections 16.2.49.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"1a-farbbilder-Fotowelt" = 1a-farbbilder-Fotowelt
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CloneDVD" = CloneDVD
"Creative Launcher" = Creative Launcher
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.7.3
"Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
"Free Studio_is1" = Free Studio version 5.2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.5.628
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HDR projects elements_is1" = HDR projects elements (32-Bit)
"ie8" = Windows Internet Explorer 8
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Jewel Quest III" = Jewel Quest III (nur deinstallation)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 23.0 (x86 de)" = Mozilla Firefox 23.0 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"New LEGO Digital Designer" = LEGO Digital Designer
"Opera 12.16.1860" = Opera 12.16
"S2TNG" = Die Siedler II - Die nächste Generation
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Um die Welt in 80 Tagen_is1" = Um die Welt in 80 Tagen 1.0
"UnityWebPlayer" = Unity Web Player (All users)
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.8
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Opera 16.0.1196.62" = Opera Stable 16.0.1196.62
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Opera 16.0.1196.62" = Opera Stable 16.0.1196.62
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"New LEGO Digital Designer" = LEGO Digital Designer
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2013 10:03:52 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.08.2013 13:53:32 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung psi.exe, Version 3.0.0.6005, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.08.2013 06:23:44 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.08.2013 06:23:45 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.08.2013 09:16:54 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tbb-firefox.exe, Version 17.0.7.4920, fehlgeschlagenes
Modul nspr4.dll, Version 4.9.5.0, Fehleradresse 0x0002a69a.
Error - 20.08.2013 17:01:05 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.08.2013 14:50:51 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 12.16.1860.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2013 11:52:33 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Paint Shop Pro X.exe, Version 10.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.08.2013 14:10:27 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.09.2013 14:08:44 | Computer Name = XXX | Source = MsiInstaller | ID = 11722
Description = Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem
with this Windows Installer package. A program run as part of the setup did not
finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1,
location: C:\WINDOWS\TEMP\InstallAX_11_8_800_94.exe, command: -install -msi
[ System Events ]
Error - 13.09.2013 14:05:19 | Computer Name = XXX | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "SMR162.SYS" auf Volume "HarddiskVolume2"
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000243" aufgetreten.
Die Volumeüberwachung wurde angehalten.
Error - 13.09.2013 14:07:26 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde nicht ordnungsgemäß
gestartet.
Error - 13.09.2013 14:07:26 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lkbdhlpr
Error - 13.09.2013 14:08:04 | Computer Name = XXX | Source = HTTP | ID = 15005
Description = Der zugrunde liegende Transport für 0.0.0.0:80 kann nicht gebunden
werden. Möglicherweise enthält die Liste nur zum Abhören von IP einen Verweis auf
eine Schnittstelle, die gegebenenfalls auf diesem Computer nicht vorhanden ist.
Das Datenfeld enthält die Fehlernummer.
Error - 13.09.2013 14:08:11 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde mit folgendem Fehler
beendet: %%2148734208
Error - 13.09.2013 14:09:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: 1 (0x1).
Error - 13.09.2013 14:13:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde nicht ordnungsgemäß
gestartet.
Error - 13.09.2013 14:13:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lkbdhlpr
Error - 13.09.2013 14:13:42 | Computer Name = XXX | Source = HTTP | ID = 15005
Description = Der zugrunde liegende Transport für 0.0.0.0:80 kann nicht gebunden
werden. Möglicherweise enthält die Liste nur zum Abhören von IP einen Verweis auf
eine Schnittstelle, die gegebenenfalls auf diesem Computer nicht vorhanden ist.
Das Datenfeld enthält die Fehlernummer.
Error - 13.09.2013 14:13:48 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde mit folgendem Fehler
beendet: %%2148734208
< End of report >
Code:
ATTFilter OTL logfile created on: 13.09.2013 20:58:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,97 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,82% Memory free 3,82 Gb Paging File | 3,07 Gb Available in Paging File | 80,35% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,69 Gb Total Space | 7,68 Gb Free Space | 10,01% Space Free | Partition Type: NTFS Drive D: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 76,68 Gb Total Space | 7,38 Gb Free Space | 9,63% Space Free | Partition Type: NTFS Computer Name: XXX | User Name: ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.09.13 20:56:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads\OTL.exe PRC - [2013.06.27 18:37:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.04.17 23:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2012.10.31 19:46:45 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- E:\xampp\apache\bin\httpd.exe PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- e:\xampp\apache\bin\httpd.exe PRC - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- e:\xampp\mysql\bin\mysqld.exe PRC - [2011.06.07 21:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- e:\xampp\FileZillaFTP\FileZillaServer.exe PRC - [2011.02.28 14:19:34 | 000,109,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.07.31 04:02:00 | 000,370,756 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2004.03.18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\iTouch\iTouch.exe PRC - [2003.07.07 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE PRC - [2002.07.02 17:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE PRC - [2001.08.18 05:54:48 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe PRC - [1998.07.16 01:00:00 | 000,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE ========== Modules (No Company Name) ========== MOD - [2013.08.07 21:25:24 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Programme\BillP Studios\WinPatrol\sqlite3.dll MOD - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- e:\xampp\mysql\bin\mysqld.exe MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe ========== Services (SafeList) ========== SRV - [2013.09.10 21:07:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.08.25 17:41:37 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.27 18:37:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.10.31 19:46:45 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- e:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- e:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2011.06.07 21:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- e:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2011.04.01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc) SRV - [2011.02.28 14:19:34 | 000,109,728 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2007.08.21 14:52:54 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.07.31 04:02:00 | 000,370,756 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [File_System | System | Stopped] -- System32\Drivers\lkbdhlpr.sys -- (lkbdhlpr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ich\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2013.09.13 20:07:28 | 000,076,920 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR162.SYS -- (SMR162) DRV - [2013.02.07 14:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2011.08.26 19:24:09 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.09.14 18:00:32 | 006,143,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2006.07.31 04:02:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2004.03.10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2004.03.03 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb) DRV - [2003.09.29 22:32:59 | 000,022,912 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2003.06.30 09:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) DRV - [2003.06.30 09:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) DRV - [2003.06.30 09:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2) DRV - [2003.03.28 17:25:51 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2002.07.19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2002.07.19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2002.07.19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2002.07.19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2001.08.17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) DRV - [2001.08.17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) DRV - [2001.08.17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) DRV - [2001.08.17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://dl.dropboxusercontent.com/u/20374210/DVD-Sammlung/1_DVD-Sammlung.htm" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013.09.13 20:11:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.09.12 18:59:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.08.06 19:52:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.05.17 15:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions [2011.05.17 15:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 16:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions [2012.04.18 22:25:08 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012.04.18 22:25:06 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012.04.18 22:25:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.04.18 22:25:11 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2012.04.18 22:25:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org [2012.04.18 22:25:11 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2012.04.19 18:41:59 | 000,521,968 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.09.03 20:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.09.03 20:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.09.03 20:14:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013.09.03 20:14:48 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013.09.13 20:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.09.13 20:18:58 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2013.04.22 17:56:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AudioHQ] C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [DevconDefaultDB] C:\WINDOWS\READREG.exe (Creative Technology Limited) O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Jet Detection] C:\Programme\Creative\SBLive\Program\ADGJDet.exe () O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O15 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367309301468 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61424811-3BDF-4320-B251-79142E7C3D97}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.05.16 12:35:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006.12.21 21:48:13 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.09.13 20:07:28 | 000,076,920 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR162.SYS [2013.09.12 20:48:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.09.03 20:14:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.08.28 18:43:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Programs [1 C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.09.13 21:06:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.09.13 21:06:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.09.13 21:06:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.09.13 20:19:20 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.09.13 20:11:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.09.13 20:10:57 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2013.09.13 20:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.09.13 20:07:28 | 000,076,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR162.SYS [2013.09.12 20:54:37 | 000,481,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.09.12 20:06:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.09.12 18:44:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.09.09 19:39:27 | 000,001,004 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2013.08.25 17:25:04 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\Dropbox.lnk [2013.08.23 18:43:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.08.20 18:38:26 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [1 C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 19:10:47 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.02.12 12:39:40 | 000,000,518 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.08.28 00:12:12 | 000,362,078 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-329068152-1958367476-1177238915-1003-0.dat [2011.05.30 19:14:32 | 000,103,444 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\default.pls [2011.05.22 22:49:22 | 000,362,078 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.05.18 22:04:45 | 000,140,288 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.05.20 19:22:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.02.17 15:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-13 22:44:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c HDS722580VLAT20 rev.V32OA60A 76,69GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\ich\LOKALE~1\Temp\awliykog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA8438FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA84398B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA8452AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA8439E26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA8439D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA8452E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA843A056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA843A21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA8438D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA8439F3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA84395E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA8452ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA843A53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA844D084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA844E88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA84398F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA843B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA844E088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA844EA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA843A62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA844DBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA844DE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA843AB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA845130A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA8439EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA8439DA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA84391F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA843A97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA8439FD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA84390E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA844CEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA844E698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA8451500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA843AEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA844E488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA843A7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA844D198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA844D80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA8453048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA8452F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA84530B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA844DA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA843B3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA844D33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA844D4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA844D670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA8452C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA8439756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA843A3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA843B010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA844E248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA843B104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA843B23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA843A45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA8439392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA84392EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA843AD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA843947C]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EA000 5 Bytes JMP A842B9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE8DE 5 Bytes JMP A842BDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 24DC 80501D38 12 Bytes [06, 2E, 45, A8, 56, A0, 43, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2528 80501D84 8 Bytes [8E, E8, 44, A8, F6, 98, 43, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2548 80501DA4 4 Bytes JMP 9384A844
.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501E04 12 Bytes [2E, A6, 43, A8, C0, DB, 44, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2624 80501E80 4 Bytes CALL DAF86215
.text ...
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\Explorer.EXE[652] SHELL32.dll!SHFileOperationW 7E720984 5 Bytes JMP 00C11102 C:\Programme\Unlocker\UnlockerHook.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- EOF - GMER 2.1 ----
|
|
14.09.2013, 06:06
| #2 |
| /// the machine /// TB-Ausbilder    | ungewöhnlicher Datentransfer hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.09.2013, 11:10
| #3 |
| | ungewöhnlicher Datentransfer Guten Morgen Schrauber,
__________________vielen Dank für die schnelle Hilfe. Hier sind die Logs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04
Ran by ich (administrator) on XXX on 14-09-2013 11:57:34
Running from C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Creative Technology Ltd.) C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Logitech Inc.) C:\Programme\Logitech\iTouch\iTouch.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Programme\Unlocker\UnlockerAssistant.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(BillP Studios) C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
(Secunia) C:\Programme\Secunia\PSI\psi_tray.exe
(Logitech Inc.) C:\Programme\Logitech\MouseWare\system\em_exec.exe
(Apache Software Foundation) e:\xampp\apache\bin\httpd.exe
(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(AVM Berlin) C:\Programme\avmwlanstick\WlanNetService.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(FileZilla Project) e:\xampp\filezillaftp\filezillaserver.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
() e:\xampp\mysql\bin\mysqld.exe
(Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Programme\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(Secunia) C:\Programme\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVMWlanClient] - C:\Programme\avmwlanstick\wlangui.exe [1544192 2006-07-31] (AVM Berlin)
HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-09-10] (Nero AG)
HKLM\...\Run: [AudioHQ] - C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE [191488 1998-07-16] (Creative Technology Ltd.)
HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] - C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
HKLM\...\Run: [DevconDefaultDB] - C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
HKLM\...\Run: [zBrowser Launcher] - C:\Programme\Logitech\iTouch\iTouch.exe [892928 2004-03-18] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] - C:\Windows\Logi_MwX.Exe [19968 2003-06-30] (Logitech Inc.)
HKLM\...\Run: [ElbyCheckAnyDVD] - C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe [45056 2003-09-20] (Elaborate Bytes AG)
HKLM\...\Run: [CloneDVDElbyDelay] - C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [PDFPrint] - C:\Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [WinPatrol] - C:\Programme\BillP Studios\WinPatrol\winpatrol.exe [422632 2013-04-17] (BillP Studios)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\gaq2t0g5.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @unity3d.com/UnityPlayer,version=1.0 - C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Modul zur Link-Untersuchung - C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
========================== Services (Whitelisted) =================
R2 Apache2.2; e:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [370756 2006-07-31] (AVM Berlin)
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 FileZilla Server; e:\xampp\filezillaftp\filezillaserver.exe [630272 2011-06-07] (FileZilla Project)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-25] (Mozilla Foundation)
S2 MsDepSvc; C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 mysql; e:\xampp\mysql\bin\my.ini [5396 2012-01-29] ()
R2 Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-09-10] (Nero AG)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [382248 2007-08-21] (Nero AG)
R2 Secunia PSI Agent; C:\Programme\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Programme\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 wlidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE [1529728 2009-08-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [22912 2003-09-29] (SlySoft, Inc.)
S3 cpudrv; C:\Programme\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-09-15] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3840 2003-03-28] (Elaborate Bytes)
R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-07-31] (AVM GmbH)
R3 itchfltr; C:\Windows\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [565552 2011-04-20] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [34608 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-11-02] (Kaspersky Lab)
R3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [53870 2003-06-30] (Logitech, Inc.)
S3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2004-03-03] (Logitech, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R1 vmm; C:\WINDOWS\system32\Drivers\vmm.sys [229208 2011-08-26] (Microsoft Corporation)
S3 catchme; \??\C:\DOKUME~1\ich\LOKALE~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U4 L8042PRT;
S1 lkbdhlpr; System32\Drivers\lkbdhlpr.sys [x]
U1 sermouse;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-12 20:48 - 2013-09-12 20:49 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 18:56 - 2013-09-12 20:06 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 18:56 - 2013-09-12 20:06 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 18:55 - 2013-09-12 20:06 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-03 20:14 - 2013-09-14 11:19 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
==================== One Month Modified Files and Folders =======
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-14 11:29 - 2011-05-16 13:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-09-14 11:19 - 2013-09-03 20:14 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-09-14 11:19 - 2013-08-09 21:44 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-09-14 11:19 - 2012-05-06 10:08 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-09-14 11:19 - 2011-05-17 15:14 - 00000702 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-09-14 11:18 - 2011-05-16 12:33 - 01948147 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-14 11:12 - 2011-05-20 20:13 - 00000051 _____ C:\WINDOWS\iTouch.ini
2013-09-14 11:12 - 2011-05-16 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-13 23:28 - 2011-06-02 13:24 - 00000266 _____ C:\WINDOWS\wiadebug.log
2013-09-13 23:28 - 2011-06-02 13:24 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-13 23:28 - 2011-05-16 13:22 - 00000190 ___SH C:\Dokumente und Einstellungen\ich\ntuser.ini
2013-09-13 23:28 - 2011-05-16 13:17 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-13 23:27 - 2011-05-18 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\8_Video
2013-09-13 23:06 - 2011-05-18 19:11 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\3_Bands
2013-09-13 23:05 - 2012-04-01 10:06 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-13 23:03 - 2011-06-02 13:22 - 00382766 _____ C:\WINDOWS\setupapi.log
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-13 21:28 - 2011-05-17 15:19 - 00000000 ____D C:\Programme\Opera
2013-09-13 21:28 - 2011-05-16 13:22 - 00000000 ____D C:\Dokumente und Einstellungen\ich
2013-09-13 21:06 - 2012-04-01 10:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 21:06 - 2011-05-18 19:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 20:20 - 2012-01-15 00:47 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\NPE
2013-09-13 20:20 - 2011-05-18 21:02 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet
2013-09-13 20:11 - 2011-05-16 13:52 - 00000327 __RSH C:\boot.ini
2013-09-13 19:23 - 2007-02-15 20:38 - 20208640 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\Medien-Liste.xls
2013-09-13 19:14 - 2008-10-08 22:01 - 00097280 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\X-Mas 2008.xls
2013-09-12 20:54 - 2011-05-16 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961501$
2013-09-12 20:54 - 2011-05-16 12:54 - 00481928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 20:49 - 2013-09-12 20:48 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:14 - 2013-04-27 20:43 - 00000000 ____D C:\Programme\SpywareBlaster
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:07 - 2011-06-13 11:08 - 00061960 _____ C:\WINDOWS\updspapi.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00844196 _____ C:\WINDOWS\iis6.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00782279 _____ C:\WINDOWS\FaxSetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00372584 _____ C:\WINDOWS\ocgen.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00355466 _____ C:\WINDOWS\tsoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00258335 _____ C:\WINDOWS\comsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00238832 _____ C:\WINDOWS\msmqinst.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00156262 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00136458 _____ C:\WINDOWS\netfxocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00053550 _____ C:\WINDOWS\MedCtrOC.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00042750 _____ C:\WINDOWS\ocmsn.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00039186 _____ C:\WINDOWS\tabletoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00038934 _____ C:\WINDOWS\msgsocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-12 20:07 - 2011-05-16 14:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 20:06 - 2013-09-12 18:56 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 20:06 - 2013-09-12 18:56 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 20:06 - 2013-09-12 18:55 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-12 20:06 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-12 20:04 - 2013-07-11 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-12 20:00 - 2011-05-16 14:33 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-12 19:41 - 2011-05-18 21:21 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\My PSP Files
2013-09-12 18:59 - 2011-07-03 20:21 - 00002347 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
2013-09-12 18:59 - 2011-05-16 12:54 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-09-12 18:44 - 2004-08-04 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-10 19:52 - 2011-05-18 19:05 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Webs
2013-09-09 19:39 - 2011-05-18 21:23 - 00001004 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2013-09-09 19:37 - 2011-05-16 13:22 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Bilder
2013-09-07 12:58 - 2011-05-22 17:09 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
2013-09-07 12:36 - 2011-05-16 12:55 - 00000000 ___RD C:\Programme
2013-09-05 20:23 - 2012-07-14 16:41 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\FileZilla
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-26 19:53 - 2011-05-18 21:01 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\4_Musik
2013-08-25 17:43 - 2011-05-18 18:33 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox
2013-08-25 17:43 - 2011-05-18 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Dropbox
2013-08-25 17:25 - 2011-05-18 18:35 - 00001014 _____ C:\Dokumente und Einstellungen\ich\Desktop\Dropbox.lnk
2013-08-25 17:25 - 2011-05-18 18:34 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Startmenü\Programme\Dropbox
2013-08-24 21:29 - 2011-05-18 18:34 - 00178648 _____ C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-08-23 18:50 - 2012-12-29 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\vlc
2013-08-23 18:43 - 2011-05-30 19:13 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-08-20 18:38 - 2013-04-20 13:14 - 00000691 _____ C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
2013-08-18 15:30 - 2009-12-15 00:57 - 24676352 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\Kulturbesuche.xls
2013-08-18 11:39 - 2011-07-03 20:23 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Adobe
2013-08-15 19:05 - 2011-05-20 19:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\drm_dialogs.dll
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\drm_dyndata_7270006.dll
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\drm_dyndata_7300015.dll
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\SettingUpdate.exe
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 07:53] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 07:22] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04 Ran by ich at 2013-09-14 11:58:57 Running from C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 1a-farbbilder-Fotowelt (Version: 5.0.3) Adobe Flash Player 11 ActiveX (Version: 11.8.800.174) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Age of Empires Online (Version: 1.0.0000.129) ALDI NORD Bestellsoftware 4.12.2 (Version: 4.12.2) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) ANNO 1602 (Version: 1.05) AnyDVD Audacity 1.3.13 (Unicode) AVM FRITZ!WLAN CCleaner (Version: 4.00) CEWE FOTOBUCH PRO (Version: v2.1.2 (German)) CloneDVD Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) Corel Paint Shop Pro X (Version: 10.0) Creative Launcher Die Siedler II - Die nächste Generation Driver Mender (Version: 8.0.1) Dropbox (HKCU Version: 2.0.27) EVEREST Home Edition v2.20 (Version: 2.20) FileZilla Client 3.7.3 (Version: 3.7.3) Free Audio Converter version 2.3.4.920 Free Studio version 5.2.0 Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628) HDR projects elements (32-Bit) (Version: 1.22) Hotfix für Windows Media Player 11 (KB939683) Hotfix für Windows XP (KB2443685) (Version: 1) Hotfix für Windows XP (KB2570791) (Version: 1) Hotfix für Windows XP (KB2633952) (Version: 1) Hotfix für Windows XP (KB2756822) (Version: 1) Hotfix für Windows XP (KB2779562) (Version: 1) Hotfix für Windows XP (KB938759) (Version: 1) Hotfix für Windows XP (KB942288-v3) (Version: 3) Hotfix für Windows XP (KB952287) (Version: 1) Hotfix für Windows XP (KB961118) (Version: 1) IIS 7.5 Express (Version: 7.5.1070) Intel(R) Graphics Media Accelerator Driver (Version: 0.0.0.0000) Intel(R) Network Connections 16.2.49.0 (Version: 16.2.49.0) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Jewel Master - Collector's Edition Jewel Quest III (nur deinstallation) Kaspersky Internet Security 2012 (Version: 12.0.0.374) KISS Psycho Circus - The Nightmare Child KompoZer 0.8b3 LAME v3.98.3 for Audacity LEGO Digital Designer Logitech iTouch Software Logitech MouseWare 9.78 Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Mein CEWE FOTOBUCH Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft ASP.NET Web Pages - DEU (Version: 1.0.20105.0) Microsoft ASP.NET Web Pages (Version: 1.0.20105.0) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Download Manager (Version: 1.2.1) Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0) Microsoft Games for Windows Marketplace (Version: 3.5.50.0) Microsoft Office 2000 Premium (Version: 9.00.2816) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1600.1) Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1) Microsoft SQL Server System CLR Types (Version: 10.50.1600.1) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Virtual PC 2007 (Version: 6.0.156.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Web Deploy 2.0 (Version: 2.0.1070) Microsoft Web Platform Installer 3.0 (Version: 3.0.5) Microsoft WebMatrix (Version: 1.0.1073) Mozilla Firefox 23.0 (x86 de) (Version: 23.0) Mozilla Maintenance Service (Version: 23.0) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0) MySQL Connector/ODBC 5.1 (Version: 5.1.12) Nero 8 (Version: 8.0.293) Opera 12.16 (Version: 12.16.1860) PDF24 Creator 5.2.0 PowerDVD Realtek High Definition Audio Driver (Version: 5.10.0.6201) Secunia PSI (3.0.0.6005) (Version: 3.0.0.6005) Segoe UI (Version: 14.0.4327.805) Sicherheitsupdate für Microsoft Windows (KB2564958) Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1) Sicherheitsupdate für Windows Media Player (KB2378111) Sicherheitsupdate für Windows Media Player (KB2834904) Sicherheitsupdate für Windows Media Player (KB2834904-v2) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player (KB975558) Sicherheitsupdate für Windows Media Player (KB978695) Sicherheitsupdate für Windows Media Player 11 (KB954154) Sicherheitsupdate für Windows XP (KB2079403) (Version: 1) Sicherheitsupdate für Windows XP (KB2115168) (Version: 1) Sicherheitsupdate für Windows XP (KB2121546) (Version: 1) Sicherheitsupdate für Windows XP (KB2229593) (Version: 1) Sicherheitsupdate für Windows XP (KB2296011) (Version: 1) Sicherheitsupdate für Windows XP (KB2347290) (Version: 1) Sicherheitsupdate für Windows XP (KB2360937) (Version: 1) Sicherheitsupdate für Windows XP (KB2387149) (Version: 1) Sicherheitsupdate für Windows XP (KB2393802) (Version: 1) Sicherheitsupdate für Windows XP (KB2412687) (Version: 1) Sicherheitsupdate für Windows XP (KB2419632) (Version: 1) Sicherheitsupdate für Windows XP (KB2423089) (Version: 1) Sicherheitsupdate für Windows XP (KB2440591) (Version: 1) Sicherheitsupdate für Windows XP (KB2443105) (Version: 1) Sicherheitsupdate für Windows XP (KB2476490) (Version: 1) Sicherheitsupdate für Windows XP (KB2476687) (Version: 1) Sicherheitsupdate für Windows XP (KB2478960) (Version: 1) Sicherheitsupdate für Windows XP (KB2478971) (Version: 1) Sicherheitsupdate für Windows XP (KB2479943) (Version: 1) Sicherheitsupdate für Windows XP (KB2481109) (Version: 1) Sicherheitsupdate für Windows XP (KB2483185) (Version: 1) Sicherheitsupdate für Windows XP (KB2485663) (Version: 1) Sicherheitsupdate für Windows XP (KB2497640) (Version: 1) Sicherheitsupdate für Windows XP (KB2503658) (Version: 1) Sicherheitsupdate für Windows XP (KB2503665) (Version: 1) Sicherheitsupdate für Windows XP (KB2506212) (Version: 1) Sicherheitsupdate für Windows XP (KB2506223) (Version: 1) Sicherheitsupdate für Windows XP (KB2507618) (Version: 1) Sicherheitsupdate für Windows XP (KB2507938) (Version: 1) Sicherheitsupdate für Windows XP (KB2508272) (Version: 1) Sicherheitsupdate für Windows XP (KB2508429) (Version: 1) Sicherheitsupdate für Windows XP (KB2509553) (Version: 1) Sicherheitsupdate für Windows XP (KB2510581) (Version: 1) Sicherheitsupdate für Windows XP (KB2511455) (Version: 1) Sicherheitsupdate für Windows XP (KB2524375) (Version: 1) Sicherheitsupdate für Windows XP (KB2535512) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2544893) (Version: 1) Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2555917) (Version: 1) Sicherheitsupdate für Windows XP (KB2562937) (Version: 1) Sicherheitsupdate für Windows XP (KB2566454) (Version: 1) Sicherheitsupdate für Windows XP (KB2567053) (Version: 1) Sicherheitsupdate für Windows XP (KB2567680) (Version: 1) Sicherheitsupdate für Windows XP (KB2570222) (Version: 1) Sicherheitsupdate für Windows XP (KB2570947) (Version: 1) Sicherheitsupdate für Windows XP (KB2584146) (Version: 1) Sicherheitsupdate für Windows XP (KB2585542) (Version: 1) Sicherheitsupdate für Windows XP (KB2592799) (Version: 1) Sicherheitsupdate für Windows XP (KB2598479) (Version: 1) Sicherheitsupdate für Windows XP (KB2603381) (Version: 1) Sicherheitsupdate für Windows XP (KB2618451) (Version: 1) Sicherheitsupdate für Windows XP (KB2619339) (Version: 1) Sicherheitsupdate für Windows XP (KB2620712) (Version: 1) Sicherheitsupdate für Windows XP (KB2621440) (Version: 1) Sicherheitsupdate für Windows XP (KB2624667) (Version: 1) Sicherheitsupdate für Windows XP (KB2631813) (Version: 1) Sicherheitsupdate für Windows XP (KB2633171) (Version: 1) Sicherheitsupdate für Windows XP (KB2639417) (Version: 1) Sicherheitsupdate für Windows XP (KB2641653) (Version: 1) Sicherheitsupdate für Windows XP (KB2646524) (Version: 1) Sicherheitsupdate für Windows XP (KB2647518) (Version: 1) Sicherheitsupdate für Windows XP (KB2653956) (Version: 1) Sicherheitsupdate für Windows XP (KB2655992) (Version: 1) Sicherheitsupdate für Windows XP (KB2659262) (Version: 1) Sicherheitsupdate für Windows XP (KB2660465) (Version: 1) Sicherheitsupdate für Windows XP (KB2676562) (Version: 1) Sicherheitsupdate für Windows XP (KB2685939) (Version: 1) Sicherheitsupdate für Windows XP (KB2686509) (Version: 1) Sicherheitsupdate für Windows XP (KB2691442) (Version: 1) Sicherheitsupdate für Windows XP (KB2695962) (Version: 1) Sicherheitsupdate für Windows XP (KB2698365) (Version: 1) Sicherheitsupdate für Windows XP (KB2705219) (Version: 1) Sicherheitsupdate für Windows XP (KB2707511) (Version: 1) Sicherheitsupdate für Windows XP (KB2709162) (Version: 1) Sicherheitsupdate für Windows XP (KB2712808) (Version: 1) Sicherheitsupdate für Windows XP (KB2718523) (Version: 1) Sicherheitsupdate für Windows XP (KB2719985) (Version: 1) Sicherheitsupdate für Windows XP (KB2723135) (Version: 1) Sicherheitsupdate für Windows XP (KB2724197) (Version: 1) Sicherheitsupdate für Windows XP (KB2727528) (Version: 1) Sicherheitsupdate für Windows XP (KB2731847) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842) (Version: 1) Sicherheitsupdate für Windows XP (KB2753842-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2757638) (Version: 1) Sicherheitsupdate für Windows XP (KB2758857) (Version: 1) Sicherheitsupdate für Windows XP (KB2761226) (Version: 1) Sicherheitsupdate für Windows XP (KB2770660) (Version: 1) Sicherheitsupdate für Windows XP (KB2778344) (Version: 1) Sicherheitsupdate für Windows XP (KB2779030) (Version: 1) Sicherheitsupdate für Windows XP (KB2780091) (Version: 1) Sicherheitsupdate für Windows XP (KB2799494) (Version: 1) Sicherheitsupdate für Windows XP (KB2802968) (Version: 1) Sicherheitsupdate für Windows XP (KB2807986) (Version: 1) Sicherheitsupdate für Windows XP (KB2808735) (Version: 1) Sicherheitsupdate für Windows XP (KB2813170) (Version: 1) Sicherheitsupdate für Windows XP (KB2813345) (Version: 1) Sicherheitsupdate für Windows XP (KB2820197) (Version: 1) Sicherheitsupdate für Windows XP (KB2820917) (Version: 1) Sicherheitsupdate für Windows XP (KB2829361) (Version: 1) Sicherheitsupdate für Windows XP (KB2834886) (Version: 1) Sicherheitsupdate für Windows XP (KB2839229) (Version: 1) Sicherheitsupdate für Windows XP (KB2845187) (Version: 1) Sicherheitsupdate für Windows XP (KB2849470) (Version: 1) Sicherheitsupdate für Windows XP (KB2850851) (Version: 1) Sicherheitsupdate für Windows XP (KB2850869) (Version: 1) Sicherheitsupdate für Windows XP (KB2859537) (Version: 1) Sicherheitsupdate für Windows XP (KB2864063) (Version: 1) Sicherheitsupdate für Windows XP (KB2876217) (Version: 1) Sicherheitsupdate für Windows XP (KB2876315) (Version: 1) Sicherheitsupdate für Windows XP (KB923561) (Version: 1) Sicherheitsupdate für Windows XP (KB923789) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) (Version: 1) Sicherheitsupdate für Windows XP (KB950762) (Version: 1) Sicherheitsupdate für Windows XP (KB950974) (Version: 1) Sicherheitsupdate für Windows XP (KB951376-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB952004) (Version: 1) Sicherheitsupdate für Windows XP (KB952954) (Version: 1) Sicherheitsupdate für Windows XP (KB954459) (Version: 1) Sicherheitsupdate für Windows XP (KB956572) (Version: 1) Sicherheitsupdate für Windows XP (KB956744) (Version: 1) Sicherheitsupdate für Windows XP (KB956802) (Version: 1) Sicherheitsupdate für Windows XP (KB956844) (Version: 1) Sicherheitsupdate für Windows XP (KB958644) (Version: 1) Sicherheitsupdate für Windows XP (KB959426) (Version: 1) Sicherheitsupdate für Windows XP (KB960803) (Version: 1) Sicherheitsupdate für Windows XP (KB960859) (Version: 1) Sicherheitsupdate für Windows XP (KB961501) (Version: 1) Sicherheitsupdate für Windows XP (KB969059) (Version: 1) Sicherheitsupdate für Windows XP (KB970430) (Version: 1) Sicherheitsupdate für Windows XP (KB971657) (Version: 1) Sicherheitsupdate für Windows XP (KB972270) (Version: 1) Sicherheitsupdate für Windows XP (KB973507) (Version: 1) Sicherheitsupdate für Windows XP (KB973869) (Version: 1) Sicherheitsupdate für Windows XP (KB973904) (Version: 1) Sicherheitsupdate für Windows XP (KB974112) (Version: 1) Sicherheitsupdate für Windows XP (KB974318) (Version: 1) Sicherheitsupdate für Windows XP (KB974392) (Version: 1) Sicherheitsupdate für Windows XP (KB974571) (Version: 1) Sicherheitsupdate für Windows XP (KB975025) (Version: 1) Sicherheitsupdate für Windows XP (KB975467) (Version: 1) Sicherheitsupdate für Windows XP (KB975560) (Version: 1) Sicherheitsupdate für Windows XP (KB975562) (Version: 1) Sicherheitsupdate für Windows XP (KB975713) (Version: 1) Sicherheitsupdate für Windows XP (KB977816) (Version: 1) Sicherheitsupdate für Windows XP (KB977914) (Version: 1) Sicherheitsupdate für Windows XP (KB978338) (Version: 1) Sicherheitsupdate für Windows XP (KB978542) (Version: 1) Sicherheitsupdate für Windows XP (KB978601) (Version: 1) Sicherheitsupdate für Windows XP (KB978706) (Version: 1) Sicherheitsupdate für Windows XP (KB979309) (Version: 1) Sicherheitsupdate für Windows XP (KB979482) (Version: 1) Sicherheitsupdate für Windows XP (KB979687) (Version: 1) Sicherheitsupdate für Windows XP (KB980436) (Version: 1) Sicherheitsupdate für Windows XP (KB981322) (Version: 1) Sicherheitsupdate für Windows XP (KB981997) (Version: 1) Sicherheitsupdate für Windows XP (KB982132) (Version: 1) Sicherheitsupdate für Windows XP (KB982665) (Version: 1) Sound Blaster Live! Value Sound Blaster Live! Web 2K/XP SpywareBlaster 5.0 (Version: 5.0.0) System Requirements Lab for Intel (Version: 4.4.24.0) Turbo Lister 2 (Version: 2.00.0000) Um die Welt in 80 Tagen 1.0 Unity Web Player (All users) (Version: ) Unlocker 1.9.1 (Version: 1.9.1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update für Windows Internet Explorer 8 (KB2447568) (Version: 1) Update für Windows XP (KB2345886) (Version: 1) Update für Windows XP (KB2467659) (Version: 1) Update für Windows XP (KB2541763) (Version: 1) Update für Windows XP (KB2607712) (Version: 1) Update für Windows XP (KB2616676) (Version: 1) Update für Windows XP (KB2641690) (Version: 1) Update für Windows XP (KB2661254-v2) (Version: 2) Update für Windows XP (KB2718704) (Version: 1) Update für Windows XP (KB2736233) (Version: 1) Update für Windows XP (KB2749655) (Version: 1) Update für Windows XP (KB2863058) (Version: 1) Update für Windows XP (KB898461) (Version: 1) Update für Windows XP (KB951978) (Version: 1) Update für Windows XP (KB955759) (Version: 1) Update für Windows XP (KB961503) (Version: 1) Update für Windows XP (KB967715) (Version: 1) Update für Windows XP (KB968389) (Version: 1) Update für Windows XP (KB971029) (Version: 1) Update für Windows XP (KB971737) (Version: 1) Update für Windows XP (KB973687) (Version: 1) Update für Windows XP (KB973815) (Version: 1) VLC media player 2.0.8 (Version: 2.0.8) WebFldrs XP (Version: 9.50.7523) Webtools von Microsoft SQL Server Compact 4.0 DEU (Version: 4.0.8482.1) Winamp (Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows Media Format 11 runtime Windows PowerShell(TM) 1.0 (Version: 2) WinPatrol (Version: 28.0.2013.0) WinRAR 4.00 (32-Bit) (Version: 4.00.0) WISO Steuer 2012 (Version: 19.00.7303) XAMPP 1.7.7 ==================== Restore Points ========================= 14-07-2013 19:46:17 Systemprüfpunkt 16-07-2013 18:56:26 Systemprüfpunkt 21-07-2013 10:53:27 Systemprüfpunkt 28-07-2013 18:02:43 Systemprüfpunkt 30-07-2013 18:40:40 Systemprüfpunkt 09-08-2013 20:14:36 Systemprüfpunkt 11-08-2013 18:12:54 Systemprüfpunkt 13-08-2013 17:13:33 Systemprüfpunkt 14-08-2013 18:00:30 Software Distribution Service 3.0 18-08-2013 12:14:01 Systemprüfpunkt 20-08-2013 07:19:42 Systemprüfpunkt 24-08-2013 15:51:20 Systemprüfpunkt 25-08-2013 17:39:37 Systemprüfpunkt 25-08-2013 18:00:19 Software Distribution Service 3.0 27-08-2013 18:00:22 Software Distribution Service 3.0 28-08-2013 18:26:48 Systemprüfpunkt 31-08-2013 15:39:38 Systemprüfpunkt 05-09-2013 19:47:43 Systemprüfpunkt 07-09-2013 13:14:23 Systemprüfpunkt 10-09-2013 19:24:34 Systemprüfpunkt 12-09-2013 18:00:22 Software Distribution Service 3.0 12-09-2013 20:36:21 Software Distribution Service 3.0 12-09-2013 20:40:12 Software Distribution Service 3.0 13-09-2013 16:31:12 Software Distribution Service 3.0 13-09-2013 16:38:44 Software Distribution Service 3.0 13-09-2013 16:43:22 Software Distribution Service 3.0 13-09-2013 17:12:13 Software Distribution Service 3.0 13-09-2013 17:26:19 Norton_Power_Eraser_20130913192613921 13-09-2013 18:01:35 Software Distribution Service 3.0 13-09-2013 19:03:38 OTL Restore Point - 13.09.2013 21:03:28 ==================== Hosts content: ========================== 2004-08-04 14:00 - 2013-04-22 17:56 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2008-04-14 07:51 - 2009-02-27 06:56 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime 2011-04-24 23:13 - 2011-04-24 23:13 - 00229776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klogon.dll 2011-05-18 19:55 - 2007-04-30 20:00 - 00215040 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM92.DLL 2011-05-18 19:55 - 2007-04-30 20:00 - 00027136 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD92.DLL 2011-05-21 14:29 - 2008-07-06 14:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll 2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll 2013-04-27 20:41 - 2013-04-17 23:19 - 00064728 ____N (BillP Studios) C:\Programme\BillP Studios\WinPatrol\PATROLPRO.DLL 2010-07-04 23:32 - 2010-07-04 23:32 - 00004608 _____ () C:\Programme\Unlocker\UnlockerHook.dll 2013-05-26 17:53 - 2013-08-07 21:25 - 00093696 _____ () C:\Programme\FileZilla FTP Client\fzshellext.dll 2007-09-10 11:40 - 2007-09-10 11:40 - 00255272 _____ (Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBShell.dll 2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Programme\Unlocker\UnlockerCOM.dll 2011-05-23 20:24 - 2011-03-02 12:40 - 00140288 _____ () C:\Programme\WinRAR\rarext.dll 2011-10-13 20:41 - 2011-10-13 20:41 - 00180624 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\shellex.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00147856 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll 2007-08-08 09:26 - 2007-08-08 09:26 - 01803560 _____ (Nero AG) C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll 2013-09-03 15:54 - 2013-09-03 15:54 - 00301056 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU 2011-06-08 19:11 - 2010-01-14 03:48 - 00303616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc 2004-08-04 14:00 - 2004-08-04 14:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mui\0007\HHCTRLui.dll 2011-05-19 21:29 - 1998-08-19 19:27 - 00035328 _____ (Creative Technology Ltd.) C:\Programme\Creative\SBLive\AudioHQ\AHQTbRes.dll 2011-05-19 21:29 - 1998-03-19 01:00 - 00029696 _____ (Creative Technology Ltd.) C:\Programme\Creative\SBLive\AudioHQ\AHQman.dll 2011-05-16 12:56 - 2001-08-18 05:53 - 00256512 ____N (Creative Technology Ltd.) C:\WINDOWS\system32\DevCon32.dll 2011-05-20 19:26 - 2002-07-19 11:07 - 00319488 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTDEVCON.DLL 2011-05-20 19:26 - 2002-07-19 10:54 - 00155648 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\ctosuser.dll 2011-05-20 19:26 - 2002-07-19 10:55 - 00110592 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\PIAPROXY.DLL 2011-05-20 19:26 - 2002-07-19 10:53 - 00106496 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTDPROXY.DLL 2011-10-13 20:41 - 2011-10-13 20:41 - 00090512 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00012688 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avpinit.dll 2011-10-13 20:41 - 2012-10-31 19:46 - 00455096 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avpmain.dll 2011-04-24 23:13 - 2012-10-31 19:46 - 00098744 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\fssync.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00123280 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\DumpWriter.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00019856 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\CLLDR.DLL 2011-04-24 23:13 - 2011-04-24 23:13 - 00270736 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00115088 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\nfio.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00021392 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\fsdrvplg.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00038288 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\winreg.ppl 2011-04-24 23:13 - 2013-09-05 18:47 - 00274624 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\service.dll 2011-04-24 23:13 - 2013-09-05 18:47 - 00979136 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\eka_meta.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00315792 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\esmgr.dll 2011-10-13 20:41 - 2012-06-13 19:26 - 00042896 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\pxstub.ppl 2011-10-13 20:41 - 2013-09-05 18:47 - 01118400 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\params.ppl 2011-10-13 20:41 - 2013-09-05 18:47 - 04460736 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avpgui.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll 2011-10-13 20:41 - 2012-10-31 19:46 - 02154936 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\basegui.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00041360 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\thpimpl.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\memmon.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00582032 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\localization_manager.dll 2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll 2013-04-27 20:41 - 2012-12-10 03:46 - 00600868 ____N () C:\Programme\BillP Studios\WinPatrol\sqlite3.dll 2011-05-20 20:09 - 2003-07-07 09:50 - 00104960 _____ (Logitech Inc.) C:\WINDOWS\system32\COMNCTR.dll 2011-09-10 11:34 - 2011-09-10 11:34 - 00266752 _____ (Apache Software Foundation) e:\xampp\apache\bin\libhttpd.dll 2011-09-10 11:32 - 2011-09-10 11:32 - 00179712 _____ (Apache Software Foundation) e:\xampp\apache\bin\libaprutil-1.dll 2011-09-10 11:31 - 2011-09-10 11:31 - 00027136 _____ (Apache Software Foundation) e:\xampp\apache\bin\libapriconv-1.dll 2011-09-10 11:31 - 2011-09-10 11:31 - 00133120 _____ (Apache Software Foundation) e:\xampp\apache\bin\libapr-1.dll 2011-09-10 11:45 - 2011-09-10 11:45 - 00011264 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_actions.so 2011-09-10 11:45 - 2011-09-10 11:45 - 00014336 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_alias.so 2011-09-10 11:45 - 2011-09-10 11:45 - 00011264 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_asis.so 2011-09-10 11:34 - 2011-09-10 11:34 - 00012288 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_auth_basic.so 2011-09-10 11:45 - 2011-09-10 11:45 - 00025600 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_auth_digest.so 2011-09-10 11:44 - 2011-09-10 11:44 - 00009728 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authn_default.so 2011-09-10 11:44 - 2011-09-10 11:44 - 00011264 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authn_file.so 2011-09-10 11:44 - 2011-09-10 11:44 - 00009728 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authz_default.so 2011-09-10 11:44 - 2011-09-10 11:44 - 00012800 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authz_groupfile.so 2011-09-10 11:44 - 2011-09-10 11:44 - 00011776 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authz_host.so 2011-09-10 11:43 - 2011-09-10 11:43 - 00010752 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_authz_user.so 2011-09-10 11:43 - 2011-09-10 11:43 - 00029184 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_autoindex.so 2011-09-10 11:42 - 2011-09-10 11:42 - 00019968 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_cgi.so 2011-09-10 11:42 - 2011-09-10 11:42 - 00016896 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_dav_lock.so 2011-09-10 11:35 - 2011-09-10 11:35 - 00072192 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_dav.so 2011-09-10 11:50 - 2011-09-10 11:50 - 00011776 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_dir.so 2011-09-10 11:41 - 2011-09-10 11:41 - 00010752 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_env.so 2011-09-10 11:40 - 2011-09-10 11:40 - 00016384 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_headers.so 2011-09-10 11:40 - 2011-09-10 11:40 - 00035840 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_include.so 2011-09-10 11:40 - 2011-09-10 11:40 - 00019456 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_info.so 2011-09-10 11:40 - 2011-09-10 11:40 - 00024064 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_isapi.so 2011-09-10 11:39 - 2011-09-10 11:39 - 00020992 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_log_config.so 2011-09-10 11:39 - 2011-09-10 11:39 - 00016896 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_mime.so 2011-09-10 11:39 - 2011-09-10 11:39 - 00028160 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_negotiation.so 2011-09-10 11:38 - 2011-09-10 11:38 - 00059904 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_proxy.so 2011-09-10 11:38 - 2011-09-10 11:38 - 00029184 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_proxy_ajp.so 2011-09-10 11:41 - 2011-09-10 11:41 - 00048640 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_rewrite.so 2011-09-10 11:42 - 2011-09-10 11:42 - 00013312 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_setenvif.so 2011-09-10 11:52 - 2011-09-10 11:52 - 00117248 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_ssl.so 2011-09-10 11:10 - 2011-09-10 11:10 - 01098240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) e:\xampp\apache\bin\LIBEAY32.dll 2011-09-10 11:12 - 2011-09-10 11:12 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) e:\xampp\apache\bin\SSLEAY32.dll 2011-09-10 11:45 - 2011-09-10 11:45 - 00019456 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_status.so 2011-08-23 11:59 - 2011-08-23 11:59 - 05908480 _____ (The PHP Group) E:\xampp\php\php5ts.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00026624 _____ (The PHP Group) E:\xampp\php\php5apache2_2.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00864912 _____ (perl.org) E:\xampp\perl\bin\perl510.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00135824 _____ (Apache Software Foundation) E:\xampp\apache\modules\mod_perl.so 2011-08-23 11:59 - 2011-08-23 11:59 - 00060928 _____ (The PHP Group) E:\xampp\php\ext\php_bz2.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 02062336 _____ (The PHP Group) E:\xampp\php\ext\php_mbstring.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00044544 _____ (The PHP Group) E:\xampp\php\ext\php_exif.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 01057280 _____ (The PHP Group) E:\xampp\php\ext\php_gd2.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00039936 _____ (The PHP Group) E:\xampp\php\ext\php_gettext.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00818688 _____ (The PHP Group) E:\xampp\php\ext\php_imap.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00035328 _____ (The PHP Group) E:\xampp\php\ext\php_mysql.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00088064 _____ (The PHP Group) E:\xampp\php\ext\php_mysqli.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00022528 _____ (The PHP Group) E:\xampp\php\ext\php_pdo_mysql.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00022016 _____ (The PHP Group) E:\xampp\php\ext\php_pdo_odbc.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00514560 _____ (The PHP Group) E:\xampp\php\ext\php_pdo_sqlite.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00251904 _____ (The PHP Group) E:\xampp\php\ext\php_soap.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00034304 _____ (The PHP Group) E:\xampp\php\ext\php_sockets.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00246272 _____ (The PHP Group) E:\xampp\php\ext\php_sqlite.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00526848 _____ (The PHP Group) E:\xampp\php\ext\php_sqlite3.dll 2011-08-23 11:59 - 2011-08-23 11:59 - 00063488 _____ (The PHP Group) E:\xampp\php\ext\php_xmlrpc.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\ModPerl\Util\Util.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00049808 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\RequestRec\RequestRec.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00041616 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\RequestIO\RequestIO.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00041616 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\RequestUtil\RequestUtil.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Log\Log.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00037520 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\ServerRec\ServerRec.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\ServerUtil\ServerUtil.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00037520 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Connection\Connection.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Const\Const.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Const\Const.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Table\Table.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Access\Access.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Module\Module.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Response\Response.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\SubRequest\SubRequest.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00037520 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Filter\Filter.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\Util\Util.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\Apache2\URI\URI.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Date\Date.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Pool\Pool.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\URI\URI.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Util\Util.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00037520 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Brigade\Brigade.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00037520 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Bucket\Bucket.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\lib\auto\Fcntl\Fcntl.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\APR\Status\Status.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\site\lib\auto\ModPerl\Global\Global.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\lib\auto\Digest\MD5\MD5.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00029328 _____ (perl.org) E:\xampp\perl\lib\auto\Cwd\Cwd.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00041616 _____ (perl.org) E:\xampp\perl\lib\auto\Data\Dumper\Dumper.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\lib\auto\Time\HiRes\HiRes.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00041616 _____ (perl.org) E:\xampp\perl\lib\auto\SDBM_File\SDBM_File.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\lib\auto\IO\IO.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00041616 _____ (perl.org) E:\xampp\perl\lib\auto\List\Util\Util.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00033424 _____ (perl.org) E:\xampp\perl\lib\auto\File\Glob\Glob.dll 2009-12-20 00:00 - 2009-12-20 00:00 - 00115344 _____ (perl.org) E:\xampp\perl\lib\auto\Compress\Raw\Zlib\Zlib.dll 2011-05-16 12:56 - 2001-08-18 05:53 - 00256512 ____N (Creative Technology Ltd.) C:\WINDOWS\system32\DEVCON32.DLL 2011-05-20 19:26 - 2001-08-18 04:54 - 00051200 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\SFMAN32.DLL 2011-05-17 15:10 - 2006-07-31 04:02 - 00090112 ____R (AVM GmbH) C:\Programme\avmwlanstick\avmwlapi.dll 2011-05-17 15:10 - 2006-07-31 04:02 - 00139264 ____R (AVM GmbH) C:\Programme\avmwlanstick\avmsysnet.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00090512 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\propmap.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00021904 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\filemap.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00205200 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\tm.ppl 2013-09-06 18:23 - 2013-09-05 18:47 - 01790144 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\bl.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00057744 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\wmihlpr.ppl 2011-04-24 23:14 - 2013-02-01 14:19 - 00074608 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\vercheck.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00020368 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\regmap.ppl 2011-04-24 23:12 - 2011-04-24 23:12 - 00184720 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\acassembler.dll 2011-10-13 20:41 - 2011-10-13 20:41 - 00278928 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\am_facade.dll 2011-10-13 20:41 - 2011-10-13 20:41 - 00541072 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\storage.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00061840 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ndetect.ppl 2011-04-24 23:13 - 2012-10-31 19:46 - 00123320 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\crpthlpr.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\dtreg.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00028560 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\report.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00042384 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\schedule.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00020368 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\timer.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00098704 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\reportdb.ppl 2013-09-06 18:23 - 2013-09-05 18:47 - 01269952 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\lic.ppl 2011-10-13 20:44 - 2011-10-13 20:44 - 00019416 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\cbi.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00017296 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\hashmd5.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00487824 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klifpp.dll 2011-10-13 20:41 - 2012-09-03 19:05 - 00397752 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avs.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00015760 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\dmap.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00123280 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\excludemanager.dll 2011-10-13 20:41 - 2012-06-13 19:25 - 00151952 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ThreatsManager.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00074128 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qb.ppl 2013-07-29 18:41 - 2013-07-29 18:41 - 00469184 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\avengine.dll.988476f8400a3c2f30987a0ab095a448 2011-04-24 23:13 - 2011-04-24 23:13 - 00102800 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ksn_facade.dll 2013-09-12 19:01 - 2013-09-12 19:01 - 00573248 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\kavbase.kdl.ca5225ac5405c403781a75194ac31db6 2013-07-17 19:26 - 2013-07-17 19:26 - 01632256 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\klavemu.kdl.33d4094a21b474c84fafe37780a1ac43 2013-06-13 18:46 - 2013-06-13 18:46 - 00273408 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\kjim.kdl.01795aedfa570a09106a387e4ef34e1b 2013-02-12 11:47 - 2013-02-12 11:47 - 00151552 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\mark.kdl.fed411a74cc5c5dac6ac7d81339fc781 2012-06-13 19:27 - 2012-06-13 19:27 - 00178008 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51 2013-06-27 18:42 - 2013-06-27 18:42 - 00436736 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\qscan.kdl.dd55bf01982b299cb867acad1944e6b6 2013-03-26 19:55 - 2013-03-26 19:55 - 00435712 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\pbs.kdl.41dc267440bc79cb8c2216bd28f1f254 2011-04-24 23:12 - 2012-06-13 19:25 - 08331160 _____ (Kaspersky Lab) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avzkrnl.dll 2012-11-21 19:45 - 2012-11-21 19:45 - 00038400 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\arkmon.kdl.92baa7debedc6ebe803bc14bc5180ab3 2013-06-27 18:43 - 2013-06-27 18:43 - 00177664 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\kavsys.kdl.4bd2ce1e2c86bab49c5e56e0c6501110 2011-04-24 23:13 - 2011-04-24 23:13 - 00139664 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ichecker.dll 2011-10-13 20:41 - 2013-02-01 14:19 - 00373616 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\stat.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00283024 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\sandbox.ppl 2011-10-13 20:41 - 2012-06-13 19:26 - 00725392 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\procmon.ppl 2011-04-24 23:14 - 2012-06-13 19:26 - 00143760 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\netwatch.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00168336 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\oas.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00459152 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\antispam.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00840080 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\hips.ppl 2011-04-24 23:12 - 2011-04-24 23:12 - 00385424 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\CKAHUM.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00057744 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\CKAHComm.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00135568 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ckahrule.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00078224 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\CKAHStat.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00033680 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\adblock.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00037264 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ahids.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00082320 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imc.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00074128 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\mc.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00463760 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\pdm2rt.ppl 2011-10-13 20:41 - 2012-09-03 19:05 - 00565688 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\httpscan.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00029072 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\sc.ppl 2011-04-24 23:12 - 2011-04-24 23:12 - 00082320 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ekasyswatch.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00029584 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\volenum.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00053648 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\smtpprtc.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00733584 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\urlflt.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00151952 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\EXTLprtc.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00057744 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\packed_io.dll 2011-10-13 20:41 - 2013-02-01 14:19 - 00573448 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\httpanlz.ppl 2011-10-13 20:41 - 2012-10-31 19:46 - 01311160 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\trafmon2.ppl 2011-10-13 20:41 - 2012-06-13 19:26 - 00070032 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\pop3prtc.ppl 2011-10-13 20:41 - 2012-10-31 19:46 - 00553400 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\webnetstat.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00278928 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ICQprtc.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00098704 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imapprtc.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00246160 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ProcessMonitor.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00078224 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\nntpprtc.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00044432 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\sfdb.ppl 2011-09-30 18:18 - 2013-09-10 18:52 - 00369344 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\uds.dll.7d02d20a9bb6867c09459f116feac15d 2011-04-24 23:13 - 2011-04-24 23:13 - 00410000 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\format_recognizer.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00176528 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ksnhelper.dll 2011-10-13 20:41 - 2011-10-13 20:41 - 00385424 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ksn_client.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00197008 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\transport_provider.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00123280 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\CryptoStaticProvider.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00027024 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\uniarc.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00031632 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\minizip.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00078224 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\cab.ppl 2011-04-24 23:13 - 2011-04-24 23:13 - 00028560 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\arj.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00110992 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\rar.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00037776 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\lha.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00082320 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\mdb.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00106896 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\msoe.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00086416 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\mailmsg.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00078224 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\proxydet.ppl 2011-10-13 20:41 - 2013-09-05 18:47 - 01102016 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\Updater.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00135568 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\diffs.dll 2013-06-05 18:41 - 2013-06-05 18:41 - 00435712 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\bsshlp2.kdl.904c718bbe32f92d8d0c4c679ec8a7ac 2011-04-24 23:13 - 2011-04-24 23:13 - 00246160 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\MSNprtc.dll 2011-04-24 23:13 - 2012-09-03 19:05 - 01110456 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\aphishex.ppl 2011-10-12 22:16 - 2013-07-30 18:41 - 01015488 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\klavasyswatch.dll.e4b9effad09c619818171c46eb660532 2011-04-24 23:13 - 2012-10-31 19:46 - 00307640 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ksn_statistics.dll 2011-04-24 23:14 - 2011-04-24 23:14 - 00031120 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\wdiskio.ppl 2011-08-29 18:18 - 2012-09-11 18:47 - 00374144 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\pdm.kdl.be99d2031eb3aa6699eecce74df88b01 2011-10-13 20:41 - 2011-10-13 20:41 - 00070032 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\swpragueplugin.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00197008 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\JbrPrtc.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00143760 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\IRCPrtc.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00205200 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FTPprtc.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00156048 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\Yhoprtc.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00094608 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\appcat.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00197008 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\MMPprtc.dll 2011-10-13 20:41 - 2012-10-31 19:46 - 00438712 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\http_protocoller_pipeline.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00405904 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\anti_phishing_http_filter.dll 2011-04-24 23:12 - 2011-04-24 23:12 - 00242064 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\cf_response_provider.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00014736 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\buffer.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00019344 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\prseqio.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00019856 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\unlzx.ppl 2011-04-24 23:14 - 2011-04-24 23:14 - 00015760 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\mdmap.ppl 2011-10-13 20:41 - 2012-06-13 19:26 - 00782736 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\prupdate.ppl 2011-10-13 20:41 - 2011-10-13 20:41 - 00205200 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ods.ppl 2011-06-23 18:18 - 2013-08-14 18:43 - 00140288 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\sys_critical_obj.dll.27fb6ff49d2b04854f223a333b8bf972 2010-10-01 14:17 - 2010-10-01 14:17 - 00132432 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP12\Bases\Cache\dns_client.dll.69d2b6f54b8d3aae15e8112faac7979f 2007-09-10 11:40 - 2007-09-10 11:40 - 01013032 _____ (Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NB.dll 2007-09-06 13:18 - 2007-09-06 13:18 - 00136488 _____ (Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll 2007-09-10 11:40 - 2007-09-10 11:40 - 00410920 _____ (Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\LBFC.dll 2007-09-10 11:40 - 2007-09-10 11:40 - 00566568 _____ (Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBHDMgr.dll 2011-10-13 20:41 - 2012-09-03 19:05 - 00147896 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\scrchpg.dll 2011-04-24 23:13 - 2011-04-24 23:13 - 00030096 _____ (Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klscav.dll 2011-09-10 11:34 - 2011-09-10 11:34 - 00266752 _____ (Apache Software Foundation) E:\xampp\apache\bin\libhttpd.dll 2011-09-10 11:32 - 2011-09-10 11:32 - 00179712 _____ (Apache Software Foundation) E:\xampp\apache\bin\libaprutil-1.dll 2011-09-10 11:31 - 2011-09-10 11:31 - 00027136 _____ (Apache Software Foundation) E:\xampp\apache\bin\libapriconv-1.dll 2011-09-10 11:31 - 2011-09-10 11:31 - 00133120 _____ (Apache Software Foundation) E:\xampp\apache\bin\libapr-1.dll 2011-09-10 11:10 - 2011-09-10 11:10 - 01098240 _____ (The OpenSSL Project, hxxp://www.openssl.org/) E:\xampp\apache\bin\LIBEAY32.dll 2011-09-10 11:12 - 2011-09-10 11:12 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) E:\xampp\apache\bin\SSLEAY32.dll 2011-05-16 12:31 - 2008-04-14 07:24 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\WMIApRes.dll 2011-05-16 12:31 - 2008-04-14 07:52 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiprov.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34 ==================== Faulty Device Manager Devices ============= Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2013 11:26:33 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\InstallAX_11_8_800_168.exe, command: -install -msi Error: (09/13/2013 10:51:52 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (09/10/2013 08:08:44 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\InstallAX_11_8_800_94.exe, command: -install -msi Error: (08/31/2013 08:10:27 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/25/2013 05:52:33 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung Paint Shop Pro X.exe, Version 10.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/24/2013 08:50:51 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung opera.exe, Version 12.16.1860.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/20/2013 11:01:05 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/18/2013 03:16:54 PM) (Source: Application Error) (User: ) Description: Fehlgeschlagene Anwendung tbb-firefox.exe, Version 17.0.7.4920, fehlgeschlagenes Modul nspr4.dll, Version 4.9.5.0, Fehleradresse 0x0002a69a. Das medienspezifische Ereignis für [tbb-firefox.exe!ws!] wird verarbeitet. Error: (08/18/2013 00:23:45 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error: (08/18/2013 00:23:44 PM) (Source: Application Hang) (User: ) Description: Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. System errors: ============= Error: (09/14/2013 11:15:31 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Webbereitstellungs-Agent-Dienst" wurde mit folgendem Fehler beendet: %%2148734208 Error: (09/14/2013 11:15:18 AM) (Source: 0) (User: ) Description: 0.0.0.0:80 Error: (09/14/2013 11:15:02 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: lkbdhlpr Error: (09/14/2013 11:15:02 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Webbereitstellungs-Agent-Dienst" wurde nicht ordnungsgemäß gestartet. Error: (09/14/2013 11:13:11 AM) (Source: 0) (User: ) Description: 0xC0000243SMR162.SYSHarddiskVolume2 Error: (09/13/2013 10:51:52 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort0 Error: (09/13/2013 10:35:37 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort0 Error: (09/13/2013 10:34:59 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort0 Error: (09/13/2013 10:34:19 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort0 Error: (09/13/2013 10:34:01 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort0 Microsoft Office Sessions: ========================= Error: (09/14/2013 11:26:33 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\InstallAX_11_8_800_168.exe, command: -install -msi(NULL)(NULL)(NULL)(NULL) Error: (09/13/2013 10:51:52 PM) (Source: Application Hang)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0hungapp0.0.0.000000000 Error: (09/10/2013 08:08:44 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\InstallAX_11_8_800_94.exe, command: -install -msi(NULL)(NULL)(NULL)(NULL) Error: (08/31/2013 08:10:27 PM) (Source: Application Hang)(User: ) Description: winamp.exe5.6.3.3234hungapp0.0.0.000000000 Error: (08/25/2013 05:52:33 PM) (Source: Application Hang)(User: ) Description: Paint Shop Pro X.exe10.0.0.0hungapp0.0.0.000000000 Error: (08/24/2013 08:50:51 PM) (Source: Application Hang)(User: ) Description: opera.exe12.16.1860.0hungapp0.0.0.000000000 Error: (08/20/2013 11:01:05 PM) (Source: Application Hang)(User: ) Description: winamp.exe5.6.3.3234hungapp0.0.0.000000000 Error: (08/18/2013 03:16:54 PM) (Source: Application Error)(User: ) Description: tbb-firefox.exe17.0.7.4920nspr4.dll4.9.5.00002a69a Error: (08/18/2013 00:23:45 PM) (Source: Application Hang)(User: ) Description: tbb-firefox.exe17.0.7.4920hungapp0.0.0.000000000 Error: (08/18/2013 00:23:44 PM) (Source: Application Hang)(User: ) Description: tbb-firefox.exe17.0.7.4920hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 2020.77 MB Available physical RAM: 1197.92 MB Total Pagefile: 3908.56 MB Available Pagefile: 3079.7 MB Total Virtual: 2047.88 MB Available Virtual: 1950.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:76.69 GB) (Free:8.49 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (Lokaler Datenträger) (Fixed) (Total:76.68 GB) (Free:7.38 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 77 GB) (Disk ID: C429C429) Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 77 GB) (Disk ID: 7D234438) Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
14.09.2013, 20:59
| #4 |
| /// the machine /// TB-Ausbilder | ungewöhnlicher DatentransferCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2013, 20:08
| #5 |
| | ungewöhnlicher DatentransferCode:
ATTFilter ComboFix 13-09-14.01 - ich 15.09.2013 20:47:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2021.1139 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\ich\Eigene Dateien\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\RAIDTest
c:\dokumente und einstellungen\ich\Eigene Dateien\~WRL2879.tmp
c:\dokumente und einstellungen\ich\WINDOWS
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-15 bis 2013-09-15 ))))))))))))))))))))))))))))))
.
.
2013-09-14 09:57 . 2013-09-14 09:57 -------- d-----w- C:\FRST
2013-09-12 18:48 . 2013-09-12 18:49 -------- d-----w- C:\AdwCleaner
2013-08-28 16:43 . 2013-08-28 16:43 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 19:06 . 2012-04-01 08:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 19:06 . 2011-05-18 17:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2008-04-14 05:52 390656 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2008-04-14 05:23 1877888 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2008-04-14 05:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 05:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 05:52 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 05:52 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2008-04-14 05:25 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 05:52 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2008-04-14 05:52 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33 . 2008-04-14 07:30 2072448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:33 . 2008-04-14 05:30 2195840 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-27 16:37 . 2013-06-27 16:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-27 16:37 . 2013-06-27 16:38 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-27 16:37 . 2012-09-18 17:24 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-27 16:37 . 2011-06-11 11:59 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\ich\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\ich\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\ich\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\ich\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\READREG" [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-07-31 1544192]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 1828136]
"AudioHQ"="c:\programme\Creative\SBLive\AudioHQ\AHQTB.EXE" [1998-07-15 191488]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\programme\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"zBrowser Launcher"="c:\programme\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 19968]
"ElbyCheckAnyDVD"="c:\programme\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 45056]
"CloneDVDElbyDelay"="c:\programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-29 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-29 142360]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"PDFPrint"="c:\programme\PDF24\pdf24.exe" [2012-12-12 163000]
"WinPatrol"="c:\programme\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
Secunia PSI Tray.lnk - c:\programme\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Dokumente und Einstellungen\\ich\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [27.05.2011 13:24 26112]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R2 Apache2.2;Apache2.2;e:\xampp\apache\bin\httpd.exe [10.09.2011 11:43 18432]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [16.05.2011 13:47 109728]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07.05.2010 11:06 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 19:27 19472]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [07.02.2013 14:15 16024]
S1 lkbdhlpr;Logitech Keyboard Class Helper Driver;c:\windows\system32\Drivers\lkbdhlpr.sys --> c:\windows\system32\Drivers\lkbdhlpr.sys [?]
S2 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\programme\IIS\Microsoft Web Deploy\MsDepSvc.exe [01.04.2011 20:17 67400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.05.2011 15:48 1691480]
S3 cpudrv;cpudrv;c:\programme\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [17.05.2011 15:10 264704]
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = fritz.box
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\gaq2t0g5.default-1374082646328\
FF - prefs.js: browser.startup.homepage - hxxps://dl.dropboxusercontent.com/u/20374210/DVD-Sammlung/1_DVD-Sammlung.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free Audio Converter_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Uninstall.exe
AddRemove-Free Studio_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-15 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\programme\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1958367476-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,46,a6,37,b2,d9,1b,e4,91,95,71,09,e1,41,60,a8,15,82,43,0a,45,3e,6f,
97,bb,7a,e7,91,41,00,de,4f,27,cd,8e,ba,b3,e0,f8,2e,8a,36,ec,be,32,35,2f,f6,\
"??"=hex:de,71,b6,9c,b5,39,b1,ee,37,90,58,31,06,9c,0d,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\MACHINE\Software\CLASSES\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
Zeit der Fertigstellung: 2013-09-15 21:04:37
ComboFix-quarantined-files.txt 2013-09-15 19:04
.
Vor Suchlauf: 14 Verzeichnis(se), 12.316.499.968 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.659.806.208 Bytes frei
.
- - End Of File - - FF88BBF6AD257DC073EB8D3CED9541B8
72B8CE41AF0DE751C946802B3ED844B4
|
|
16.09.2013, 09:55
| #6 |
| /// the machine /// TB-Ausbilder | ungewöhnlicher Datentransfer Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> ungewöhnlicher Datentransfer |
|
17.09.2013, 07:13
| #7 |
| | ungewöhnlicher DatentransferCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.16.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ich :: XXX [Administrator] 16.09.2013 19:27:56 mbam-log-2013-09-16 (19-27-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 640869 Laufzeit: 10 Stunde(n), 26 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet\portable\gimp\GIMPPortable\App\gtk\lib\pango\1.4.0\modules\pango-tibetan-fc.dll (Trojan.Agent.CPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet\Winamp\winamp5621_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Webs\DVD-Sammlung\tmp\GIMP_Portable_2.2.13_multilingual.paf.exe (Trojan.Agent.CPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\Meine empfangenen Dateien\unlocker1.8.7.exe (Adware.Clicker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\Meine empfangenen Dateien\winamp5581_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\Meine empfangenen Dateien\winamp5601_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\ich\Eigene Dateien\Meine empfangenen Dateien\winamp561_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Programme\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 17/09/2013 um 07:41:42
# Updated 15/09/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : ich - XXX
# Gestartet von : C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\ich\Anwendungsdaten\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468B-BF51-58D5F52A84F6}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v23.0 (de)
[ Datei : C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\gaq2t0g5.default-1374082646328\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\prefs.js ]
*************************
AdwCleaner[R0].txt - [1322 octets] - [12/09/2013 20:48:21]
AdwCleaner[R1].txt - [1316 octets] - [17/09/2013 07:40:04]
AdwCleaner[S0].txt - [1239 octets] - [17/09/2013 07:41:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1299 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by ich on 17.09.2013 at 7:49:07,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.09.2013 at 7:57:28,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ich (administrator) on XXX on 17-09-2013 08:04:36
Running from C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Creative Technology Ltd.) C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Logitech Inc.) C:\Programme\Logitech\iTouch\iTouch.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Programme\Unlocker\UnlockerAssistant.exe
(BillP Studios) C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Secunia) C:\Programme\Secunia\PSI\psi_tray.exe
(Logitech Inc.) C:\Programme\Logitech\MouseWare\system\em_exec.exe
(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Apache Software Foundation) e:\xampp\apache\bin\httpd.exe
(AVM Berlin) C:\Programme\avmwlanstick\WlanNetService.exe
(FileZilla Project) e:\xampp\filezillaftp\filezillaserver.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
() e:\xampp\mysql\bin\mysqld.exe
(Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Programme\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(Opera Software) C:\Programme\Opera\opera.exe
(Secunia) C:\Programme\Secunia\PSI\sua.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVMWlanClient] - C:\Programme\avmwlanstick\wlangui.exe [1544192 2006-07-31] (AVM Berlin)
HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-09-10] (Nero AG)
HKLM\...\Run: [AudioHQ] - C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE [191488 1998-07-16] (Creative Technology Ltd.)
HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] - C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
HKLM\...\Run: [DevconDefaultDB] - C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
HKLM\...\Run: [zBrowser Launcher] - C:\Programme\Logitech\iTouch\iTouch.exe [892928 2004-03-18] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] - C:\Windows\Logi_MwX.Exe [19968 2003-06-30] (Logitech Inc.)
HKLM\...\Run: [ElbyCheckAnyDVD] - C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe [45056 2003-09-20] (Elaborate Bytes AG)
HKLM\...\Run: [CloneDVDElbyDelay] - C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [PDFPrint] - C:\Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [WinPatrol] - C:\Programme\BillP Studios\WinPatrol\winpatrol.exe [422632 2013-04-17] (BillP Studios)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\gaq2t0g5.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @unity3d.com/UnityPlayer,version=1.0 - C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Modul zur Link-Untersuchung - C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
========================== Services (Whitelisted) =================
R2 Apache2.2; e:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [370756 2006-07-31] (AVM Berlin)
S2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 FileZilla Server; e:\xampp\filezillaftp\filezillaserver.exe [630272 2011-06-07] (FileZilla Project)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-25] (Mozilla Foundation)
S2 MsDepSvc; C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 mysql; e:\xampp\mysql\bin\my.ini [5396 2012-01-29] ()
R2 Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-09-10] (Nero AG)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [382248 2007-08-21] (Nero AG)
R2 Secunia PSI Agent; C:\Programme\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Programme\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 wlidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE [1529728 2009-08-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [22912 2003-09-29] (SlySoft, Inc.)
S3 cpudrv; C:\Programme\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-09-15] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3840 2003-03-28] (Elaborate Bytes)
R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-07-31] (AVM GmbH)
R3 itchfltr; C:\Windows\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [565552 2011-04-20] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [34608 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-11-02] (Kaspersky Lab)
R3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [53870 2003-06-30] (Logitech, Inc.)
S3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2004-03-03] (Logitech, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R1 vmm; C:\WINDOWS\system32\Drivers\vmm.sys [229208 2011-08-26] (Microsoft Corporation)
S3 catchme; \??\C:\DOKUME~1\ich\LOKALE~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U4 L8042PRT;
S1 lkbdhlpr; System32\Drivers\lkbdhlpr.sys [x]
U1 sermouse;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 07:57 - 2013-09-17 07:57 - 00000579 _____ C:\Dokumente und Einstellungen\ich\Desktop\JRT.txt
2013-09-15 21:04 - 2013-09-15 21:04 - 00014056 _____ C:\ComboFix.txt
2013-09-15 20:44 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-15 20:44 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-15 20:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-15 20:43 - 2013-09-15 21:04 - 00000000 ____D C:\Qoobox
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-12 20:48 - 2013-09-17 08:02 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 18:56 - 2013-09-12 20:06 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 18:56 - 2013-09-12 20:06 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 18:55 - 2013-09-12 20:06 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-03 20:14 - 2013-09-17 07:49 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
==================== One Month Modified Files and Folders =======
2013-09-17 08:05 - 2012-04-01 10:06 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-17 08:02 - 2013-09-12 20:48 - 00000000 ____D C:\AdwCleaner
2013-09-17 07:57 - 2013-09-17 07:57 - 00000579 _____ C:\Dokumente und Einstellungen\ich\Desktop\JRT.txt
2013-09-17 07:50 - 2011-05-16 12:33 - 02053793 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-17 07:49 - 2013-09-03 20:14 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-09-17 07:49 - 2013-08-09 21:44 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-09-17 07:49 - 2012-05-06 10:08 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-09-17 07:49 - 2011-05-17 15:14 - 00000702 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-09-17 07:46 - 2011-05-16 13:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-09-17 07:43 - 2011-05-20 20:13 - 00000051 _____ C:\WINDOWS\iTouch.ini
2013-09-17 07:43 - 2011-05-16 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-17 07:42 - 2011-05-16 13:22 - 00000190 ___SH C:\Dokumente und Einstellungen\ich\ntuser.ini
2013-09-17 07:42 - 2011-05-16 13:17 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-17 07:37 - 2011-05-18 21:02 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet
2013-09-17 07:30 - 2011-10-13 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-09-15 21:04 - 2013-09-15 21:04 - 00014056 _____ C:\ComboFix.txt
2013-09-15 21:04 - 2013-09-15 20:43 - 00000000 ____D C:\Qoobox
2013-09-15 21:00 - 2004-08-04 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-15 20:59 - 2011-05-16 13:22 - 00000000 ____D C:\Dokumente und Einstellungen\ich
2013-09-15 20:42 - 2007-02-15 20:38 - 20209152 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\Medien-Liste.xls
2013-09-14 15:28 - 2011-06-02 13:24 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-09-14 15:28 - 2011-06-02 13:24 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-14 12:22 - 2011-05-30 19:13 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-09-14 12:10 - 2011-05-18 21:21 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\My PSP Files
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-13 23:27 - 2011-05-18 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\8_Video
2013-09-13 23:06 - 2011-05-18 19:11 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\3_Bands
2013-09-13 23:03 - 2011-06-02 13:22 - 00382766 _____ C:\WINDOWS\setupapi.log
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-13 21:28 - 2011-05-17 15:19 - 00000000 ____D C:\Programme\Opera
2013-09-13 21:06 - 2012-04-01 10:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 21:06 - 2011-05-18 19:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 20:20 - 2012-01-15 00:47 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\NPE
2013-09-13 20:11 - 2011-05-16 13:52 - 00000327 __RSH C:\boot.ini
2013-09-13 19:14 - 2008-10-08 22:01 - 00097280 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\X-Mas 2008.xls
2013-09-12 20:54 - 2011-05-16 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961501$
2013-09-12 20:54 - 2011-05-16 12:54 - 00481928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 20:14 - 2013-04-27 20:43 - 00000000 ____D C:\Programme\SpywareBlaster
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:07 - 2011-06-13 11:08 - 00061960 _____ C:\WINDOWS\updspapi.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00844196 _____ C:\WINDOWS\iis6.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00782279 _____ C:\WINDOWS\FaxSetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00372584 _____ C:\WINDOWS\ocgen.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00355466 _____ C:\WINDOWS\tsoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00258335 _____ C:\WINDOWS\comsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00238832 _____ C:\WINDOWS\msmqinst.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00156262 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00136458 _____ C:\WINDOWS\netfxocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00053550 _____ C:\WINDOWS\MedCtrOC.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00042750 _____ C:\WINDOWS\ocmsn.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00039186 _____ C:\WINDOWS\tabletoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00038934 _____ C:\WINDOWS\msgsocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-12 20:07 - 2011-05-16 14:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 20:06 - 2013-09-12 18:56 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 20:06 - 2013-09-12 18:56 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 20:06 - 2013-09-12 18:55 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-12 20:06 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-12 20:04 - 2013-07-11 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-12 20:00 - 2011-05-16 14:33 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-12 18:59 - 2011-07-03 20:21 - 00002347 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
2013-09-12 18:59 - 2011-05-16 12:54 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-09-12 18:44 - 2004-08-04 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-10 19:52 - 2011-05-18 19:05 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Webs
2013-09-09 19:39 - 2011-05-18 21:23 - 00001004 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2013-09-09 19:37 - 2011-05-16 13:22 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Bilder
2013-09-07 12:58 - 2011-05-22 17:09 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
2013-09-07 12:36 - 2011-05-16 12:55 - 00000000 ___RD C:\Programme
2013-09-05 20:23 - 2012-07-14 16:41 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\FileZilla
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-26 19:53 - 2011-05-18 21:01 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\4_Musik
2013-08-25 17:43 - 2011-05-18 18:33 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox
2013-08-25 17:43 - 2011-05-18 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Dropbox
2013-08-25 17:25 - 2011-05-18 18:35 - 00001014 _____ C:\Dokumente und Einstellungen\ich\Desktop\Dropbox.lnk
2013-08-25 17:25 - 2011-05-18 18:34 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Startmenü\Programme\Dropbox
2013-08-24 21:29 - 2011-05-18 18:34 - 00178648 _____ C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-08-23 18:50 - 2012-12-29 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\vlc
2013-08-20 18:38 - 2013-04-20 13:14 - 00000691 _____ C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
2013-08-18 15:30 - 2009-12-15 00:57 - 24676352 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\Kulturbesuche.xls
2013-08-18 11:39 - 2011-07-03 20:23 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Adobe
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 07:53] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 07:22] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Ich weiß nicht, ob ich was falsch gemacht habe, aber MBam wollte den PC neustarten, ich habe es mit "Ja" bestätigt. |
|
17.09.2013, 13:12
| #8 |
| /// the machine /// TB-Ausbilder | ungewöhnlicher DatentransferESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2013, 06:24
| #9 | |
| | ungewöhnlicher DatentransferCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec3e6988eebefd419ba5aa43a7f8d092
# engine=15165
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-17 09:54:14
# local_time=2013-09-17 11:54:14 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1285 16777214 100 100 969164 75778804 0 0
# scanned=398893
# found=0
# cleaned=0
# scan_time=15075
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` WinPatrol SpywareBlaster 5.0 Secunia PSI (3.0.0.6005) Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe BillP Studios WinPatrol winpatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ich (administrator) on XXX on 18-09-2013 19:36:12
Running from C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Creative Technology Ltd.) C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Logitech Inc.) C:\Programme\Logitech\iTouch\iTouch.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Programme\Unlocker\UnlockerAssistant.exe
(BillP Studios) C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Secunia) C:\Programme\Secunia\PSI\psi_tray.exe
(Logitech Inc.) C:\Programme\Logitech\MouseWare\system\em_exec.exe
(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Apache Software Foundation) e:\xampp\apache\bin\httpd.exe
(AVM Berlin) C:\Programme\avmwlanstick\WlanNetService.exe
(FileZilla Project) e:\xampp\filezillaftp\filezillaserver.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
() e:\xampp\mysql\bin\mysqld.exe
(Nero AG) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Programme\Secunia\PSI\PSIA.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) E:\xampp\apache\bin\httpd.exe
(Secunia) C:\Programme\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Opera Software) C:\Programme\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVMWlanClient] - C:\Programme\avmwlanstick\wlangui.exe [1544192 2006-07-31] (AVM Berlin)
HKLM\...\Run: [NeroFilterCheck] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-09-10] (Nero AG)
HKLM\...\Run: [AudioHQ] - C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE [191488 1998-07-16] (Creative Technology Ltd.)
HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] - C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
HKLM\...\Run: [DevconDefaultDB] - C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
HKLM\...\Run: [zBrowser Launcher] - C:\Programme\Logitech\iTouch\iTouch.exe [892928 2004-03-18] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] - C:\Windows\Logi_MwX.Exe [19968 2003-06-30] (Logitech Inc.)
HKLM\...\Run: [ElbyCheckAnyDVD] - C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe [45056 2003-09-20] (Elaborate Bytes AG)
HKLM\...\Run: [CloneDVDElbyDelay] - C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Programme\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [PDFPrint] - C:\Programme\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [WinPatrol] - C:\Programme\BillP Studios\WinPatrol\winpatrol.exe [422632 2013-04-17] (BillP Studios)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe [ 2007-08-21] (Nero AG)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\gaq2t0g5.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @unity3d.com/UnityPlayer,version=1.0 - C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Modul zur Link-Untersuchung - C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
========================== Services (Whitelisted) =================
R2 Apache2.2; e:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [370756 2006-07-31] (AVM Berlin)
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 FileZilla Server; e:\xampp\filezillaftp\filezillaserver.exe [630272 2011-06-07] (FileZilla Project)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-02-28] (Intel Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-25] (Mozilla Foundation)
S2 MsDepSvc; C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 mysql; e:\xampp\mysql\bin\my.ini [5396 2012-01-29] ()
R2 Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-09-10] (Nero AG)
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [382248 2007-08-21] (Nero AG)
R2 Secunia PSI Agent; C:\Programme\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Programme\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 wlidsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE [1529728 2009-08-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [22912 2003-09-29] (SlySoft, Inc.)
S3 cpudrv; C:\Programme\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9728 2003-09-15] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3840 2003-03-28] (Elaborate Bytes)
R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-07-31] (AVM GmbH)
R3 itchfltr; C:\Windows\System32\DRIVERS\itchfltr.sys [12953 2004-03-10] (Logitech, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [565552 2011-04-20] (Kaspersky Lab)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [34608 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-11-02] (Kaspersky Lab)
R3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [53870 2003-06-30] (Logitech, Inc.)
S3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37887 2004-03-03] (Logitech, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R1 vmm; C:\WINDOWS\system32\Drivers\vmm.sys [229208 2011-08-26] (Microsoft Corporation)
S3 catchme; \??\C:\DOKUME~1\ich\LOKALE~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U4 L8042PRT;
S1 lkbdhlpr; System32\Drivers\lkbdhlpr.sys [x]
U1 sermouse;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 07:57 - 2013-09-17 07:57 - 00000579 _____ C:\Dokumente und Einstellungen\ich\Desktop\JRT.txt
2013-09-15 21:04 - 2013-09-15 21:04 - 00014056 _____ C:\ComboFix.txt
2013-09-15 20:44 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-15 20:44 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-15 20:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-15 20:44 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-15 20:43 - 2013-09-15 21:04 - 00000000 ____D C:\Qoobox
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-12 20:48 - 2013-09-17 08:02 - 00000000 ____D C:\AdwCleaner
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 18:56 - 2013-09-12 20:06 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 18:56 - 2013-09-12 20:06 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 18:55 - 2013-09-12 20:06 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-03 20:14 - 2013-09-18 01:48 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
==================== One Month Modified Files and Folders =======
2013-09-18 19:24 - 2008-10-08 22:01 - 00097280 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\X-Mas 2008.xls
2013-09-18 19:15 - 2011-06-02 13:24 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-18 19:15 - 2011-06-02 13:24 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-18 19:15 - 2011-05-18 21:21 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\My PSP Files
2013-09-18 19:15 - 2011-05-16 12:33 - 01054985 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-18 19:05 - 2012-04-01 10:06 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-18 18:51 - 2011-05-16 13:51 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-09-18 18:42 - 2011-05-16 12:55 - 00000000 ___RD C:\Programme
2013-09-18 18:39 - 2011-05-16 13:22 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Startmenü\Programme
2013-09-18 18:27 - 2012-05-06 10:08 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-09-18 18:27 - 2011-05-20 20:13 - 00000051 _____ C:\WINDOWS\iTouch.ini
2013-09-18 18:27 - 2011-05-16 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-18 06:01 - 2011-05-16 13:17 - 00032376 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-18 06:00 - 2011-05-16 13:22 - 00000190 ___SH C:\Dokumente und Einstellungen\ich\ntuser.ini
2013-09-18 01:48 - 2013-09-03 20:14 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-09-18 01:48 - 2013-08-09 21:44 - 00000696 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
2013-09-18 01:48 - 2011-05-17 15:14 - 00000702 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2013-09-17 08:02 - 2013-09-12 20:48 - 00000000 ____D C:\AdwCleaner
2013-09-17 07:57 - 2013-09-17 07:57 - 00000579 _____ C:\Dokumente und Einstellungen\ich\Desktop\JRT.txt
2013-09-17 07:37 - 2011-05-18 21:02 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\5_Internet
2013-09-17 07:30 - 2011-10-13 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-09-15 21:04 - 2013-09-15 21:04 - 00014056 _____ C:\ComboFix.txt
2013-09-15 21:04 - 2013-09-15 20:43 - 00000000 ____D C:\Qoobox
2013-09-15 21:00 - 2004-08-04 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-15 20:59 - 2011-05-16 13:22 - 00000000 ____D C:\Dokumente und Einstellungen\ich
2013-09-15 20:42 - 2007-02-15 20:38 - 20209152 _____ C:\Dokumente und Einstellungen\ich\Eigene Dateien\Medien-Liste.xls
2013-09-14 12:22 - 2011-05-30 19:13 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-09-14 11:57 - 2013-09-14 11:57 - 00000000 ____D C:\FRST
2013-09-13 23:27 - 2011-05-18 20:52 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\8_Video
2013-09-13 23:06 - 2011-05-18 19:11 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\3_Bands
2013-09-13 23:03 - 2011-06-02 13:22 - 00382766 _____ C:\WINDOWS\setupapi.log
2013-09-13 21:28 - 2013-09-13 21:28 - 00000000 _____ C:\Dokumente und Einstellungen\ich\defogger_reenable
2013-09-13 21:28 - 2011-05-17 15:19 - 00000000 ____D C:\Programme\Opera
2013-09-13 21:06 - 2012-04-01 10:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 21:06 - 2011-05-18 19:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 20:20 - 2012-01-15 00:47 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\NPE
2013-09-13 20:11 - 2011-05-16 13:52 - 00000327 __RSH C:\boot.ini
2013-09-12 20:54 - 2011-05-16 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961501$
2013-09-12 20:54 - 2011-05-16 12:54 - 00481928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 20:14 - 2013-04-27 20:43 - 00000000 ____D C:\Programme\SpywareBlaster
2013-09-12 20:07 - 2013-09-12 20:07 - 00013573 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-12 20:07 - 2011-06-13 11:08 - 00061960 _____ C:\WINDOWS\updspapi.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00844196 _____ C:\WINDOWS\iis6.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00782279 _____ C:\WINDOWS\FaxSetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00372584 _____ C:\WINDOWS\ocgen.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00355466 _____ C:\WINDOWS\tsoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00258335 _____ C:\WINDOWS\comsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00238832 _____ C:\WINDOWS\msmqinst.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00156262 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00136458 _____ C:\WINDOWS\netfxocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00053550 _____ C:\WINDOWS\MedCtrOC.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00042750 _____ C:\WINDOWS\ocmsn.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00039186 _____ C:\WINDOWS\tabletoc.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00038934 _____ C:\WINDOWS\msgsocm.log
2013-09-12 20:07 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-12 20:07 - 2011-05-16 14:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-12 20:06 - 2013-09-12 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-12 20:06 - 2013-09-12 18:56 - 00012811 _____ C:\WINDOWS\KB2876315.log
2013-09-12 20:06 - 2013-09-12 18:56 - 00011841 _____ C:\WINDOWS\KB2876217.log
2013-09-12 20:06 - 2013-09-12 18:55 - 00011533 _____ C:\WINDOWS\KB2864063.log
2013-09-12 20:06 - 2011-06-13 11:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-12 20:04 - 2013-07-11 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-12 20:00 - 2011-05-16 14:33 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-12 18:59 - 2011-07-03 20:21 - 00002347 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
2013-09-12 18:59 - 2011-05-16 12:54 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-09-12 18:44 - 2004-08-04 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-10 19:52 - 2011-05-18 19:05 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Webs
2013-09-09 19:39 - 2011-05-18 21:23 - 00001004 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2013-09-09 19:37 - 2011-05-16 13:22 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Eigene Bilder
2013-09-07 12:58 - 2011-05-22 17:09 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
2013-09-05 20:23 - 2012-07-14 16:41 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\FileZilla
2013-08-27 20:00 - 2013-08-27 20:00 - 00004820 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 20:00 - 2013-08-27 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-26 19:53 - 2011-05-18 21:01 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Eigene Dateien\4_Musik
2013-08-25 17:43 - 2011-05-18 18:33 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox
2013-08-25 17:43 - 2011-05-18 18:29 - 00000000 ___RD C:\Dokumente und Einstellungen\ich\Eigene Dateien\Dropbox
2013-08-25 17:25 - 2011-05-18 18:35 - 00001014 _____ C:\Dokumente und Einstellungen\ich\Desktop\Dropbox.lnk
2013-08-25 17:25 - 2011-05-18 18:34 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Startmenü\Programme\Dropbox
2013-08-24 21:29 - 2011-05-18 18:34 - 00178648 _____ C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2013-08-23 18:50 - 2012-12-29 14:17 - 00000000 ____D C:\Dokumente und Einstellungen\ich\Anwendungsdaten\vlc
2013-08-20 18:38 - 2013-04-20 13:14 - 00000691 _____ C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-04-14 07:53] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-04-14 07:53] - [2008-04-14 07:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 07:22] - [2008-04-14 07:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
Zitat:
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.18.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ich :: XXX [Administrator] 18.09.2013 19:42:29 mbam-log-2013-09-18 (19-42-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 612967 Laufzeit: 9 Stunde(n), 19 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.09.2013, 16:24
| #10 |
| /// the machine /// TB-Ausbilder | ungewöhnlicher Datentransfer Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2013, 18:31
| #11 |
| | ungewöhnlicher Datentransfer Adope sagt es wäre aktuell und Secunia kommt momentan nicht ins Internet, obwohl alles andere läuft.  Die restlichen Programme habe ich eigentlich seit Frühjahr installiert und halte mich, auch vorher schon, eigentlich an die gegebenen Tipps. Aus diesem Grund bin ich überrascht, daß sich mein Rechner schon wieder etwas eingefangen hatte. Sollte PSI morgen wieder einen Zugang finden, ist alles erledigt. Der Rechner scheint wieder geschmeidiger zu laufen und arbeitet nicht die ganze Zeit nebenher. Vielen Dank für deine Zeit und Hilfe. |
|
20.09.2013, 10:23
| #12 |
| /// the machine /// TB-Ausbilder | ungewöhnlicher Datentransfer Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ungewöhnlicher Datentransfer |
| adblock, adobe, adware.clicker, bho, converter, einstellungen, flash player, internet browser, msiinstaller, nodrives, pup.optional.opencandy, pup.optional.softonic, registry, secunia psi, security, trojan.agent.cpl, udp |
Linear-Darstellung
