| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Topic TorchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.11.2013, 13:47
| #1 |
 |  Topic Torch Hi! Nachdem ich heute komischerweise dauernd Werbung im IE eingeblendent bekommen habe, bin ich mal auf die Suche gegangen, der Übeltäter heisst wohl Topic Torch? Kann ich den wieder loswerden? Kaspersky Internet Security 2013 ist der Meinung alles gut....  |
|
03.11.2013, 16:32
| #2 |
| /// the machine /// TB-Ausbilder    | Topic Torch hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.11.2013, 20:11
| #3 |
| | Topic Torch Sorry! Hat länger gedauert! Ich war dienstlich unterwegs!
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Administrator (administrator) on BEASTS on 06-11-2013 20:04:45
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Programme\devolo\dlan\devolonetsvc.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSConnector.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Programme\LG Soft India\forteManager\bin\Monitor.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSTrayApp.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [itype] - C:\Programme\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Programme\Microsoft IntelliPoint\ipoint.exe [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
HKLM\...\Run: [ISUSPM Startup] - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\Explorer: [NoSMHelp] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKCU\...\Policies\Explorer: [NoSMMyDocs] 0x01000000
HKCU\...\Policies\Explorer: [NoSMMyPictures] 0x01000000
HKCU\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Programme\LG Soft India\forteManager\bin\Monitor.exe ()
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Home Server.lnk
ShortcutTarget: Windows Home Server.lnk -> C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {5E3A8249-BBF6-4DA8-A45C-24DFC707D18A} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-1547161642-1935655697-682003330-500\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Citrix.com/npican - C:\Programme\Citrix\ICA Client\npicaN.dll No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Programme\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sun.com/npsopluginmi;version=1.0 - D:\OpenOffice\OpenOffice.org 3\program No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll No File
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
S3 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [151552 2008-07-13] (Acronis)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Programme\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2005-02-24] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-10-19] (Mozilla Foundation)
S3 NetSvc; c:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2004-06-16] (Intel(R) Corporation)
S3 PsShutdownSvc; C:\Windows\System32\PSSDNSVC.EXE [61440 2004-10-11] ()
R2 WHSConnector; C:\Programme\Windows Home Server\WHSConnector.exe [376688 2011-01-10] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2005-11-30] (Adaptec)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2005-09-26] ()
R1 atitray; C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-05] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2007-08-24] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [332800 2003-10-14] (Creative Technology Ltd)
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [169984 2004-06-22] (Intel Corporation)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 EverestDriver; C:\Programme\EVEREST\kerneld.wnt [3584 2004-04-30] ()
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904784 2004-02-24] (Creative Technology Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-11-27] (LogMeIn, Inc.)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-10-21] (Creative Technology Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [593504 2013-10-19] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
S3 LGDDCDevice; C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S3 LGII2CDevice; C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-08-24] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\WINDOWS\System32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-06-04] (Intel Corporation )
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10194 2002-06-14] (Creative Technology Ltd.)
S3 PLCND532; C:\Windows\System32\Drivers\PLCND532.sys [26656 2008-03-05] (Intellon, Inc.)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
R2 PWSYSDRV; C:\WINDOWS\System32\drivers\PWSYSDRV.sys [17072 1999-12-10] (Destiny Technology Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 SE27bus; C:\Windows\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI)
S3 SE27mdfl; C:\Windows\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI)
S3 SE27mdm; C:\Windows\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI)
S3 SE27mgmt; C:\Windows\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI)
S3 se27nd5; C:\Windows\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI)
S3 SE27obex; C:\Windows\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI)
S3 se27unic; C:\Windows\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-07-13] (RapidSolution Software AG)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [28768 2008-07-13] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [x]
S3 FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [x]
S3 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
NETSVC: Ip6FwHlp -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-06 20:02 - 2013-11-06 20:02 - 01089445 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-03 22:37 - 2013-11-06 19:58 - 00000796 _____ C:\WINDOWS\setupapi.log
2013-11-03 14:05 - 2013-11-03 14:05 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 13:13 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:12 - 2013-11-03 13:12 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 13:10 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-19 18:12 - 2013-11-03 12:21 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-10-19 14:38 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-19 14:37 - 2013-08-29 01:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-19 14:35 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:33 - 2013-10-19 12:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:33 - 2013-10-19 12:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
==================== One Month Modified Files and Folders =======
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-06 20:02 - 2013-11-06 20:02 - 01089445 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-06 20:00 - 2008-11-25 20:32 - 01581417 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-06 19:59 - 2013-10-04 15:12 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-11-06 19:59 - 2013-02-27 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
2013-11-06 19:58 - 2013-11-03 22:37 - 00000796 _____ C:\WINDOWS\setupapi.log
2013-11-06 19:51 - 2012-12-27 18:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-11-06 19:48 - 2010-05-17 18:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-06 19:48 - 2010-05-17 18:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-06 19:47 - 2001-08-18 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-03 22:47 - 2011-06-04 10:05 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-03 22:47 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-11-03 22:47 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-11-03 22:47 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-03 22:47 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-03 22:47 - 2004-10-05 15:49 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-11-03 21:59 - 2012-04-01 16:04 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winamp
2013-11-03 21:59 - 2004-10-05 15:49 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-11-03 20:24 - 2012-05-26 09:57 - 00002385 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Napster Rienf Repair.lnk
2013-11-03 15:10 - 2004-10-05 01:41 - 00000000 ___RD C:\Programme
2013-11-03 14:05 - 2013-11-03 14:05 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 13:48 - 2013-11-03 13:13 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:48 - 2013-11-03 13:10 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-11-03 13:12 - 2013-11-03 13:12 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 12:44 - 2013-05-09 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2013-11-03 12:21 - 2013-10-19 18:12 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-03 12:21 - 2013-02-20 18:08 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe AIR
2013-11-03 12:03 - 2004-10-05 01:41 - 01224922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 19:13 - 2006-08-01 15:54 - 00000245 _____ C:\WINDOWS\hpbafd.ini
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-24 18:39 - 2006-02-06 13:34 - 00000000 ____D C:\Programme\IrfanView
2013-10-24 18:39 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-24 18:26 - 2013-07-03 19:12 - 00372736 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Teamroster.xls
2013-10-24 18:12 - 2013-02-20 21:19 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-24 18:12 - 2012-03-31 09:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-24 18:12 - 2011-12-04 14:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-19 20:28 - 2004-10-05 01:41 - 00210488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 20:11 - 2007-06-08 14:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-19 19:53 - 2013-08-03 12:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-19 19:46 - 2009-01-26 19:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-19 19:43 - 2010-06-15 09:46 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-19 18:15 - 2012-04-29 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-10-19 13:36 - 2013-02-22 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
2013-10-19 12:46 - 2013-07-21 19:55 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:32 - 2013-10-19 12:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:32 - 2013-10-19 12:33 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
2013-10-19 12:25 - 2012-12-27 18:29 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-10-19 12:25 - 2012-07-25 14:53 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2013-10-19 12:25 - 2012-06-19 17:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-10-19 12:25 - 2012-05-25 19:38 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
Files to move or delete:
====================
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sversion.ini
C:\Dokumente und Einstellungen\beast\compreg.dat
C:\Dokumente und Einstellungen\beast\persdict.dat
C:\Dokumente und Einstellungen\beast\pluginreg.dat
C:\Dokumente und Einstellungen\beast\prefs.js
C:\Dokumente und Einstellungen\beast\xpti.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2003-05-29 10:48] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2002-08-29 02:43] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2001-08-18 12:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-11-14 17:55] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2002-08-29 02:43] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-11-14 17:55] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-11-14 17:55] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Administrator at 2013-11-06 20:06:36
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
Could not list Security Center items. Check WMI.
==================== Installed Programs ======================
7-Zip 4.64
AC3Filter (remove only)
Acronis*True*Image
Adobe AIR (Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Ashampoo Burning Studio 2013 v.11.0.6 (Version: 11.0.6)
ATI - Dienstprogramm zur Deinstallation der Software (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.010.0210.2338)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
Battlestations: Midway Patch V1.1 (Version: 1.00.0000)
Battlestations: Midway Patch V1.1.1 (Version: 1.00.0000)
calibre (Version: 0.9.44)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-core-preinstall (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CCleaner (Version: 4.02)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (DV) (Version: 13.3.0.55)
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.3.0.55)
Citrix Receiver (USB) (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
CoreVorbis Audio Decoder (remove only)
devolo dLAN Cockpit (Version: 1.0)
DivX-Setup (Version: 2.6.1.44)
dLAN Cockpit (Version: 1.19.07)
Dropbox (HKCU Version: 2.0.22)
EA SPORTS online 2008
Eraser 6.0.6.1376 (Version: 6.0.1376)
EVEREST Home Edition v1.10
ffdshow (remove only)
FLAC Installer 1.1.1a (remove only) (Version: 1.1.1a)
Flatcast Viewer Plugin 5.2.2.454
forteManager (Version: 3.18)
GameShadow (Version: 1.91.0000)
GEAR 32bit Driver Installer (Version: 2.005.1)
Half-Life 2: Episode One
Half-Life 2: Lost Coast
Half-Life(R) 2 (Version: 1.0.0.0)
HP Data Vault 3.1 (Version: 3.1.1.34819)
HP Update (Version: 4.000.011.006)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections (Version: 9.00.0000)
Internet Explorer Q903235
IrfanView (remove only) (Version: 4.36)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Lame ACM MP3 Codec
Local Port Scanner v1.2.2
Madden NFL 08
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MatrixGamesMM (Version: 0.1.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WinUsb 1.0
Miranda Fusion 3.2.6.0 (Version: 3.2.6.0)
MLB 2K9 (Version: 1.0.0)
Motherboard Monitor 5 (Version: 5)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (Version: 24.0.1)
Mp3tag v2.54 (Version: v2.54)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
MultiRes (remove only)
MyPhoneExplorer (Version: 1.8.2)
Online Plug-in (Version: 13.3.0.55)
OpenAL
OpenOffice.org 3.4 (Version: 3.4.9590)
PC Inspector smart recovery (Version: 4.50)
PDF-XChange Viewer (Version: 2.5.199.0)
Picasa 3 (Version: 3.9)
PixiePack Codec Pack (Version: 1.1.1200.0)
QuickTime Alternative 2.6.0 (Version: 2.6.0)
Real Alternative 1.8.2 (Version: 1.8.2)
Revo Uninstaller 1.94 (Version: 1.94)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
ScummVM 1.3.1
Self-Service Plug-in (Version: 3.3.0.27839)
Shape Collage
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2) (Version: 2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB976325) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB978207) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB982381) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2761465) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2792100) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2799329) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2809289) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2817183) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1)
Sicherheitsupdate für Windows Media Player (KB2834904)
Sicherheitsupdate für Windows Media Player (KB2834904-v2)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB936782)
Sicherheitsupdate für Windows XP (KB2820197) (Version: 1)
Sicherheitsupdate für Windows XP (KB2829361) (Version: 1)
Sicherheitsupdate für Windows XP (KB2834886) (Version: 1)
Sicherheitsupdate für Windows XP (KB2839229) (Version: 1)
Sicherheitsupdate für Windows XP (KB2845187) (Version: 1)
Sicherheitsupdate für Windows XP (KB2847311) (Version: 1)
Sicherheitsupdate für Windows XP (KB2849470) (Version: 1)
Sicherheitsupdate für Windows XP (KB2850851) (Version: 1)
Sicherheitsupdate für Windows XP (KB2850869) (Version: 1)
Sicherheitsupdate für Windows XP (KB2859537) (Version: 1)
Sicherheitsupdate für Windows XP (KB2862330) (Version: 1)
Sicherheitsupdate für Windows XP (KB2862335) (Version: 1)
Sicherheitsupdate für Windows XP (KB2864063) (Version: 1)
Sicherheitsupdate für Windows XP (KB2868038) (Version: 1)
Sicherheitsupdate für Windows XP (KB2876217) (Version: 1)
Sicherheitsupdate für Windows XP (KB2876315) (Version: 1)
Sicherheitsupdate für Windows XP (KB2883150) (Version: 1)
Sicherheitsupdate für Windows XP (KB2884256) (Version: 1)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB923789)
Silent Hunter 4 Wolves of the Pacific (Version: 1.05.0000)
Silent Hunter III (Version: 1.00.0000)
SiSoftware Sandra Professional 2004.SP2b (Win32 x86) (Version: 9.133.2004.10)
Skins (Version: 2010.0210.2339.42455)
Sound Blaster Live!
Steam(TM) (Version: 1.0.0.0)
StreamTorrent 1.0
Tunebite (Version: 7.2.12800.0)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update für Windows Internet Explorer 7 (KB976749) (Version: 1)
Update für Windows Internet Explorer 7 (KB980182) (Version: 1)
Update für Windows Internet Explorer 8 (KB976662) (Version: 1)
Update für Windows XP (KB2863058) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
VP3 Codec Version 3.2.6.1
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Home Server-Connector (Version: 6.0.3436.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031514)
WinUAE 1.3.0 (Version: 1.3.0)
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec (Version: XviD-1.0.2-29082004)
==================== Restore Points =========================
==================== Hosts content: ==========================
2001-08-18 12:00 - 2011-11-29 19:37 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2004-10-15 16:24 - 2000-07-18 23:44 - 00029882 _____ () C:\WINDOWS\system32\PWPRTMON.DLL
2012-08-17 21:39 - 2012-12-27 18:46 - 01310136 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00090112 _____ () C:\Programme\LG Soft India\forteManager\bin\ACRHOOK.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00122880 _____ () C:\Programme\LG Soft India\forteManager\bin\ApplicationManager.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00053248 _____ () C:\Programme\LG Soft India\forteManager\bin\ErrorHandler.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00159744 _____ () C:\Programme\LG Soft India\forteManager\bin\DeviceManager.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00073728 _____ () C:\Programme\LG Soft India\forteManager\bin\ProtocolEngine.dll
2012-12-29 15:13 - 2009-04-24 16:03 - 00073728 _____ () C:\Programme\LG Soft India\forteManager\bin\MonitorGerRes.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\libcef.dll
2011-06-04 09:59 - 2011-06-04 09:59 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-10-04 15:12 - 2013-10-04 15:13 - 03279768 _____ () C:\Programme\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/19/2013 08:29:15 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (10/19/2013 03:55:33 PM) (Source: wol) (User: )
Description: WOL[GetMACAddress]
Ausnahme:System.Net.Sockets.SocketException
Nachricht:Der angegebene Host ist unbekannt
Quelle:System
StackTrace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
at WOL.MacProcess.GetMACAddress(String hostNameOrAddress)
Error: (10/06/2013 08:03:09 PM) (Source: HomeServer) (User: )
Description: Gegenseitige Authentifizierung zwischen dem Sicherungsserver und dem Client war nicht erfolgreich.
Error: (10/06/2013 07:03:08 PM) (Source: HomeServer) (User: )
Description: Gegenseitige Authentifizierung zwischen dem Sicherungsserver und dem Client war nicht erfolgreich.
Error: (10/06/2013 06:58:44 PM) (Source: ControlCenter) (User: )
Description: failed to launch help URL
Ausnahme:System.ComponentModel.Win32Exception
Nachricht:Das System kann die angegebene Datei nicht finden
Quelle:System
StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(String fileName)
at ControlCenter.DummyForm.DefaultBrowserCheck(String urlBase)
Error: (10/06/2013 06:58:43 PM) (Source: ControlCenter) (User: )
Description: Failed to determine default web browser
Ausnahme:System.NullReferenceException
Nachricht:Object reference not set to an instance of an object.
Quelle:ControlCenter
StackTrace:
at ControlCenter.HPHomeUrlBuilder.IsIEDefaultBrowser()
Error: (09/21/2013 02:22:16 PM) (Source: ControlCenter) (User: )
Description: failed to launch help URL
Ausnahme:System.ComponentModel.Win32Exception
Nachricht:Das System kann die angegebene Datei nicht finden
Quelle:System
StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(String fileName)
at ControlCenter.DummyForm.DefaultBrowserCheck(String urlBase)
Error: (09/21/2013 02:22:15 PM) (Source: ControlCenter) (User: )
Description: Failed to determine default web browser
Ausnahme:System.NullReferenceException
Nachricht:Object reference not set to an instance of an object.
Quelle:ControlCenter
StackTrace:
at ControlCenter.HPHomeUrlBuilder.IsIEDefaultBrowser()
Error: (09/21/2013 02:20:57 PM) (Source: wol) (User: )
Description: WOL[GetMACAddress]
Ausnahme:System.Net.Sockets.SocketException
Nachricht:Der angegebene Host ist unbekannt
Quelle:System
StackTrace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
at WOL.MacProcess.GetMACAddress(String hostNameOrAddress)
Error: (09/08/2013 04:34:47 PM) (Source: MsiInstaller) (User: BEASTS)
Description: Produkt: Self-Service Plug-in -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: RunUninstallCleanup, Pfad: C:\Programme\Citrix\SelfServicePlugin\SelfService.exe, Befehl: -rmPrograms -rmAllLocalUserFiles -rmAutoRuns -exit
System errors:
=============
Error: (10/19/2013 00:32:14 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/19/2013 00:05:02 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft XPS Document Writer, Freigabename Drucker.
Error: (09/08/2013 00:41:07 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker Microsoft XPS Document Writer, Freigabename Drucker.
Error: (09/07/2013 08:49:17 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (08/23/2013 06:48:46 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (08/05/2013 05:39:49 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker HP LaserJet 2100 Series PCL 6, Freigabename Drucker2.
Error: (08/01/2013 09:18:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error: (07/15/2013 09:38:48 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 0007E96A3173 wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (07/03/2013 07:10:20 PM) (Source: Dhcp) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0007E96A3173 zugeteilt werden. Der folgende Fehler
ist aufgetreten:
%%121.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error: (06/23/2013 06:07:52 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 0007E96A3173 wurde durch
den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Microsoft Office Sessions:
=========================
Error: (10/19/2013 08:29:15 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (10/19/2013 03:55:33 PM) (Source: wol)(User: )
Description: WOL[GetMACAddress]
Ausnahme:System.Net.Sockets.SocketException
Nachricht:Der angegebene Host ist unbekannt
Quelle:System
StackTrace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
at WOL.MacProcess.GetMACAddress(String hostNameOrAddress)
Error: (10/06/2013 08:03:09 PM) (Source: HomeServer)(User: )
Description:
Error: (10/06/2013 07:03:08 PM) (Source: HomeServer)(User: )
Description:
Error: (10/06/2013 06:58:44 PM) (Source: ControlCenter)(User: )
Description: failed to launch help URL
Ausnahme:System.ComponentModel.Win32Exception
Nachricht:Das System kann die angegebene Datei nicht finden
Quelle:System
StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(String fileName)
at ControlCenter.DummyForm.DefaultBrowserCheck(String urlBase)
Error: (10/06/2013 06:58:43 PM) (Source: ControlCenter)(User: )
Description: Failed to determine default web browser
Ausnahme:System.NullReferenceException
Nachricht:Object reference not set to an instance of an object.
Quelle:ControlCenter
StackTrace:
at ControlCenter.HPHomeUrlBuilder.IsIEDefaultBrowser()
Error: (09/21/2013 02:22:16 PM) (Source: ControlCenter)(User: )
Description: failed to launch help URL
Ausnahme:System.ComponentModel.Win32Exception
Nachricht:Das System kann die angegebene Datei nicht finden
Quelle:System
StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(String fileName)
at ControlCenter.DummyForm.DefaultBrowserCheck(String urlBase)
Error: (09/21/2013 02:22:15 PM) (Source: ControlCenter)(User: )
Description: Failed to determine default web browser
Ausnahme:System.NullReferenceException
Nachricht:Object reference not set to an instance of an object.
Quelle:ControlCenter
StackTrace:
at ControlCenter.HPHomeUrlBuilder.IsIEDefaultBrowser()
Error: (09/21/2013 02:20:57 PM) (Source: wol)(User: )
Description: WOL[GetMACAddress]
Ausnahme:System.Net.Sockets.SocketException
Nachricht:Der angegebene Host ist unbekannt
Quelle:System
StackTrace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
at WOL.MacProcess.GetMACAddress(String hostNameOrAddress)
Error: (09/08/2013 04:34:47 PM) (Source: MsiInstaller)(User: BEASTS)
Description: Produkt: Self-Service Plug-in -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: RunUninstallCleanup, Pfad: C:\Programme\Citrix\SelfServicePlugin\SelfService.exe, Befehl: -rmPrograms -rmAllLocalUserFiles -rmAutoRuns -exit (NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 91%
Total physical RAM: 1021.73 MB
Available physical RAM: 83.55 MB
Total Pagefile: 2451.81 MB
Available Pagefile: 1384.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.4 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:14.87 GB) (Free:0.79 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Volume) (Fixed) (Total:138.51 GB) (Free:47.72 GB) NTFS
Drive g: (KINGSTON 8G) (Removable) (Total:7.44 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 153 GB) (Disk ID: 07966CC3)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
|
|
07.11.2013, 12:26
| #4 |
| /// the machine /// TB-Ausbilder | Topic Torch hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.11.2013, 14:57
| #5 |
| | Topic Torch Ok ist recht schnell durchgelaufen! Combofix Logfile: Code:
ATTFilter ComboFix 13-11-07.01 - Administrator 10.11.2013 14:35:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.246 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-10 bis 2013-11-10 ))))))))))))))))))))))))))))))
.
.
2013-11-06 19:04 . 2013-11-06 19:04 -------- d-----w- C:\FRST
2013-11-03 13:05 . 2013-11-03 13:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 12:13 . 2013-11-03 12:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 12:12 . 2013-11-03 12:12 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-03 12:12 . 2013-11-03 12:12 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-19 17:12 . 2013-11-03 11:21 -------- d-----w- c:\programme\Mozilla Thunderbird
2013-10-19 13:38 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-19 13:37 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-10-19 13:37 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-19 13:37 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-19 13:37 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-19 13:35 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-19 13:35 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-19 13:35 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-19 11:33 . 2013-10-19 11:33 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2013-10-19 11:33 . 2013-10-19 11:32 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-19 11:33 . 2013-10-19 11:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-19 11:32 . 2013-10-19 11:32 -------- d-----w- c:\programme\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-24 17:12 . 2012-03-31 08:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-24 17:12 . 2011-12-04 13:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 11:25 . 2012-07-25 13:53 24672 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-19 11:25 . 2012-05-25 18:38 24160 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-10-19 11:25 . 2012-06-19 16:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-09-23 18:23 . 2005-06-17 22:25 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:23 . 2002-08-29 01:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:23 . 2002-08-29 01:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:23 . 2001-08-18 11:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-12-19 19:52 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2008-11-14 16:55 1878784 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2010-01-19 16:58 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-19 356128]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
forteManager.lnk - c:\programme\LG Soft India\forteManager\bin\Monitor.exe -startup [2012-12-29 1683456]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoNetworkConnections"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-05-20 02:37 450560 ----a-w- c:\programme\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-12-15 07:46 976784 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 05:07 69632 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="d:\acrobatreader\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\MirandaFusion\\miranda32.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programme\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"d:\\Extras\\TORRENT\\BitTorrent.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
.
R1 atitray;atitray;c:\programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.07.2008 19:45 17952]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25.04.2012 07:03 67960]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [08.06.2012 11:38 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [13.08.2012 16:49 145040]
R2 DevoloNetworkService;devolo Network Service;c:\programme\devolo\dlan\devolonetsvc.exe [19.07.2010 19:57 2231616]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [13.04.2013 12:27 418376]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10.06.2010 13:32 35840]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [15.10.2004 16:24 17072]
R2 WHSConnector;Windows Home Server-Connectordienst;c:\programme\Windows Home Server\WHSConnector.exe [10.01.2011 13:43 376688]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [27.06.2012 14:09 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [25.05.2012 19:38 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [25.07.2012 14:53 24672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.11.2011 18:24 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.05.2010 14:26 27632]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.11.2011 18:24 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys --> c:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programme\EVEREST\kerneld.wnt [30.04.2004 23:00 3584]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.10.2009 18:07 13224]
S3 LGDDCDevice;LGDDCDevice;c:\programme\LG Soft India\forteManager\bin\I2CDriver.sys [29.12.2012 15:13 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programme\LG Soft India\forteManager\bin\PII2CDriver.sys [29.12.2012 15:13 18432]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05.03.2008 17:27 26656]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [11.10.2004 22:32 61440]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.10.2009 18:07 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.10.2009 18:07 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.10.2009 18:07 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.10.2009 18:07 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.10.2009 18:07 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.10.2009 18:07 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.10.2009 18:07 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [17.10.2009 18:07 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [17.10.2009 18:07 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [17.10.2009 18:07 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [17.10.2009 18:07 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [17.10.2009 18:07 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [17.10.2009 18:07 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [17.10.2009 18:07 109736]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys --> c:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pg7lng4q.Beast-neu\
FF - ExtSQL: !HIDDEN! 2009-11-12 18:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
MSConfigStartUp-Adobe ARM - c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-CitrixReceiver - c:\dokumente und einstellungen\All Users\Startmenü\Programme\Citrix\Receiver Updater.lnk
MSConfigStartUp-ConnectionCenter - c:\programme\Citrix\ICA Client\redirector.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-11-10 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programme\EVEREST\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,4b,e3,93,51,4f,27,42,a0,a3,40,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,d7,17,88,a4,fa,15,4c,df,1b,45,e5,fb,97,26,c5,66,1d,67,4d,c7,58,a5,
7f,c7,98,f9,63,49,61,97,9d,12,42,ea,c2,70,c9,65,59,7e,a5,b5,b4,c1,b8,0e,74,\
"??"=hex:55,10,30,0b,37,2f,bf,d6,b2,68,54,98,20,3f,af,29
.
[HKEY_USERS\S-1-5-21-1547161642-1935655697-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:4e,e6,97,20,53,8e,6e,49,f4,4b,80,98,98,ce,e7,44,f0,f2,af,c7,bd,
07,05,7e,f2,0e,a2,c5,b6,65,2a,2c,19,73,45,ea,92,88,b6,ee,7e,3b,97,f8,17,36,\
"rkeysecu"=hex:e7,db,25,85,9d,d9,0c,6b,59,a2,fd,fb,c5,47,90,f8
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,2b,89,f4,ae,ec,ae,43,80,ed,93,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2013-11-10 14:45:43
ComboFix-quarantined-files.txt 2013-11-10 13:45
ComboFix2.txt 2011-11-29 18:41
.
Vor Suchlauf: 749.891.584 Bytes frei
Nach Suchlauf: 1.251.729.408 Bytes frei
.
- - End Of File - - 3A99DCE694CAB5DDE3421ADEF0157436
72B8CE41AF0DE751C946802B3ED844B4 |
|
10.11.2013, 19:02
| #6 |
| /// the machine /// TB-Ausbilder | Topic Torch Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Topic Torch |
|
10.11.2013, 22:28
| #7 |
| | Topic Torch Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.10.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: BEASTS [Administrator] 10.11.2013 20:34:33 mbam-log-2013-11-10 (20-34-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205250 Laufzeit: 10 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.011 - Bericht erstellt am 10/11/2013 um 21:18:11
# Updated 03/11/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Administrator - BEASTS
# Gestartet von : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
Ordner Gelöscht : C:\Programme\vShare.tv plugin
Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pg7lng4q.Beast-neu\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\WebConnect
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Mozilla\Firefox\Profiles\sw9p0brq.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\pg7lng4q.Beast-neu\prefs.js ]
*************************
AdwCleaner[R0].txt - [2853 octets] - [10/11/2013 21:00:19]
AdwCleaner[S0].txt - [2782 octets] - [10/11/2013 21:18:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2842 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Microsoft Windows XP x86 Ran by Administrator on 10.11.2013 at 21:25:12,46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5E3A8249-BBF6-4DA8-A45C-24DFC707D18A} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\user.js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.11.2013 at 21:33:43,23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Administrator (administrator) on BEASTS on 10-11-2013 21:37:04
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Programme\devolo\dlan\devolonetsvc.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSConnector.exe
() C:\Programme\LG Soft India\forteManager\bin\Monitor.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [itype] - C:\Programme\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Programme\Microsoft IntelliPoint\ipoint.exe [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
HKLM\...\Run: [ISUSPM Startup] - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKCU\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Programme\LG Soft India\forteManager\bin\Monitor.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {ECE55D96-F8CF-4A40-AE98-7F6212949117} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-1547161642-1935655697-682003330-500\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Citrix.com/npican - C:\Programme\Citrix\ICA Client\npicaN.dll No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Programme\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sun.com/npsopluginmi;version=1.0 - D:\OpenOffice\OpenOffice.org 3\program No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll No File
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
S3 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [151552 2008-07-13] (Acronis)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Programme\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2005-02-24] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-10] (Mozilla Foundation)
S3 NetSvc; c:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2004-06-16] (Intel(R) Corporation)
S3 PsShutdownSvc; C:\Windows\System32\PSSDNSVC.EXE [61440 2004-10-11] ()
R2 WHSConnector; C:\Programme\Windows Home Server\WHSConnector.exe [376688 2011-01-10] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2005-11-30] (Adaptec)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2005-09-26] ()
R1 atitray; C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-05] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2007-08-24] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [332800 2003-10-14] (Creative Technology Ltd)
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [169984 2004-06-22] (Intel Corporation)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 EverestDriver; C:\Programme\EVEREST\kerneld.wnt [3584 2004-04-30] ()
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904784 2004-02-24] (Creative Technology Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-11-27] (LogMeIn, Inc.)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-10-21] (Creative Technology Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [593504 2013-10-19] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
S3 LGDDCDevice; C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S3 LGII2CDevice; C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-08-24] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\WINDOWS\System32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-06-04] (Intel Corporation )
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10194 2002-06-14] (Creative Technology Ltd.)
S3 PLCND532; C:\Windows\System32\Drivers\PLCND532.sys [26656 2008-03-05] (Intellon, Inc.)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
R2 PWSYSDRV; C:\WINDOWS\System32\drivers\PWSYSDRV.sys [17072 1999-12-10] (Destiny Technology Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 SE27bus; C:\Windows\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI)
S3 SE27mdfl; C:\Windows\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI)
S3 SE27mdm; C:\Windows\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI)
S3 SE27mgmt; C:\Windows\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI)
S3 se27nd5; C:\Windows\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI)
S3 SE27obex; C:\Windows\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI)
S3 se27unic; C:\Windows\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-07-13] (RapidSolution Software AG)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [28768 2008-07-13] (Acronis)
S3 catchme; \??\C:\WINDOWS\TEMP\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [x]
S3 FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [x]
S3 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
NETSVC: Ip6FwHlp -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 20:58 - 2013-11-10 21:18 - 00000000 ____D C:\AdwCleaner
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:29 - 2013-11-10 15:31 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:29 - 2013-11-10 14:45 - 00000000 ____D C:\Qoobox
2013-11-10 14:29 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-10 14:29 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-10 14:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-06 20:06 - 2013-11-06 20:07 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 22:37 - 2013-11-06 22:23 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-03 14:05 - 2013-11-03 14:05 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 13:13 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 13:10 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-19 14:38 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-19 14:37 - 2013-08-29 01:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-19 14:35 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:33 - 2013-10-19 12:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:33 - 2013-10-19 12:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
==================== One Month Modified Files and Folders =======
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 21:22 - 2012-12-27 18:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-11-10 21:21 - 2013-02-27 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
2013-11-10 21:21 - 2008-11-25 20:32 - 01599624 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-10 21:20 - 2010-05-17 18:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-10 21:20 - 2010-05-17 18:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-10 21:20 - 2004-10-05 00:54 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-10 21:18 - 2013-11-10 20:58 - 00000000 ____D C:\AdwCleaner
2013-11-10 21:18 - 2011-11-29 19:41 - 00006984 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2013-11-10 21:18 - 2011-06-04 10:05 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-10 21:18 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-11-10 21:18 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-11-10 21:18 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 21:18 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 21:18 - 2004-10-05 15:49 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-11-10 21:18 - 2004-10-05 01:41 - 00000000 ___RD C:\Programme
2013-11-10 21:18 - 2004-10-05 00:56 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-11-10 21:14 - 2013-02-20 21:19 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:31 - 2013-11-10 15:29 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 15:30 - 2012-04-29 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-11-10 15:27 - 2013-10-04 15:12 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:45 - 2013-11-10 14:29 - 00000000 ____D C:\Qoobox
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-11-10 14:44 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2013-11-10 14:43 - 2001-08-18 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-10 14:28 - 2011-11-29 19:20 - 00000000 ____D C:\WINDOWS\ERDNT
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-10 14:16 - 2001-08-18 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-06 23:10 - 2011-01-08 10:41 - 00001732 ____H C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp
2013-11-06 22:23 - 2013-11-03 22:37 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-06 20:07 - 2013-11-06 20:06 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 21:59 - 2012-04-01 16:04 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winamp
2013-11-03 21:59 - 2004-10-05 15:49 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-11-03 20:24 - 2012-05-26 09:57 - 00002385 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Napster Rienf Repair.lnk
2013-11-03 14:05 - 2013-11-03 14:05 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
2013-11-03 13:48 - 2013-11-03 13:13 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:48 - 2013-11-03 13:10 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 12:44 - 2013-05-09 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2013-11-03 12:21 - 2013-02-20 18:08 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe AIR
2013-11-03 12:03 - 2004-10-05 01:41 - 01224922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 19:13 - 2006-08-01 15:54 - 00000245 _____ C:\WINDOWS\hpbafd.ini
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-24 18:39 - 2006-02-06 13:34 - 00000000 ____D C:\Programme\IrfanView
2013-10-24 18:39 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-24 18:26 - 2013-07-03 19:12 - 00372736 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Teamroster.xls
2013-10-24 18:12 - 2012-03-31 09:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-24 18:12 - 2011-12-04 14:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-19 20:28 - 2004-10-05 01:41 - 00210488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 20:11 - 2007-06-08 14:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-19 19:53 - 2013-08-03 12:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-19 19:46 - 2009-01-26 19:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-19 19:43 - 2010-06-15 09:46 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-19 13:36 - 2013-02-22 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
2013-10-19 12:46 - 2013-07-21 19:55 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:32 - 2013-10-19 12:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:32 - 2013-10-19 12:33 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
2013-10-19 12:25 - 2012-12-27 18:29 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-10-19 12:25 - 2012-07-25 14:53 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2013-10-19 12:25 - 2012-06-19 17:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-10-19 12:25 - 2012-05-25 19:38 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
Files to move or delete:
====================
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sversion.ini
C:\Dokumente und Einstellungen\beast\compreg.dat
C:\Dokumente und Einstellungen\beast\persdict.dat
C:\Dokumente und Einstellungen\beast\pluginreg.dat
C:\Dokumente und Einstellungen\beast\prefs.js
C:\Dokumente und Einstellungen\beast\xpti.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2003-05-29 10:48] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2002-08-29 02:43] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2001-08-18 12:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-11-14 17:55] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2002-08-29 02:43] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-11-14 17:55] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-11-14 17:55] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- Geändert von player66 (10.11.2013 um 21:24 Uhr) |
|
11.11.2013, 12:43
| #8 |
| /// the machine /// TB-Ausbilder | Topic TorchESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.11.2013, 22:03
| #9 |
| | Topic Torch ESET hat schon was gefunden, wieder Yontoo...ist aber noch nciht fertig ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=261cafc20eb0114ca4d11b10ff42f3a4 # engine=15856 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-11-12 08:49:59 # local_time=2013-11-12 09:49:59 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1286 16777213 100 97 15928 39055721 0 0 # scanned=131799 # found=1 # cleaned=0 # scan_time=11532 sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" Results of screen317's Security Check version 0.99.76 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 45 Adobe Flash Player 11.9.900.117 Mozilla Firefox 24.0 Firefox out of Date! Mozilla Thunderbird (24.1.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Administrator (administrator) on BEASTS on 12-11-2013 22:02:23
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Programme\devolo\dlan\devolonetsvc.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSConnector.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Programme\LG Soft India\forteManager\bin\Monitor.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSTrayApp.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
() C:\Programme\DivX\DivX Update\DivXUpdate.exe
() C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [itype] - C:\Programme\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Programme\Microsoft IntelliPoint\ipoint.exe [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
HKLM\...\Run: [ISUSPM Startup] - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKCU\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Programme\LG Soft India\forteManager\bin\Monitor.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2EBED1C1D9DFCE01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-1547161642-1935655697-682003330-500\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Citrix.com/npican - C:\Programme\Citrix\ICA Client\npicaN.dll No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Programme\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sun.com/npsopluginmi;version=1.0 - D:\OpenOffice\OpenOffice.org 3\program No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll No File
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
========================== Services (Whitelisted) =================
S3 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [151552 2008-07-13] (Acronis)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Programme\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2005-02-24] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-10] (Mozilla Foundation)
S3 NetSvc; c:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2004-06-16] (Intel(R) Corporation)
S3 PsShutdownSvc; C:\Windows\System32\PSSDNSVC.EXE [61440 2004-10-11] ()
R2 WHSConnector; C:\Programme\Windows Home Server\WHSConnector.exe [376688 2011-01-10] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2005-11-30] (Adaptec)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2005-09-26] ()
R1 atitray; C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-05] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2007-08-24] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [332800 2003-10-14] (Creative Technology Ltd)
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [169984 2004-06-22] (Intel Corporation)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 EverestDriver; C:\Programme\EVEREST\kerneld.wnt [3584 2004-04-30] ()
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904784 2004-02-24] (Creative Technology Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-11-27] (LogMeIn, Inc.)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-10-21] (Creative Technology Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [593504 2013-10-19] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
S3 LGDDCDevice; C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S3 LGII2CDevice; C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-08-24] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\WINDOWS\System32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-06-04] (Intel Corporation )
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10194 2002-06-14] (Creative Technology Ltd.)
S3 PLCND532; C:\Windows\System32\Drivers\PLCND532.sys [26656 2008-03-05] (Intellon, Inc.)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
R2 PWSYSDRV; C:\WINDOWS\System32\drivers\PWSYSDRV.sys [17072 1999-12-10] (Destiny Technology Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 SE27bus; C:\Windows\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI)
S3 SE27mdfl; C:\Windows\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI)
S3 SE27mdm; C:\Windows\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI)
S3 SE27mgmt; C:\Windows\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI)
S3 se27nd5; C:\Windows\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI)
S3 SE27obex; C:\Windows\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI)
S3 se27unic; C:\Windows\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-07-13] (RapidSolution Software AG)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [28768 2008-07-13] (Acronis)
S3 catchme; \??\C:\WINDOWS\TEMP\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [x]
S3 FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [x]
S3 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
NETSVC: Ip6FwHlp -> No Registry Path.
==================== One Month Created Files and Folders ========
2013-11-12 21:53 - 2013-11-12 21:52 - 00891184 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-11-12 18:35 - 2013-11-12 18:35 - 00000000 ____D C:\Programme\ESET
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 20:58 - 2013-11-10 21:18 - 00000000 ____D C:\AdwCleaner
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:29 - 2013-11-10 15:31 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:29 - 2013-11-10 14:45 - 00000000 ____D C:\Qoobox
2013-11-10 14:29 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-10 14:29 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-10 14:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-06 20:06 - 2013-11-06 20:07 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 22:37 - 2013-11-06 22:23 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-03 13:13 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 13:10 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-19 14:38 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-19 14:37 - 2013-08-29 01:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-19 14:35 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:33 - 2013-10-19 12:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:33 - 2013-10-19 12:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
==================== One Month Modified Files and Folders =======
2013-11-12 21:52 - 2013-11-12 21:53 - 00891184 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-11-12 20:47 - 2012-12-27 18:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-11-12 20:19 - 2004-10-05 01:41 - 00000000 ___RD C:\Programme
2013-11-12 19:28 - 2006-08-01 15:54 - 00000188 _____ C:\WINDOWS\hpbafd.ini
2013-11-12 18:35 - 2013-11-12 18:35 - 00000000 ____D C:\Programme\ESET
2013-11-12 18:35 - 2013-10-04 15:12 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-11-12 18:33 - 2011-01-10 21:41 - 00002305 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Home Server-Konsole.lnk
2013-11-12 18:31 - 2013-02-27 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
2013-11-12 18:26 - 2008-11-25 20:32 - 01610236 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-12 18:24 - 2010-05-17 18:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-12 18:24 - 2010-05-17 18:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-12 18:24 - 2001-08-18 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-10 22:30 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-11-10 22:30 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-11-10 22:30 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 22:30 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 22:29 - 2011-06-04 10:05 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-10 22:29 - 2004-10-05 15:49 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 21:20 - 2004-10-05 00:54 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-10 21:19 - 2012-04-29 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-11-10 21:18 - 2013-11-10 20:58 - 00000000 ____D C:\AdwCleaner
2013-11-10 21:18 - 2011-11-29 19:41 - 00006984 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2013-11-10 21:18 - 2004-10-05 00:56 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-11-10 21:14 - 2013-02-20 21:19 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:31 - 2013-11-10 15:29 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:45 - 2013-11-10 14:29 - 00000000 ____D C:\Qoobox
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-11-10 14:44 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2013-11-10 14:43 - 2001-08-18 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-10 14:28 - 2011-11-29 19:20 - 00000000 ____D C:\WINDOWS\ERDNT
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-06 23:10 - 2011-01-08 10:41 - 00001732 ____H C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp
2013-11-06 22:23 - 2013-11-03 22:37 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-06 20:07 - 2013-11-06 20:06 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 21:59 - 2012-04-01 16:04 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winamp
2013-11-03 21:59 - 2004-10-05 15:49 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-11-03 20:24 - 2012-05-26 09:57 - 00002385 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Napster Rienf Repair.lnk
2013-11-03 13:48 - 2013-11-03 13:13 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:48 - 2013-11-03 13:10 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 12:44 - 2013-05-09 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2013-11-03 12:21 - 2013-02-20 18:08 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe AIR
2013-11-03 12:03 - 2004-10-05 01:41 - 01224922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-24 18:39 - 2006-02-06 13:34 - 00000000 ____D C:\Programme\IrfanView
2013-10-24 18:39 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-24 18:26 - 2013-07-03 19:12 - 00372736 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Teamroster.xls
2013-10-24 18:12 - 2012-03-31 09:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-24 18:12 - 2011-12-04 14:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-19 20:28 - 2004-10-05 01:41 - 00210488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 20:11 - 2007-06-08 14:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-19 19:53 - 2013-08-03 12:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-19 19:46 - 2009-01-26 19:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-19 19:43 - 2010-06-15 09:46 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-19 13:36 - 2013-02-22 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
2013-10-19 12:46 - 2013-07-21 19:55 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:32 - 2013-10-19 12:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:32 - 2013-10-19 12:33 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
2013-10-19 12:25 - 2012-12-27 18:29 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-10-19 12:25 - 2012-07-25 14:53 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2013-10-19 12:25 - 2012-06-19 17:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-10-19 12:25 - 2012-05-25 19:38 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
Files to move or delete:
====================
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sversion.ini
C:\Dokumente und Einstellungen\beast\compreg.dat
C:\Dokumente und Einstellungen\beast\persdict.dat
C:\Dokumente und Einstellungen\beast\pluginreg.dat
C:\Dokumente und Einstellungen\beast\prefs.js
C:\Dokumente und Einstellungen\beast\xpti.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2003-05-29 10:48] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2002-08-29 02:43] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2001-08-18 12:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2008-11-14 17:55] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2002-08-29 02:43] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2008-11-14 17:55] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2008-11-14 17:55] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================
--- --- --- |
|
13.11.2013, 10:07
| #10 |
| /// the machine /// TB-Ausbilder | Topic Torch Der Fund ist doch schon lange in Quarantäne Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.11.2013, 17:14
| #11 |
| | Topic Torch Hallo! Danke erstmal für die Hilfe! Ich werde dann DELFix ausführen, um den Rest zu löschen. Ich frage mich nur wieso dieser Mist auf meinen Rechner kommt, warum hat Kaspersky nix gemerkt? Ich surfe eigentlich nicht auf "komischen" Seiten im Internet. Ich bin echt ratlos....danke nochmals! # DelFix v10.4 - Datei am 16/11/2013 um 17:13:21 erstellt # Aktualisiert am 19/07/2013 von Xplode # Benutzer : Administrator - BEASTS # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\Combofix Gelöscht : C:\FRST Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\mbar Gelöscht : C:\ComboFix.txt Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.txt Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt Gelöscht : C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Soeperman Enterprises Ltd. Gelöscht : HKLM\SOFTWARE\Swearware Gelöscht : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## |
|
17.11.2013, 07:21
| #12 |
| /// the machine /// TB-Ausbilder | Topic Torch Aufpassen beim Installieren legitimer Software. Adware und Toolbars sind da immer als Extras versteckt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Topic Torch |
| dauernd, gen, heiss, heute, inter, interne, internet, internet security, internet security 2013, loswerden, meinung, pup.optional.browsefox.a, pup.optional.installcore.a, runter, security, suche, werbung, win32/adware.yontoo.b |
WARNUNG an die MITLESER: 
Linear-Darstellung
