| |
| |||||||
Log-Analyse und Auswertung: HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum AufzeichnungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.06.2012, 14:30
| #1 |
 |  HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung HIJACK - auf NETBOOK - und noch - oder nicht mehr? hallo, ich bin Laie und arbeite mich durch Anweisungen aus dem Internet, saniere meine verseuchten Geräte und befürchte, dass ich alles nochmal machen muss, weil ich Eure Anweisungen zu spät gesehen habe. Sowohl mein NETBOOK (das bespreche ich hier) als auch mein RECHNER haben (hatten?) leider Virenbefall. Ich habe von beiden jeweils die Sicherungs- und Antivirenprogramme geladen (nach Antivir-Scan und Malwarebytescheck) Denn mein Linux-Notebook (Arbeit) gewährt mir keine Adminrechte zum Downloaden. Außerdem werden die Dateien bei Linux verfälscht, so dass ich doch immer wieder an den anderen Geräten arbeite, während ich die Anweisungen ansonsten zu befolgen suche und vor allem auch die downloads der ganzen Programm von da oder vom Netbook kommen (Antivir und Eure angegebenen Programme s.u.). Leider habe ich immer vor fast jedem Scan die Programme wieder mit Revo-Uninstaller deinstalliert und dabei vübersehen, dass die Log-Dateien mit verschwinden. Die Reihenfolge war: Antivir (war installiert), Malwarebytes (Hijack-Fund), Eset smart Security, Kaspersky Security 2012 - meist vom Netbook oder auch Rechner geladen, da ich mit Linux auch nicht berechtigt bin, downzuloaden. HIER GEHT ES UM DAS NETBOOK: Netbookfund: Hijack mit Malwarebytes - weiß (s.o.) die genaue Bezeichnung und Ort nicht mehr... Dann habe ich die allgemeine!!! Hilfeseite entdeckt und befolgt. Ich verstehe nicht, ob wirklich bei jedem Scan W-Lan ausgestellt sein muss. Ich hab es nur bei GMER ausgestellt. Malwarebytes habe ich nicht noch mal durchgeführt - da erscheint kein Virus mehr. Ich kann nun diese Daten zeigen: DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:43 on 22/06/2012 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ______________________________________ defogger_enable by jpshortstuff (23.02.10.1) Log created at 20:44 on 22/06/2012 (xxx) Parsing file... -=E.O.F=- ______________________________________ OTL (Ich habe die ausführliche Version gemacht, und nur diese fette Datei bekommen):OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2012 20:55:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = G:\exen Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 609,53 Mb Available Physical Memory | 60,16% Memory free 2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,49% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 29,10 Gb Free Space | 43,83% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,16 Gb Free Space | 26,62% Space Free | Partition Type: FAT32 Drive E: | 7,45 Gb Total Space | 7,34 Gb Free Space | 98,59% Space Free | Partition Type: FAT32 Drive G: | 7,42 Gb Total Space | 5,89 Gb Free Space | 79,35% Space Free | Partition Type: FAT32 Computer Name: \xxx\-30983A | User Name: \xxx\ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 00:47:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\exen\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.04 02:19:44 | 000,023,040 | ---- | M] () -- C:\WINDOWS\system32\kygaLM.dll MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006.10.01 14:37:02 | 000,947,200 | ---- | M] () -- C:\Programme\OpenVPN\bin\libeay32.dll MOD - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 19:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.21 23:45:40 | 000,159,744 | ---- | M] () [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.01 14:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.13 15:28:46 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.07.13 15:28:46 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2008.07.13 15:28:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2008.07.13 15:28:46 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.07.13 15:28:46 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2008.07.13 15:28:46 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.07.13 15:28:45 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.06.10 17:08:00 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.07 19:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.11.15 21:18:20 | 000,572,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 02:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.22 14:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 00:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions [2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com [2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions [2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml [2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml [2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml [2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.18 19:56:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.02 18:03:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 19:56:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:56:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:56:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:56:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:56:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:56:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Automatisch EPSON Stylus DX3800 Series auf ICH-705165CB177] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\Chris\Startmenü\Programme\Autostart\Antroposofischer Seelenkalender.lnk = C:\Programme\AntroVista\Seelenkalender\start.hta () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D758D2-C729-4EF0-8DE2-C31A73771801}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 14:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.22 02:12:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.06.22 02:06:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012 [2012.06.22 02:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2012.06.22 02:03:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.06.22 02:02:47 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2012.06.21 13:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 03:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.21 03:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.19 00:40:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.19 00:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.19 00:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.18 23:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Revo Uninstaller [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.06.22 20:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job [2012.06.22 20:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.22 20:39:39 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job [2012.06.22 16:05:03 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 13:16:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.06.22 09:28:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.22 02:48:59 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.06.22 02:14:19 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.22 00:07:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.19 09:39:00 | 000,451,004 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.19 09:39:00 | 000,434,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.19 09:39:00 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.19 09:39:00 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.19 09:11:39 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.19 03:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.18 23:49:23 | 000,000,879 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Revo Uninstaller.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 02:14:17 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.19 00:40:25 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 10:52:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat ========== LOP Check ========== [2008.07.04 22:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2008.07.04 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 18:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2012.04.30 14:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2008.12.29 23:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.04.17 22:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2008.07.04 22:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 11:42:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: 1gfrp9wt.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\fwlyapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA7C19FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA7C1A8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA7C33AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA7C1AE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA7C1AD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA7C33E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA7C1B056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA7C1B21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA7C19D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA7C1AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA7C1A5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA7C33ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA7C1B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA7C2E084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA7C2F88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA7C1A8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA7C1C53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7C2F088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7C2FA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA7C1B62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA7C2EBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA7C2EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA7C1BB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA7C3230A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA7C1AEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA7C1ADA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA7C1A1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA7C1B97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA7C1AFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA7C1A0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA7C2DEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA7C2F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA7C32500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA7C1BEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA7C2F488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA7C1B7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA7C2E198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA7C2E80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA7C34048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA7C33F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA7C340B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA7C2EA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA7C1C3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA7C2E33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA7C2E4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA7C2E670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA7C33C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA7C1A756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA7C1B3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA7C1C010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA7C2F248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA7C1C104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA7C1C23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA7C1B45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA7C1A392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA7C1A2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA7C1BD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA7C1A47C]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A7C0C9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF92C 5 Bytes JMP A7C0CDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050454C 12 Bytes [06, 3E, C3, A7, 56, B0, C1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [2E, B6, C1, A7, C0, EB, C2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DDC 80504694 4 Bytes CALL C4F80839
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 80504794 16 Bytes [98, E1, C2, A7, 0C, E8, C2, ...] {CWDE ; LOOPZ 0xffffffffffffffc5; CMPSD ; OR AL, 0xe8; RET 0x48a7; INC EAX; RET ; CMPSD ; XCHG ESI, EAX; AAS ; RET ; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 805047C4 4 Bytes [14, EA, C2, A7]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823
---- EOF - GMER 1.0.15 ----
__________________________________________ Leider ging selbst bei GMER einmal das Fenster einer vergessenen E-Plus-Installation auf. Ich hoffe, mich ausreichend ausgedrückt zu haben und warte gespannt auf Hinweise. VIELEN DANK IM VORAUS + Gruß PS: vom Rechner, falls das durch den Transfer von Daten und Downloads zum Netbook eine Rolle spielt - kann ich auch die Antiviren-Datei senden. Es wurden 7 Verschlüsselungs-Trojaner bzw. Viren gefunden. ES IST DER PUM.Hijack im Start Menu (gewesen)! Schade, ich hätte meinen Beitrag gerne editiert, denn nun hab ich doch noch die erste Malbwarebyte Logdatei gefunden... sorry! Ich sende sie jetzt (oder hätte ich das Thema löschen und neu starten sollen?) ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0 w w w . m a l w a r e b y t e s . o r g D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 0 . 0 5 W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2 /xxx/ : : /xxx/ - 7 0 5 1 6 5 C B 1 7 7 [ A d m i n i s t r a t o r ] 2 0 . 0 6 . 2 0 1 2 1 7 : 2 8 : 3 2 m b a m - l o g - 2 0 1 2 - 0 6 - 2 0 ( 1 7 - 2 8 - 3 2 ) . t x t A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P D u r c h s u c h t e O b j e k t e : 3 3 2 1 7 7 L a u f z e i t : 2 S t u n d e ( n ) , 1 1 M i n u t e ( n ) , 9 S e k u n d e ( n ) I n f i z i e r t e S p e i c h e r p r o z e s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e S p e i c h e r m o d u l e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 1 H K C U \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d | S t a r t _ S h o w H e l p ( P U M . H i j a c k . S t a r t M e n u ) - > B ö s a r t i g : ( 0 ) G u t : ( 1 ) - > E r f o l g r e i c h e r s e t z t u n d i n Q u a r a n t ä n e g e s t e l l t . I n f i z i e r t e V e r z e i c h n i s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i e n : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) ( E n d e ) hallo, ich editiere meinen Text von gestern hier nochmal, weil ich einen Logfile doch noch gefunden habe: ich bin Laie und arbeite mich durch Anweisungen aus dem Internet Sowohl mein NETBOOK (das bespreche ich hier) als auch mein RECHNER haben (hatten?) leider Virenbefall (Der Rechner 7 andere Viren als das Netbook). Ich habe von beiden verseuchten Geräten jeweils die Sicherungs- und Antivirenprogramme geladen, mit denen ich auch gescannt habe (nach Antivir-Scan und Malwarebytescheck) (macht das was?) Ich habe entgegen Euren Angaben leider vor fast jedem Scan die Programme wieder mit Revo-Uninstaller deinstalliert und dabei übersehen, dass die Log-Dateien und der VIrus mit verschwinden. Die Reihenfolge war: Antivir (war installiert), Malwarebytes (PlumHijack-Start-Menu-Fund), Eset smart Security, Kaspersky Security 2012 - und dann erst Eure Anweisungen der allgemeinen Hilfe. HIER GEHT ES UM DAS NETBOOK: Ich verstehe nicht, ob wirklich bei jedem Scan W-Lan ausgestellt sein muss. Ich hab es nur bei GMER ausgestellt. Ich kann nun diese Daten zeigen: ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 1 . 0 . 1 4 0 0 w w w . m a l w a r e b y t e s . o r g D a t e n b a n k V e r s i o n : v 2 0 1 2 . 0 6 . 2 0 . 0 5 W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S I n t e r n e t E x p l o r e r 8 . 0 . 6 0 0 1 . 1 8 7 0 2 /xxx/ : : /xxx/ - 7 0 5 1 6 5 C B 1 7 7 [ A d m i n i s t r a t o r ] 2 0 . 0 6 . 2 0 1 2 1 7 : 2 8 : 3 2 m b a m - l o g - 2 0 1 2 - 0 6 - 2 0 ( 1 7 - 2 8 - 3 2 ) . t x t A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P D u r c h s u c h t e O b j e k t e : 3 3 2 1 7 7 L a u f z e i t : 2 S t u n d e ( n ) , 1 1 M i n u t e ( n ) , 9 S e k u n d e ( n ) I n f i z i e r t e S p e i c h e r p r o z e s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e S p e i c h e r m o d u l e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 1 H K C U \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ A d v a n c e d | S t a r t _ S h o w H e l p ( P U M . H i j a c k . S t a r t M e n u ) - > B ö s a r t i g : ( 0 ) G u t : ( 1 ) - > E r f o l g r e i c h e r s e t z t u n d i n Q u a r a n t ä n e g e s t e l l t . I n f i z i e r t e V e r z e i c h n i s s e : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) I n f i z i e r t e D a t e i e n : 0 ( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n ) ( E n d e ) DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:43 on 22/06/2012 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ______________________________________ defogger_enable by jpshortstuff (23.02.10.1) Log created at 20:44 on 22/06/2012 (xxx) Parsing file... -=E.O.F=- ______________________________________ OTL (Ich habe die ausführliche Version gemacht, und nur diese fette Datei bekommen): OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.06.2012 20:55:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = G:\exen Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,23 Mb Total Physical Memory | 609,53 Mb Available Physical Memory | 60,16% Memory free 2,38 Gb Paging File | 2,01 Gb Available in Paging File | 84,49% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 29,10 Gb Free Space | 43,83% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,16 Gb Free Space | 26,62% Space Free | Partition Type: FAT32 Drive E: | 7,45 Gb Total Space | 7,34 Gb Free Space | 98,59% Space Free | Partition Type: FAT32 Drive G: | 7,42 Gb Total Space | 5,89 Gb Free Space | 79,35% Space Free | Partition Type: FAT32 Computer Name: \xxx\-30983A | User Name: \xxx\ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 00:47:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- G:\exen\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.04 02:19:44 | 000,023,040 | ---- | M] () -- C:\WINDOWS\system32\kygaLM.dll MOD - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2006.10.01 14:37:02 | 000,947,200 | ---- | M] () -- C:\Programme\OpenVPN\bin\libeay32.dll MOD - [2005.08.18 10:55:00 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 19:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.09 22:11:31 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.02.21 23:45:40 | 000,159,744 | ---- | M] () [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.01 14:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.13 15:28:46 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.07.13 15:28:46 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2008.07.13 15:28:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2008.07.13 15:28:46 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.07.13 15:28:46 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2008.07.13 15:28:46 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.07.13 15:28:45 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.06.10 17:08:00 | 000,156,160 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.05.07 19:21:40 | 004,739,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.11.15 21:18:20 | 000,572,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{352EFF94-F89E-46B0-8F49-AD92FA714380}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=884e5817-e3ea-42d9-a306-74dd9029a15b&apn_ptnrs=%5EABT&apn_sauid=6B595CEB-98C3-430E-95A5-F3797517C198&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.22 02:32:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.22 02:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.22 14:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 14:25:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.02.22 18:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 00:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions [2011.11.04 01:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 00:40:27 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\extensions\toolbar@ask.com [2010.04.02 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions [2010.01.25 01:24:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.25 01:25:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default.alt\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.19 00:40:27 | 000,002,344 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\askcom.xml [2011.05.17 19:58:53 | 000,005,212 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\ecosia.xml [2009.05.19 21:39:10 | 000,002,314 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\y3nwgdr2.default\searchplugins\forestle-de.xml [2012.06.18 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.17 19:58:08 | 000,017,696 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2012.02.19 02:10:20 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.07 01:24:55 | 000,565,918 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\xxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y3NWGDR2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.06.18 19:56:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.02 18:03:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 19:56:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:56:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:56:18 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:56:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:56:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:56:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Automatisch EPSON Stylus DX3800 Series auf ICH-705165CB177] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\Chris\Startmenü\Programme\Autostart\Antroposofischer Seelenkalender.lnk = C:\Programme\AntroVista\Seelenkalender\start.hta () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D758D2-C729-4EF0-8DE2-C31A73771801}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MDHG1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01f60914-301c-11de-9be8-0015af9f372a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f2e-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f31-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f34-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f36-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell - "" = AutoRun O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a573f37-80e5-11de-9c2e-0015af9f372a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 14:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.22 02:12:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2012.06.22 02:06:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012 [2012.06.22 02:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2012.06.22 02:03:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.06.22 02:02:47 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 13:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2012.06.21 13:28:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2012.06.21 03:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.06.21 03:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.19 00:40:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.19 00:40:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.19 00:39:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.18 23:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Revo Uninstaller [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.06.22 20:40:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007UA.job [2012.06.22 20:39:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.22 20:39:39 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:40:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3134294254-2874434923-681666218-1007Core.job [2012.06.22 16:05:03 | 000,051,712 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 13:16:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.06.22 09:28:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.22 02:48:59 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.06.22 02:14:19 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.22 02:02:47 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012.06.22 00:07:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.19 09:39:00 | 000,451,004 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.19 09:39:00 | 000,434,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.19 09:39:00 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.19 09:39:00 | 000,068,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.19 09:11:39 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.19 03:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.18 23:49:23 | 000,000,879 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Revo Uninstaller.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 02:14:17 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.06.22 02:06:16 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.06.22 02:06:16 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2012.06.19 00:40:25 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 10:52:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat ========== LOP Check ========== [2008.07.04 22:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2008.07.04 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 18:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2012.04.30 14:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner [2008.12.29 23:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.04.17 22:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2008.07.04 22:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.07.13 11:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AD ON Multimedia [2008.07.04 22:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service GmbH [2010.02.07 19:03:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DL [2008.11.17 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EPSON [2012.06.21 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ESET [2010.06.03 13:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GoPal Assistant [2008.12.28 17:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer [2009.04.24 10:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org [2011.04.17 22:44:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TerraTec [2011.02.22 18:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird [2011.03.24 11:23:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Verbindungsassistent [2012.06.22 21:05:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 11:42:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: 1gfrp9wt.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\fwlyapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA7C19FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA7C1A8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA7C33AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA7C1AE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA7C1AD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA7C33E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xA7C1B056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xA7C1B21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA7C19D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA7C1AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA7C1A5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA7C33ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA7C1B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA7C2E084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA7C2F88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA7C1A8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA7C1C53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7C2F088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7C2FA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA7C1B62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA7C2EBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA7C2EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA7C1BB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA7C3230A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA7C1AEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA7C1ADA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA7C1A1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA7C1B97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA7C1AFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA7C1A0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA7C2DEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA7C2F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xA7C32500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA7C1BEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA7C2F488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA7C1B7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA7C2E198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA7C2E80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA7C34048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA7C33F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA7C340B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA7C2EA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA7C1C3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA7C2E33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xA7C2E4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xA7C2E670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA7C33C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA7C1A756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA7C1B3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA7C1C010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA7C2F248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA7C1C104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA7C1C23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA7C1B45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA7C1A392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA7C1A2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA7C1BD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA7C1A47C]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A7C0C9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF92C 5 Bytes JMP A7C0CDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C94 8050454C 12 Bytes [06, 3E, C3, A7, 56, B0, C1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 12 Bytes [2E, B6, C1, A7, C0, EB, C2, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DDC 80504694 4 Bytes CALL C4F80839
.text ntkrnlpa.exe!ZwCallbackReturn + 2EDC 80504794 16 Bytes [98, E1, C2, A7, 0C, E8, C2, ...] {CWDE ; LOOPZ 0xffffffffffffffc5; CMPSD ; OR AL, 0xe8; RET 0x48a7; INC EAX; RET ; CMPSD ; XCHG ESI, EAX; AAS ; RET ; CMPSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 805047C4 4 Bytes [14, EA, C2, A7]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[832] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3308] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823
---- EOF - GMER 1.0.15 ----
__________________________________________ Leider ging selbst bei GMER einmal das Fenster einer vergessenen E-Plus-Installation auf. Ich hoffe, mich ausreichend ausgedrückt zu haben und warte gespannt auf Hinweise. VIELEN DANK IM VORAUS + Gruß PS: vom Rechner, falls das durch den Transfer von Daten und Downloads zum Netbook eine Rolle spielt - kann ich auch die Antiviren-Datei senden. Es wurden 7 Verschlüsselungs-Trojaner bzw. Viren gefunden. |
| Themen zu HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung |
| alternate, avira, avira searchfree toolbar, bho, desktop, einstellungen, error, eset smart security, exe, explorer, firefox, firefox 13.0.1, format, ftp, hijack, home, internet, kaspersky, logfile, mozilla, ntdll.dll, openvpn, programme, realtek, registry, revo-uninstaller, searchscopes, security, software, suche, tastatur, udp, virus |
Baum-Darstellung