Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.06.2013, 06:04   #1
blackhawkkk
 
Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart - Böse

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart



Hallo zusammen,

ich bin seit kurzem von einem Rootkit/Virus befallen.


Ich denke die Ursache war, dass ich eine veraltete Version von Firefox benutzte, bei der sich auch von selbst eine Toolbar installierte etc.



Ich hatte gerade schon alle Logs etc. für einen ausführlichen Bericht hier in dem Forum zusammengestellt, da fand ich mit dem Kaspersky Rootkit Detektor den (vermeindlich) einzigen Rootkit und konnte ihn auch löschen.



Leider habe ich die Symptome jetzt immernoch, weshalb ich nun trtzdem alle Logs nochmal ausgeführt hab und um eure Hilfe bitte:

Symthome sind:
Selbstständiges Aufrufen von irgendwelchen Webseiten (werden durch Malwarebytes geblockt)
Aufrufen von irgendwelchen Webseiten wenn ich auch Google-Suchergebnisse klicke (das worauf ich klicke wird nicht angezeigt sondern ich werde gleich zu einer anderen Seite verlinkt)
Ungewollte Tastaturbefehle/Mausbefehle (ihr habt keine Ahnung was es für ein Aufwand ist, das hier gerade zu schreiben, der hüpft die ganze Zeit hier rum und klickt andauernd)
Ausführen von allen Startdiensten (Wenn ich die Häckchen rausmache, sagt er ich wöre kein Amin, laut Systemsteuerung bin ich das aber noch)
Wenn ich den laptop zumache (Deckel schließe), fährt er in Standbye, fäht aber danach nicht wieder hoch.





Scheint also wirklich doch was heftigeres zu sein... AntiVir und Co finden hier nichts (mehr). Ich hatte zwar schon einige Funde und habe diese beseitigt, aber das Problem besteht noch immer.


Deshalb hier nun die Logs, wie gewünscht dazwischen reboot gemacht.

Bin über jede Hilfe dankbar weil ich mit mienem latein echt am Ende bin.

Danke und viele Grüße
blackhawkkk



Hier die Log Files:

defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:48 on 05/06/2013 (XXXXXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



OTL LOG:

OTL logfile created on: 05.06.2013 20:48:58 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\XXXXXX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3,49 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 67,44% Memory free
5,32 Gb Paging File | 4,08 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 369,89 Gb Free Space | 79,42% Space Free | Partition Type: NTFS
Drive P: | 465,75 Gb Total Space | 369,89 Gb Free Space | 79,42% Space Free | Partition Type: *NT5CSC

Computer Name: CMBTLS111363 | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.05 12:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe
PRC - [2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe
PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Daten\Programme\Mozilla Firefox 21\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe
PRC - [2012.11.03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe
PRC - [2011.07.04 01:39:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011.07.04 01:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011.07.04 01:39:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.07 16:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.04.04 11:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.10.29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.12.03 05:35:48 | 001,313,792 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\HardCopy\hardcopy.exe
PRC - [2009.08.04 05:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.02.09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2006.02.09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2004.01.15 18:19:26 | 000,024,576 | --S- | M] (ITA Systemhaus GmbH) -- c:\Program Files\ITA\SWI-Tools\SWI-Watcher.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Daten\Programme\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe
MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Daten\Programme\Mozilla Firefox 21\mozjs.dll
MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.01.25 10:25:19 | 000,397,704 | ---- | M] () -- C:\Daten\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.08.14 11:50:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.08.14 11:50:07 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012.08.01 07:24:57 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
MOD - [2012.08.01 07:24:51 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012.08.01 07:24:33 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012.08.01 07:24:18 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.08.01 07:19:49 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.08.01 07:19:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.03.09 12:24:22 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8eb0a051\mscorlib.dll
MOD - [2012.03.09 12:24:19 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bd7e59c6\system.xml.dll
MOD - [2012.03.09 12:24:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b956b23\system.dll
MOD - [2012.03.09 12:24:07 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.27 09:36:59 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2012.01.27 09:36:59 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2012.01.27 09:36:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012.01.27 09:36:55 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2012.01.27 09:25:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.27 09:25:36 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2011.07.04 01:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll
MOD - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2011.07.04 01:39:00 | 000,063,488 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\GR\PWRMGRRO.DLL
MOD - [2011.07.04 01:39:00 | 000,052,224 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2009.12.03 05:35:48 | 000,445,440 | ---- | M] () -- C:\Program Files\HardCopy\HcDllS.dll
MOD - [2009.12.03 05:35:48 | 000,057,344 | ---- | M] () -- C:\Program Files\HardCopy\HcDLL2_29_Win32.dll
MOD - [2009.12.03 05:35:48 | 000,043,008 | ---- | M] () -- C:\Program Files\HardCopy\hardcopy_02.dll
MOD - [2008.04.14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013.05.28 12:35:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.21 10:41:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Daten\Programme\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.03 07:22:24 | 001,785,792 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe -- (SmcService)
SRV - [2012.11.03 07:22:24 | 000,288,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\snac.exe -- (SNAC)
SRV - [2012.11.03 07:22:22 | 000,143,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011.07.04 01:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.07.04 01:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.07.04 01:39:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2006.02.09 03:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006.02.09 03:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2004.01.15 18:19:26 | 000,024,576 | --S- | M] (ITA Systemhaus GmbH) [Auto | Running] -- c:\Program Files\ITA\SWI-Tools\SWI-Watcher.exe -- (SWITools-Watcher)
SRV - [2003.03.09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.06.05 18:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.04.25 10:02:33 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130412.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.04.23 11:39:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.04.23 11:39:50 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.04.23 11:39:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.04.23 11:39:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVENG.SYS -- (NAVENG)
DRV - [2013.04.23 11:05:02 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.30 02:05:06 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130424.011\IDSxpx86.sys -- (IDSxpx86)
DRV - [2013.03.07 18:51:56 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.01.31 10:19:34 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013.01.31 10:19:34 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013.01.31 10:19:34 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2013.01.31 10:19:34 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013.01.31 10:19:34 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2012.11.03 07:22:26 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2012.11.03 07:22:26 | 000,585,888 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\srtsp.sys -- (SRTSP)
DRV - [2012.11.03 07:22:26 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2012.11.03 07:22:26 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys -- (SymDS)
DRV - [2012.11.03 07:22:26 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2012.11.03 07:22:26 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys -- (ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A})
DRV - [2012.11.03 07:22:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0107DF\07DF.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.07.04 01:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.07.04 01:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011.05.25 17:22:00 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdxc86.sys -- (risdxc)
DRV - [2011.05.10 15:11:32 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011.05.01 14:21:54 | 007,460,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32)
DRV - [2011.04.05 13:01:40 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011.02.09 14:49:54 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011.02.08 12:00:44 | 000,187,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009.08.04 05:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009.06.30 11:59:06 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009.06.30 11:58:26 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009.06.30 11:58:22 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2007.06.08 10:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2006.02.09 03:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006.02.09 03:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006.02.09 03:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23
IE - HKCU\..\SearchScopes\{FEE99069-514F-40B1-A858-4A79A33A053B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "heute.de | n24.de"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Daten\Programme\Apple\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Daten\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Daten\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFFPlgn\ [2013.04.23 11:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Daten\Programme\Mozilla Firefox 21\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Daten\Programme\Mozilla Firefox 21\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Daten\Programme\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Daten\Programme\plugins

[2012.03.22 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Extensions
[2013.06.01 11:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions
[2013.05.30 19:01:42 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.30 19:01:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.30 19:07:33 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\clickclean@hotcleaner.com
[2013.05.30 19:01:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\Firefox\Profiles\eobn2jlg.default-1369899706203\extensions\firefox@ghostery.com
[2013.05.30 19:01:42 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2013.06.01 11:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\client@anonymox.net.xpi
[2013.05.30 18:57:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.30 19:01:41 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.05.30 19:01:42 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\XXXXXX\Application Data\mozilla\firefox\profiles\eobn2jlg.default-1369899706203\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

O1 HOSTS File: ([2013.05.30 15:49:44 | 000,001,963 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 17 more lines...
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Sav\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk = C:\Program Files\HardCopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Daten\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 4adodge.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: adtranz.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: adtranz.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: bmw.de ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: bmw.de ([www] http in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: chrysler.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: corpdir.net ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: covisint.com ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] http in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] https in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: XXXXXXchrysler.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dctss.com ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: dcx.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dcxnet.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dcxnet.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: debis.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: debis.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dsh.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: evobus.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: fleetboard.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: jeep.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: limaonweb.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: lima-on-web.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: limaonweb.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: lima-on-web.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: mblf.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: meltwater.com ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: meltwaternews.com ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: mtu-friedrichshafen.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: partsandfacts.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: plimas.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: plymouthcars.com ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: project ([]http in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: project ([]https in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: smbta012 ([]http in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: smbta012 ([]https in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: strategicprojectsolutions.net ([]* in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: street-view-maps.de ([www] http in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: t-online.de ([*.XXXXXX-benz] * in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range3 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range4 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range5 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range6 ([*] in Lokales Intranet)
O15 - HKLM\..Trusted Ranges: Range7 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Domains: 4adodge.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: adtranz.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: adtranz.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: bmw.de ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: bmw.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: chrysler.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: corpdir.net ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: covisint.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: XXXXXXchrysler.com ([project.XXXXXX-group] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: XXXXXXchrysler.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dctss.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: dcx.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dcxnet.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dcxnet.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: debis.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: debis.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dsh.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: evobus.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: fleetboard.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: jeep.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: limaonweb.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: lima-on-web.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: limaonweb.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: lima-on-web.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: mblf.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: meltwater.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: meltwaternews.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: XXXXXX-benz.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: XXXXXX-benz.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: mtu-friedrichshafen.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: partsandfacts.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: plimas.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: plymouthcars.com ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: project ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: project ([]https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: smbta012 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: smbta012 ([]https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: strategicprojectsolutions.net ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: street-view-maps.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: t-online.de ([*.XXXXXX-benz] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range5 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range6 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range7 ([*] in Lokales Intranet)
O16 - DPF: {0D9D189C-A7A0-412F-AFCE-96625682ABEF} hxxp://project/Pilot/_layouts/pwa/objects/1031/pjcintl.cab (PJ12deuC Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://email.XXXXXX-group.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} hxxp://project/Pilot/_layouts/pwa/objects/1033/pjcintl.cab (PJ12enuC Class)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control)
O16 - DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} hxxp://project/Pilot/_layouts/pwa/objects/pjclient.cab (PjAdoInfo4 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXXX-group.XXXXXXchrysler.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA059041-9E0D-4C78-968F-B1E85D1EE119}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.27 17:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.05 19:33:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.05 18:04:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.06.05 12:41:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe
[2013.06.05 12:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013.06.05 08:48:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XXXXXX\Recent
[2013.06.05 08:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.06.05 08:20:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013.06.05 07:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\Avira
[2013.06.05 07:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2013.06.05 07:50:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.06.05 07:50:29 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.06.05 07:50:29 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.06.05 07:50:29 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.06.05 07:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2013.06.04 13:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.06.04 13:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013.06.04 13:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013.06.04 13:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\My Documents
[2013.06.04 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Desktop\Rez
[2013.06.04 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013.06.04 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013.05.31 10:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\Mozilla Firefox
[2013.05.28 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\vlc
[2013.05.28 11:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013.05.26 20:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Application Data\DiskAid
[2013.05.26 20:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskAid
[2013.05.26 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013.05.26 20:06:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\XXXXXX\Start Menu\Programs\Administrative Tools
[2013.05.26 20:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\Macroplant_LLC
[2013.05.21 11:42:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.05.21 10:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2013.05.21 10:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Master Collection CS4
[2013.05.17 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.17 16:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[54 \\vmbtf005\homes\XXXXXX\My Documents\*.tmp files -> \\vmbtf005\homes\XXXXXX\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\XXXXXX\*.tmp files -> C:\Documents and Settings\XXXXXX\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.05 20:43:47 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013.06.05 20:42:44 | 000,000,454 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2013.06.05 20:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.05 20:41:14 | 3742,609,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 20:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.05 20:21:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.06.05 19:22:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.06.05 19:04:26 | 003,531,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.05 18:04:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.06.05 15:01:31 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\gmer_2.1.19163.exe
[2013.06.05 12:41:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXXXXX\Desktop\OTL.exe
[2013.06.05 12:40:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XXXXXX\defogger_reenable
[2013.06.05 12:38:39 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe
[2013.06.05 08:46:48 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.06.05 08:46:47 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.06.05 07:50:43 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2013.06.05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-XXXXXX-GROUP-XXXXXX.job
[2013.06.04 23:03:26 | 000,002,653 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2013.06.04 16:28:01 | 000,004,947 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images3.jpeg
[2013.06.04 16:27:45 | 000,015,451 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\get-high-quality-backlinks.jpg
[2013.06.04 16:27:29 | 000,009,522 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\eqc_quality_consultant.jpg
[2013.06.04 16:26:54 | 000,005,934 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images2.jpeg
[2013.06.04 16:26:41 | 000,005,550 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\images.jpeg
[2013.06.04 16:26:30 | 000,041,309 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\quality_img.gif
[2013.06.04 13:23:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.30 09:59:06 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2013.05.26 17:48:48 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\d3d9caps.dat
[2013.05.23 16:32:34 | 001,392,640 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\2223ConsultingProjmgm.indd
[2013.05.23 08:54:35 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2013.05.21 22:59:31 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.21 22:23:11 | 000,214,177 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Nachweis Kraftfahrtbundesamt.pdf
[2013.05.21 08:23:25 | 000,522,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.21 08:23:25 | 000,094,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.20 21:54:40 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit USA Bilder 2013.lnk
[2013.05.20 16:03:10 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit Praxis USA Tuscaloosa XXXXXX NA.lnk
[54 \\vmbtf005\homes\XXXXXX\My Documents\*.tmp files -> \\vmbtf005\homes\XXXXXX\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\XXXXXX\*.tmp files -> C:\Documents and Settings\XXXXXX\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.05 19:04:02 | 003,531,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.05 15:01:27 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\gmer_2.1.19163.exe
[2013.06.05 12:40:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XXXXXX\defogger_reenable
[2013.06.05 12:38:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Defogger.exe
[2013.06.05 08:46:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.06.05 08:46:46 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.06.05 08:46:45 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.05 07:50:43 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2013.06.05 07:40:59 | 000,002,102 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk
[2013.06.05 07:40:58 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
[2013.06.04 16:28:01 | 000,004,947 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images3.jpeg
[2013.06.04 16:27:45 | 000,015,451 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\get-high-quality-backlinks.jpg
[2013.06.04 16:27:29 | 000,009,522 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\eqc_quality_consultant.jpg
[2013.06.04 16:26:54 | 000,005,934 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images2.jpeg
[2013.06.04 16:26:41 | 000,005,550 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\images.jpeg
[2013.06.04 16:26:30 | 000,041,309 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\quality_img.gif
[2013.06.04 13:31:34 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2013.06.04 13:06:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.30 09:59:06 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2013.05.28 11:43:09 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.23 16:32:34 | 001,392,640 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\2223ConsultingProjmgm.indd
[2013.05.23 08:54:35 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2013.05.21 22:20:08 | 000,214,177 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Nachweis Kraftfahrtbundesamt.pdf
[2013.05.20 21:54:40 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit USA Bilder 2013.lnk
[2013.05.20 16:03:09 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Desktop\Verknüpfung mit Praxis USA Tuscaloosa XXXXXX NA.lnk
[2013.03.09 22:31:37 | 000,019,555 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2013.03.09 22:31:37 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2013.03.09 21:37:42 | 000,607,525 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2172393533-4195879740-2580636489-64409-0.dat
[2013.03.07 23:57:11 | 000,324,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013.03.07 19:14:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013.01.22 16:20:44 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.04 16:10:06 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2012.12.04 16:10:06 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2012.12.04 16:10:06 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2012.12.04 16:10:06 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2012.12.04 16:10:06 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2012.07.24 07:15:49 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\XXXXXX\PARTsolutions.trace
[2012.03.23 18:29:34 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\d3d9caps.dat
[2012.03.13 16:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.03.09 12:37:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\XXXXXX\Local Settings\Application Data\fusioncache.dat
[2012.03.09 12:36:31 | 000,055,786 | RHS- | C] () -- C:\Documents and Settings\XXXXXX\ntuser.pol
[2012.01.27 18:08:59 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.01.27 18:08:59 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.01.27 18:08:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.01.27 18:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.27 17:19:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.27 17:14:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.27 10:05:07 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2012.01.27 09:43:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.01.27 09:24:14 | 000,106,049 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011.08.25 08:20:03 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.08.25 08:06:08 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.08.25 08:06:08 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.08.25 08:06:08 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.08.23 15:03:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011.08.23 15:03:13 | 000,522,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.23 15:03:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011.08.23 15:03:13 | 000,094,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.23 15:03:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011.08.23 15:03:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011.08.23 15:03:12 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011.08.23 15:03:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011.08.23 15:03:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011.08.23 15:03:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011.08.23 15:02:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011.08.23 15:02:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== ZeroAccess Check ==========

[2013.06.04 13:55:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\L
[2013.06.05 19:35:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\U
[2013.06.05 19:28:19 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB4618$\2222036603\L\00000004.@
[2012.01.27 09:25:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.05.17 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.01.27 09:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lotus
[2013.03.09 17:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013.04.23 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1992-12.com.symantec
[2013.03.07 23:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012.01.27 09:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012.08.06 08:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\3Dconnexion
[2013.06.04 13:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.26 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\DassaultSystemes
[2013.05.26 20:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\DiskAid
[2013.06.05 19:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Dropbox
[2010.07.12 10:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\FreeHDConverter
[2012.03.06 14:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\ICAClient
[2013.03.01 11:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Leadertech
[2013.04.23 14:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Lotus
[2008.02.14 20:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Mocha
[2013.01.16 18:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\PwrMgr
[2013.03.07 23:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Samsung
[2012.05.29 08:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\T-Systems
[2012.05.29 08:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\T-SystemsCax
[2012.12.11 18:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\think-cell
[2013.03.06 22:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Thunderbird
[2013.03.07 21:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\TrueCrypt
[2013.03.07 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Windows Desktop Search
[2013.03.07 22:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXXXXX\Application Data\Windows Search

========== Purity Check ==========



< End of report >





ES WURDE BEI MIR KEINE EXTRA.txt erstellt? Ist das wichtig? Wie kann ich die noch nachträglich anfertigen? beim ersten Mal wurde die mit angefertigt... oO?!

und jetzt noch die GMER Log Datei:


GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-05 23:46:17
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\XXXXXX\LOCALS~1\Temp\pwtyakob.sys


---- System - GMER 2.1 ----

SSDT 8955CDF8 ZwAlertResumeThread
SSDT 8955CED8 ZwAlertThread
SSDT 89603FC0 ZwAllocateVirtualMemory
SSDT 896FFE58 ZwAssignProcessToJobObject
SSDT B87088AC ZwClose
SSDT 89792D08 ZwConnectPort
SSDT B8708866 ZwCreateKey
SSDT 87DAEDF8 ZwCreateMutant
SSDT B87088B6 ZwCreateSection
SSDT 87DA9EB0 ZwCreateSymbolicLinkObject
SSDT B870885C ZwCreateThread
SSDT 896FFF18 ZwDebugActiveProcess
SSDT B870886B ZwDeleteKey
SSDT B8708875 ZwDeleteValueKey
SSDT B87088A7 ZwDuplicateObject
SSDT 89603248 ZwFreeVirtualMemory
SSDT 87DAEEE8 ZwImpersonateAnonymousToken
SSDT 8955CD58 ZwImpersonateThread
SSDT 89566608 ZwLoadDriver
SSDT B870887A ZwLoadKey
SSDT 895D6150 ZwMapViewOfSection
SSDT 87DA98A0 ZwOpenEvent
SSDT B8708848 ZwOpenProcess
SSDT 895D7440 ZwOpenProcessToken
SSDT 8952DD58 ZwOpenSection
SSDT B870884D ZwOpenThread
SSDT 87DA9F80 ZwProtectVirtualMemory
SSDT B87088CF ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0x99347D70]
SSDT B8708884 ZwReplaceKey
SSDT B87088C0 ZwRequestWaitReplyPort
SSDT B870887F ZwRestoreKey
SSDT 89909C10 ZwResumeThread
SSDT B87088BB ZwSetContextThread
SSDT 895BB120 ZwSetInformationProcess
SSDT B87088C5 ZwSetSecurityObject
SSDT 8952DC10 ZwSetSystemInformation
SSDT B8708870 ZwSetValueKey
SSDT 87DA97C0 ZwSuspendProcess
SSDT 89909CD0 ZwSuspendThread
SSDT B87088CA ZwSystemDebugControl
SSDT B8708857 ZwTerminateProcess
SSDT 896A97E0 ZwTerminateThread
SSDT 895D6090 ZwUnmapViewOfSection
SSDT 89603E88 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D40 805045F8 4 Bytes [E8, EE, DA, 87]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [C0, 97, DA, 87, D0, 9C, 90, ...] {RCL BYTE [EDI-0x632f7826], 0x90; MOV EDX, ECX; MOV [EAX-0x48], DH}
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0x9B1E8380, 0x809E15, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3164] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\IBMPMSVC\Parameters\Notification@Type2 65537

---- EOF - GMER 2.1 ----







Desweiteren gibt es folgende Logs von Antivirenprogrammen:
(leider hab ich den Kaspersky Log nicht, der mir auch 2 Rootkits entfernt hatte),

Antivir:

Exportierte Ereignisse:

05.06.2013 20:45 [System-Scanner] Malware gefunden
Die Datei 'C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta'
enthielt einen Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '543223f1.qua'
verschoben!

05.06.2013 20:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta'
wurde ein Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.06.2013 19:36 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint
Protection\12.1.2015.2015.105\SRTSP\Quarantine\APDBFBD575.dta'
wurde ein Virus oder unerwünschtes Programm 'TR/ZAccess.H' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.06.2013 12:30 [System-Scanner] Malware gefunden
Die Datei 'C:\WINDOWS\XXXXXX-group.scr'
enthielt einen Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57ed85db.qua'
verschoben!

05.06.2013 12:29 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\WINDOWS\XXXXXX-group.scr'
wurde ein Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.06.2013 11:05 [System-Scanner] Malware gefunden
Die Datei 'C:\WINDOWS\install.XXXXXX\ACROREAD.ENU.110\bootnag.exe'
enthielt einen Virus oder unerwünschtes Programm 'SPR/AutoIt.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cbd747f.qua'
verschoben!

05.06.2013 11:05 [System-Scanner] Malware gefunden
Die Datei 'C:\WINDOWS\system32\CCM\Cache\M0000325.3.System\bootnag.exe'
enthielt einen Virus oder unerwünschtes Programm 'SPR/AutoIt.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542a5bd8.qua'
verschoben!

05.06.2013 11:05 [System-Scanner] Malware gefunden
Die Datei 'C:\WINDOWS\XXXXXX-group.scr'
enthielt einen Virus oder unerwünschtes Programm 'HEUR/Malware' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ignoriert.






und ein Log von malewarebytes anti maleware



Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.09.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XXXXXX :: CMBTLS111363 [Administrator]

Schutz: Aktiviert

09.03.2013 21:19:34
mbam-log-2013-03-09 (21-19-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352289
Laufzeit: 1 Stunde(n), 10 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoRecycleFiles (PUM.Disable.Recycle) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)






Okay das wars, vielen vielen Dank für die Mühe und Hilfe!

Alt 06.06.2013, 08:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart - Standard

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart



Hi,

Logs bitte in COdetags posten.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 06.06.2013, 20:21   #3
blackhawkkk
 
Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart - Standard

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart



Hallo & danke für die schnelle Rückmeldung.

Vielleicht ein kurzes Update: Seit gestern fallen mir die Symptome nichtmehr auf, ich weiß allerdings nicht ob das Problem behoben ist. Kann es sein, dass sich die Virenprogramme auch selbst "behindern"?


Hier die beiden Dateien (in besserer Ansicht diesmal )

FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by MKELLN (administrator) on 06-06-2013 13:58:23
Running from C:\Documents and Settings\MKELLN\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avshadow.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe
(ITA Systemhaus GmbH) c:\program files\ita\swi-tools\swi-watcher.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
(Malwarebytes Corporation) C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\CCM\CcmExec.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Avira Operations GmbH & Co. KG) C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe
(sw4you, Siegfried Weckmann) C:\Program Files\HardCopy\hardcopy.exe
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Adobe InDesign CS4\InDesign.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Dropbox, Inc.) C:\Documents and Settings\MKELLN\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Daten\Programme\Mozilla Firefox 21\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Daten\Programme\Adobe\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Daten\Programme\Mozilla Firefox 21\plugin-container.exe
(Adobe Systems, Incorporated) C:\Daten\Programme\Adobe\Adobe Photoshop CS5\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Microsoft Corporation) C:\Daten\Programme\Outlook\Office12\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon [x]
HKLM\...\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r [62240 2009-08-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2270504 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [800104 2011-07-04] (Lenovo Group Limited)
HKLM\...\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [avgnt] "C:\Daten\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll [X]
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [X]
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hardcopy.lnk
ShortcutTarget: Hardcopy.lnk -> C:\Program Files\HardCopy\hardcopy.exe (sw4you, Siegfried Weckmann)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Daten\Programme\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Documents and Settings\MKELLN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MKELLN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={FA715993-C62F-11E2-B4E5-000000000000}
HKCU SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={FA715993-C62F-11E2-B4E5-000000000000}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {FEE99069-514F-40B1-A858-4A79A33A053B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Sav\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
PDF: {0D9D189C-A7A0-412F-AFCE-96625682ABEF} hxxp://project/Pilot/_layouts/pwa/objects/1031/pjcintl.cab
PDF: {3BFFE033-BF43-11D5-A271-00A024A51325} 
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://email.mbtech-group.com/dwa85W.cab
PDF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} hxxp://project/Pilot/_layouts/pwa/objects/1033/pjcintl.cab
PDF: {E008A543-CEFB-4559-912F-C27C2B89F13B} 
PDF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} hxxp://project/Pilot/_layouts/pwa/objects/pjclient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 02 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 03 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 05 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 06 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 07 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 08 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 09 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 10 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 11 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 12 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 13 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 14 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 15 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 16 mswsock.dll [121704] (Apple Inc.)
Winsock: Catalog9 17 mswsock.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.254 10.0.0.253

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MKELLN\Application Data\Mozilla\Firefox\Profiles\bdsq6jnt.defaultextensions.ini
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Daten\Programme\Apple\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Daten\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Daten\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Daten\Programme\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Daten\Programme\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [578784 2006-02-09] (Microsoft Corporation)
R2 Lenovo.micmute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Daten\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [69632 2011-07-04] ()
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited)
R2 SepMasterService; C:\Program Files\Sav\12.1.2015.2015.105\Bin\sms.dll [168912 2012-11-03] (Symantec Corporation)
S2 SkypeUpdate; C:\Daten\Programme\Updater\Updater.exe [161384 2013-02-07] (Skype Technologies)
R3 SmcService; C:\Program Files\Sav\12.1.2015.2015.105\Bin\Smc.exe [1785792 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files\Sav\12.1.2015.2015.105\Bin\snac.exe [288208 2012-11-03] (Symantec Corporation)
R2 SWITools-Watcher; c:\program files\ita\swi-tools\swi-watcher.exe [24576 2004-01-15] (ITA Systemhaus GmbH)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 Wuser32; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [248544 2006-02-09] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130412.011\BHDrvx86.sys [1000024 2013-04-25] (Symantec Corporation)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2011-04-05] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [134304 2012-11-03] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c5132.sys [187048 2011-02-08] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-23] (Symantec Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210304 2009-06-30] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [986240 2009-06-30] (Conexant Systems, Inc.)
R3 idisw2km; C:\Windows\System32\DRIVERS\idisw2km.sys [8992 2006-02-09] (Microsoft Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130424.011\IDSxpx86.sys [373728 2013-03-30] (Symantec Corporation)
R3 kbstuff; C:\Windows\System32\DRIVERS\kbstuff5.sys [11744 2006-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVENG.SYS [93296 2013-04-23] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130424.022\NAVEX15.SYS [1603824 2013-04-23] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\Windows\System32\DRIVERS\NETwNx32.sys [7460992 2011-05-01] (Intel Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [119528 2011-05-10] (NVIDIA Corporation)
R3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20704 2006-02-09] (Microsoft Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSP.SYS [585888 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSPX.SYS [32888 2012-11-03] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 stmtpm; C:\Windows\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMDS.SYS [368288 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMEFA.SYS [927904 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-04-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.SYS [175264 2012-11-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMTDI.SYS [394656 2012-11-03] (Symantec Corporation)
R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [12144 2011-07-04] (Lenovo Group Limited)
R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [4608 2009-08-04] ()
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S4 PCIIde; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S3 pepifilter; system32\DRIVERS\lv302af.sys [x]
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [x]
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
U1 RCHelp; 
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL; 
U3 pwtyakob; \??\C:\DOCUME~1\MKELLN\LOCALS~1\Temp\pwtyakob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 13:57 - 2013-06-06 13:57 - 00000000 ____D C:\FRST
2013-06-06 13:57 - 2013-06-06 13:55 - 01357013 ____A (Farbar) C:\Documents and Settings\MKELLN\Desktop\FRST.exe
2013-06-05 23:51 - 2013-06-05 23:51 - 00005624 ____A C:\Documents and Settings\MKELLN\Desktop\Ereignisse Antivir.txt
2013-06-05 23:46 - 2013-06-05 23:46 - 00007323 ____A C:\Documents and Settings\MKELLN\Desktop\GMER.txt
2013-06-05 20:59 - 2013-06-05 21:29 - 00136084 ____A C:\Documents and Settings\MKELLN\Desktop\OTL.Txt
2013-06-05 20:22 - 2013-06-05 20:48 - 00000474 ____A C:\Documents and Settings\MKELLN\Desktop\defogger_disable.log
2013-06-05 20:07 - 2013-06-05 20:23 - 00001687 ____A C:\Documents and Settings\MKELLN\Desktop\neue textdatein für trojaner.txt
2013-06-05 19:04 - 2013-06-05 19:04 - 03531112 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 18:09 - 2013-06-05 18:09 - 00000075 ____A C:\Documents and Settings\MKELLN\Desktop\schreiben an forum.txt
2013-06-05 15:01 - 2013-06-05 15:01 - 00377856 ____A C:\Documents and Settings\MKELLN\Desktop\gmer_2.1.19163.exe
2013-06-05 12:41 - 2013-06-05 12:41 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\MKELLN\Desktop\OTL.exe
2013-06-05 12:40 - 2013-06-05 12:40 - 00000000 ____A C:\Documents and Settings\MKELLN\defogger_reenable
2013-06-05 12:38 - 2013-06-05 12:38 - 00050477 ____A C:\Documents and Settings\MKELLN\Desktop\Defogger.exe
2013-06-05 12:02 - 2013-06-05 12:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-06-05 11:16 - 2013-06-05 11:16 - 00051376 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-05 08:46 - 2013-06-05 08:46 - 00000785 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-06-05 08:23 - 2013-06-05 08:23 - 00000000 ____D C:\Program Files\Dropbox
2013-06-05 08:20 - 2013-06-05 12:57 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 07:53 - 2013-06-05 07:53 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Avira
2013-06-05 07:50 - 2013-06-05 07:50 - 00001751 ____A C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-06-05 07:50 - 2013-06-05 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-06-05 07:50 - 2013-03-06 16:13 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-05 07:50 - 2013-02-27 13:22 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-05 07:50 - 2013-02-27 13:22 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-05 07:50 - 2012-08-27 15:50 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-06-04 16:28 - 2013-06-04 16:28 - 00004947 ____A C:\Documents and Settings\MKELLN\Desktop\images3.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005934 ____A C:\Documents and Settings\MKELLN\Desktop\images2.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005550 ____A C:\Documents and Settings\MKELLN\Desktop\images.jpeg
2013-06-04 13:31 - 2013-06-04 13:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-04 13:13 - 2013-06-04 13:13 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Rez
2013-06-04 13:06 - 2013-06-05 19:22 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-03 08:59 - 2013-06-05 18:14 - 00000292 ____A C:\Documents and Settings\MKELLN\Desktop\Arbeitszeiten.txt
2013-05-31 10:50 - 2013-06-05 08:43 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Mozilla Firefox
2013-05-28 11:47 - 2013-05-28 11:47 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\vlc
2013-05-28 11:43 - 2013-06-06 13:34 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 20:15 - 2013-05-26 20:15 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\DiskAid
2013-05-26 20:13 - 2013-05-26 20:13 - 00000000 ____D C:\Program Files\SweetIM
2013-05-26 20:13 - 2013-05-21 14:28 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-05-26 20:13 - 2013-05-21 14:28 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-05-26 20:13 - 2013-05-21 14:28 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-05-26 20:00 - 2013-05-26 20:00 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Macroplant_LLC
2013-05-23 16:32 - 2013-05-23 16:32 - 01392640 ____A C:\Documents and Settings\MKELLN\Desktop\2223ConsultingProjmgm.indd
2013-05-21 11:42 - 2013-05-28 09:57 - 00000000 ____D C:\Windows\Minidump
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ALM
2013-05-20 21:54 - 2013-05-20 21:54 - 00000596 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit USA Bilder 2013.lnk
2013-05-20 16:03 - 2013-05-20 16:03 - 00000762 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit Praxis USA Tuscaloosa MBtech NA.lnk
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-13 09:17 - 2013-05-30 09:49 - 00000278 ____A C:\Documents and Settings\MKELLN\Desktop\quellen.txt
2013-05-12 15:42 - 2008-04-14 05:42 - 00020992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dshowext.ax
2013-05-12 15:42 - 2008-04-14 05:42 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\dshowext.ax
2013-05-12 15:42 - 2008-04-14 00:16 - 00121984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-05-12 15:42 - 2008-04-14 00:16 - 00121984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-05-10 14:17 - 2013-06-04 13:21 - 00002473 ____A C:\Documents and Settings\MKELLN\Desktop\todo.txt

==================== One Month Modified Files and Folders ========

2013-06-06 13:57 - 2013-06-06 13:57 - 00000000 ____D C:\FRST
2013-06-06 13:55 - 2013-06-06 13:57 - 01357013 ____A (Farbar) C:\Documents and Settings\MKELLN\Desktop\FRST.exe
2013-06-06 13:34 - 2013-05-28 11:43 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 13:05 - 2012-01-27 18:09 - 00000444 ____A C:\Windows\wiadebug.log
2013-06-06 12:33 - 2012-01-27 09:56 - 00000316 ____A C:\Windows\Tasks\PMTask.job
2013-06-06 08:28 - 2013-03-07 23:19 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Dropbox
2013-06-05 23:51 - 2013-06-05 23:51 - 00005624 ____A C:\Documents and Settings\MKELLN\Desktop\Ereignisse Antivir.txt
2013-06-05 23:46 - 2013-06-05 23:46 - 00007323 ____A C:\Documents and Settings\MKELLN\Desktop\GMER.txt
2013-06-05 22:48 - 2013-03-01 11:43 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Skype
2013-06-05 21:34 - 2012-01-27 10:05 - 00000454 ____A C:\Windows\SMSCFG.ini
2013-06-05 21:33 - 2012-03-09 12:36 - 00000062 __ASH C:\Documents and Settings\MKELLN\Local Settings\desktop.ini
2013-06-05 21:33 - 2012-01-27 18:09 - 00000050 ____A C:\Windows\wiaservc.log
2013-06-05 21:32 - 2012-01-27 17:20 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-05 21:32 - 2012-01-27 17:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-05 21:32 - 2012-01-27 17:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 21:31 - 2013-04-23 11:11 - 03538944 ____A C:\Windows\System32\config\Symantec.evt
2013-06-05 21:31 - 2012-01-27 17:20 - 00032634 ____A C:\Windows\SchedLgU.Txt
2013-06-05 21:30 - 2012-03-09 12:36 - 00001188 ___SH C:\Documents and Settings\MKELLN\ntuser.ini
2013-06-05 21:30 - 2012-01-27 17:15 - 01268086 ____A C:\Windows\WindowsUpdate.log
2013-06-05 21:29 - 2013-06-05 20:59 - 00136084 ____A C:\Documents and Settings\MKELLN\Desktop\OTL.Txt
2013-06-05 20:48 - 2013-06-05 20:22 - 00000474 ____A C:\Documents and Settings\MKELLN\Desktop\defogger_disable.log
2013-06-05 20:23 - 2013-06-05 20:07 - 00001687 ____A C:\Documents and Settings\MKELLN\Desktop\neue textdatein für trojaner.txt
2013-06-05 20:21 - 2012-01-27 18:06 - 00000211 ___SH C:\boot.ini
2013-06-05 20:21 - 2011-08-23 15:03 - 00000607 ____A C:\Windows\win.ini
2013-06-05 20:21 - 2011-08-23 15:03 - 00000227 ____A C:\Windows\system.ini
2013-06-05 19:51 - 2013-03-01 23:22 - 00000000 ____D C:\Windows\pss
2013-06-05 19:35 - 2012-01-27 18:04 - 00000000 ___DC C:\Windows\$NtUninstallKB4618$
2013-06-05 19:35 - 2011-08-23 15:03 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ipsec.sys
2013-06-05 19:26 - 2013-01-15 11:07 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-05 19:22 - 2013-06-04 13:06 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-05 19:04 - 2013-06-05 19:04 - 03531112 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 19:04 - 2012-01-27 09:24 - 00000000 __SHD C:\Windows\CSC
2013-06-05 19:03 - 2013-03-29 10:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-05 18:14 - 2013-06-03 08:59 - 00000292 ____A C:\Documents and Settings\MKELLN\Desktop\Arbeitszeiten.txt
2013-06-05 18:09 - 2013-06-05 18:09 - 00000075 ____A C:\Documents and Settings\MKELLN\Desktop\schreiben an forum.txt
2013-06-05 15:01 - 2013-06-05 15:01 - 00377856 ____A C:\Documents and Settings\MKELLN\Desktop\gmer_2.1.19163.exe
2013-06-05 12:57 - 2013-06-05 08:20 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 12:41 - 2013-06-05 12:41 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\MKELLN\Desktop\OTL.exe
2013-06-05 12:40 - 2013-06-05 12:40 - 00000000 ____A C:\Documents and Settings\MKELLN\defogger_reenable
2013-06-05 12:38 - 2013-06-05 12:38 - 00050477 ____A C:\Documents and Settings\MKELLN\Desktop\Defogger.exe
2013-06-05 12:02 - 2013-06-05 12:02 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-06-05 11:16 - 2013-06-05 11:16 - 00051376 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-05 08:46 - 2013-06-05 08:46 - 00000785 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-06-05 08:43 - 2013-05-31 10:50 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Mozilla Firefox
2013-06-05 08:23 - 2013-06-05 08:23 - 00000000 ____D C:\Program Files\Dropbox
2013-06-05 08:20 - 2012-01-27 18:04 - 00000000 ____D C:\Windows\repair
2013-06-05 08:19 - 2012-01-27 17:14 - 00000000 ____D C:\Windows\Registration
2013-06-05 07:53 - 2013-06-05 07:53 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Avira
2013-06-05 07:50 - 2013-06-05 07:50 - 00001751 ____A C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-06-05 07:50 - 2013-06-05 07:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-06-05 02:00 - 2013-03-09 16:48 - 00000344 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-MBTECH-GROUP-MKELLN.job
2013-06-04 16:28 - 2013-06-04 16:28 - 00004947 ____A C:\Documents and Settings\MKELLN\Desktop\images3.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005934 ____A C:\Documents and Settings\MKELLN\Desktop\images2.jpeg
2013-06-04 16:26 - 2013-06-04 16:26 - 00005550 ____A C:\Documents and Settings\MKELLN\Desktop\images.jpeg
2013-06-04 13:31 - 2013-06-04 13:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-06-04 13:29 - 2013-06-04 13:29 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-04 13:29 - 2013-03-09 16:41 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-04 13:29 - 2012-12-03 10:08 - 00000000 ____D C:\Program Files\Adobe
2013-06-04 13:25 - 2012-03-09 14:28 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Adobe
2013-06-04 13:23 - 2011-08-23 15:03 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-04 13:21 - 2013-05-10 14:17 - 00002473 ____A C:\Documents and Settings\MKELLN\Desktop\todo.txt
2013-06-04 13:13 - 2013-06-04 13:13 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Rez
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-06-04 13:06 - 2013-06-04 13:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-30 19:37 - 2012-03-09 12:36 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Macromedia
2013-05-30 10:34 - 2012-03-09 12:36 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Adobe
2013-05-30 09:49 - 2013-05-13 09:17 - 00000278 ____A C:\Documents and Settings\MKELLN\Desktop\quellen.txt
2013-05-28 12:35 - 2012-12-05 09:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-28 12:35 - 2012-07-24 08:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-28 11:47 - 2013-05-28 11:47 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\vlc
2013-05-28 09:57 - 2013-05-21 11:42 - 00000000 ____D C:\Windows\Minidump
2013-05-28 09:57 - 2013-03-07 23:23 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-26 20:22 - 2013-03-07 23:23 - 00001947 ____A C:\Windows\System32\lvcoinst.log
2013-05-26 20:22 - 2013-01-14 17:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-26 20:15 - 2013-05-26 20:15 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\DiskAid
2013-05-26 20:13 - 2013-05-26 20:13 - 00000000 ____D C:\Program Files\SweetIM
2013-05-26 20:06 - 2012-01-27 18:04 - 00000000 ____D C:\Windows\Resources
2013-05-26 20:00 - 2013-05-26 20:00 - 00000000 ____D C:\Documents and Settings\MKELLN\Local Settings\Application Data\Macroplant_LLC
2013-05-26 17:48 - 2012-03-23 18:29 - 00000664 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\d3d9caps.dat
2013-05-24 00:32 - 2013-04-25 11:52 - 00000000 ____D C:\Documents and Settings\MKELLN\Desktop\Stuff
2013-05-23 16:32 - 2013-05-23 16:32 - 01392640 ____A C:\Documents and Settings\MKELLN\Desktop\2223ConsultingProjmgm.indd
2013-05-22 16:08 - 2013-03-07 20:31 - 00000000 ____D C:\Documents and Settings\MKELLN\Application Data\Apple Computer
2013-05-22 16:04 - 2012-12-03 10:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-21 22:59 - 2013-01-22 16:20 - 00005632 ____A C:\Documents and Settings\MKELLN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 14:28 - 2013-05-26 20:13 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-05-21 14:28 - 2013-05-26 20:13 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-05-21 14:28 - 2013-05-26 20:13 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-05-21 14:28 - 2005-12-09 07:30 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2013-05-21 11:06 - 2012-12-03 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-05-21 10:59 - 2013-05-21 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ALM
2013-05-21 09:00 - 2013-01-15 11:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-21 08:23 - 2012-01-27 18:07 - 00630528 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-20 21:54 - 2013-05-20 21:54 - 00000596 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit USA Bilder 2013.lnk
2013-05-20 16:03 - 2013-05-20 16:03 - 00000762 ____A C:\Documents and Settings\MKELLN\Desktop\Verknüpfung mit Praxis USA Tuscaloosa MBtech NA.lnk
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 16:30 - 2013-05-17 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-11 21:34 - 2012-03-30 10:06 - 00311808 __ASH C:\Documents and Settings\MKELLN\Desktop\Thumbs.db

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

Und die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by XXXXXXX at 2013-06-06 13:58:59 Run:
Running from C:\Documents and Settings\XXXXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip (Version: 4.65.00.0)
Adobe AIR (Version: 3.7.0.1860)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Download Assistant (Version: 1.2.5)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player - 11.5.502.110 - 2.26 - MUI (Version: 11.5.502.110)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AFPL Ghostscript (Version: 8.53)
Anzeige am Bildschirm (Version: 6.42.00)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3640)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.28)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant 20672 SmartAudio HD (Version: 8.32.23.0)
Connect (Version: 1.0.0.1)
DCS Lotus Notes (Version: 7.0.2.6269)
DCS Lotus Notes Lang Pack DEU (Version: 7.02)
DiskAid 5.46 (Version: 5.46)
Dropbox (Version: 2.0.22)
Enable USBhub (Version: 1.01)
Hardcopy für Windows (Version: 17.0.18.0)
HP Foto- und Bildbearbeitung 2.0 - All-in-One (Version: 1.10.0000)
HP Foto und Bildbearbeitung 2.0 - hp psc 2200 series
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber  (Version: 1.10.0000)
hp psc 2200 series (Version: 1.10.0000)
InstallShield ISScript11 (Version: 11.50)
ITM StartMenuLogo (Version: 1.2)
iTunes (Version: 11.0.2.26)
Java(TM) 6 Update 17 (Version: 6.0.170)
JDownloader 0.9 (Version: 0.9)
Kazuya Ujihara ConcatPDF (Version: 1.1.4)
kuler (Version: 2.0)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Supervisor Einstellung: 2
Lenovo System Interface Driver (Version: 1.05)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031)
Microsoft Office Access database engine 2007 (English) Dummy R2 (Version: 12.0.4518.1031)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.4053)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.762)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (Version: 10.0.40219.1)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4763.1000)
Microsoft Software Update for Web Folders  (German) 12 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders  (German) 14 (Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider (Version: 9.00.4035.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic Runtime 5 (Version: 1.01)
Microsoft Visual Basic Runtime 6 (Version: 1.01)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Windows Media Player (Version: 1.01)
Microsoft Windows Media Player MUI (Version: 1.01)
Microsoft Windows Media Player User Settings (Version: 1.01)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mindjet MindManager Viewer 7 (Version: 7.0.472)
MochaSoft Mocha W32 TN3270 (Version: 1.01)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML4.0 redistributable (Version: 4.0.0.0)
Office 2003 German User Interface Pack (Version: 1.01)
Office 2003 Professional Edition User Settings (Version: 1.01)
Office 2010 XP x64
PDF Settings CS4 (Version: 9.0)
PDF Settings CS5 (Version: 10.0)
Photoshop Camera Raw (Version: 5.0)
Presentation Director (Version: 4.32)
PrintKey2000
Project ActiveX PlugIn SP2 (Version: 12.0.6503.5000)
Samsung Kies (Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
SAP GUI 7.20 - 1.06 - DEU (Version: 1.06)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 3)
Site Access WLan Settings (Version: 1.0)
Skype™ 6.2
SMS Advanced Client (Version: 2.50.4160.2000)
Stefan Heinz FreePDF XP - USR (Version: 3.04)
Stefan Heinz FreePDF XP (Version: 3.04)
STM TPM Driver 1.0.4.15 - 32 bits (Version: 1.0.4.15 32bits)
Suite Shared Configuration CS4 (Version: 1.0)
Sun JRE Deployment Configuration (Version: 5.0)
SWI - Buttler (Version: 1.1)
SWI-Tools (Version: 1.0.0)
Symantec Endpoint Protection (Version: 12.1.2015.2015)
ThinkPad Energie-Manager (Version: 1.99j)
ThinkPad FullScreen Magnifier (Version: 2.30)
ThinkPad Modem Adapter (Version: 7.80.5.50)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad UltraNav Driver (Version: 15.3.8.0)
ThinkVantage Fingerprint Software (Version: 5.8.6.6874)
TrueCrypt (Version: 7.1a)
VLC media player 2.0.6 (Version: 2.0.6)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Internet Explorer 8 Multilingual User Interface (MUI) (Version: 20090411.120000)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Search 4.0 (Version: 04.00.6001.503)

==================== Restore Points  =========================

27-01-2012 07:24:57 Installed Microsoft .NET Framework 1.1
27-01-2012 07:25:34 Microsoft .NET Framework 1.1 German Language Pack wird installiert
27-01-2012 07:28:18 Installed Windows KB954550-v5.
27-01-2012 07:28:21 Printer Driver Microsoft XPS Document Writer Installed
27-01-2012 07:28:24 Printer Driver Microsoft XPS Document Writer Installed
27-01-2012 07:37:06 Installed Microsoft redistributable runtime DLLs VS2005 SP1(x86)
27-01-2012 07:37:28 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
27-01-2012 07:37:32 Installed MSXML4.0 redistributable
27-01-2012 07:37:40 Installed ITM StartMenuLogo
27-01-2012 07:38:16 Installed Adobe Reader 8.2.0
27-01-2012 07:40:50 Installed Adobe Flash Player 10 ActiveX.
27-01-2012 07:41:05 Installed DCS Lotus Notes
27-01-2012 07:41:31 Installed DCS Lotus Notes Lang Pack DEU
27-01-2012 07:41:58 Installed AFPL Ghostscript
27-01-2012 07:42:03 Installed Stefan Heinz FreePDF XP
27-01-2012 07:42:08 Installed Microsoft Visual J# .NET Redistributable Package 1.1
27-01-2012 07:42:23 Installed Kazuya Ujihara ConcatPDF
27-01-2012 07:42:32 Installed Office 2003 Professional Edition
27-01-2012 07:43:58 Installed Office 2003 German User Interface Pack
27-01-2012 07:44:59 Installed Microsoft Office Access database engine 2007 (English)
27-01-2012 07:45:36 Installed Windows Internet Explorer 8.
27-01-2012 07:46:00 Installed 7-Zip
27-01-2012 07:46:10 Installed Microsoft Visual Basic Runtime 6
27-01-2012 07:46:21 Installed Microsoft Visual Basic Runtime 5
27-01-2012 07:46:28 Installed MochaSoft Mocha W32 TN3270
27-01-2012 07:46:40 Installed Hardcopy für Windows
27-01-2012 07:46:54 Installed Microsoft Windows Media Player
27-01-2012 07:47:23 Installed Microsoft Windows Media Player MUI
27-01-2012 07:47:33 Installed InstallShield ISScript11
27-01-2012 07:48:44 Installed Java(TM) 6 Update 17
27-01-2012 07:49:35 Installed Sun JRE Deployment Configuration
27-01-2012 07:49:58 Installed Microsoft Office Visio Viewer 2007
27-01-2012 07:50:50 Installed Mindjet MindManager Viewer 7.
27-01-2012 07:51:19 Installed Microsoft Office 2003 Web Components
27-01-2012 07:51:43 Installed Microsoft SQL Server 2005 Analysis Services 9.0 OLEDB Provider
27-01-2012 07:51:52 Installed Project ActiveX PlugIn SP2
27-01-2012 07:51:59 Installed Microsoft Visual C++ 2005 Redistributable
27-01-2012 07:56:11 Installiert Energie-Manager
27-01-2012 08:00:52 Installed Presentation Director
27-01-2012 08:03:51 Installed Windows XP IE8-MUI.
27-01-2012 08:04:35 SWI - Buttler wird installiert
27-01-2012 08:04:38 SWI-Tools wird installiert
27-01-2012 08:05:00 Installed SMS Advanced Client
27-01-2012 08:06:21 Installed Site Access WLan Settings
27-01-2012 08:11:48 Software Distribution Service 3.0
27-01-2012 08:12:47 Software Distribution Service 3.0
27-01-2012 08:13:20 Software Distribution Service 3.0
27-01-2012 08:13:51 Software Distribution Service 3.0
27-01-2012 08:14:24 Software Distribution Service 3.0
27-01-2012 08:14:56 Software Distribution Service 3.0
27-01-2012 08:15:30 Software Distribution Service 3.0
27-01-2012 08:16:04 Software Distribution Service 3.0
27-01-2012 08:16:37 Software Distribution Service 3.0
27-01-2012 08:17:35 Software Distribution Service 3.0
27-01-2012 08:18:08 Software Distribution Service 3.0
27-01-2012 08:18:42 Software Distribution Service 3.0
27-01-2012 08:19:42 Software Distribution Service 3.0
27-01-2012 08:20:18 Software Distribution Service 3.0
27-01-2012 08:20:52 Software Distribution Service 3.0
27-01-2012 08:21:58 Software Distribution Service 3.0
27-01-2012 08:22:33 Software Distribution Service 3.0
27-01-2012 08:23:07 Software Distribution Service 3.0
27-01-2012 08:23:41 Software Distribution Service 3.0
27-01-2012 08:24:15 Software Distribution Service 3.0
27-01-2012 08:24:49 Software Distribution Service 3.0
27-01-2012 08:25:52 Software Distribution Service 3.0
27-01-2012 08:26:26 Software Distribution Service 3.0
27-01-2012 08:27:22 Software Distribution Service 3.0
27-01-2012 08:27:58 Software Distribution Service 3.0
27-01-2012 08:28:32 Software Distribution Service 3.0
27-01-2012 08:29:06 Software Distribution Service 3.0
27-01-2012 08:29:57 Software Distribution Service 3.0
27-01-2012 08:30:30 Software Distribution Service 3.0
27-01-2012 08:33:06 Software Distribution Service 3.0
27-01-2012 08:33:47 Software Distribution Service 3.0
27-01-2012 08:34:23 Software Distribution Service 3.0
27-01-2012 08:34:59 Software Distribution Service 3.0
27-01-2012 08:35:35 Software Distribution Service 3.0
27-01-2012 08:36:11 Software Distribution Service 3.0
27-01-2012 08:36:45 Software Distribution Service 3.0
27-01-2012 08:37:20 Software Distribution Service 3.0
27-01-2012 08:37:55 Software Distribution Service 3.0
27-01-2012 08:38:30 Software Distribution Service 3.0
27-01-2012 08:40:21 Software Distribution Service 3.0
27-01-2012 08:40:57 Software Distribution Service 3.0
27-01-2012 08:41:34 Software Distribution Service 3.0
27-01-2012 08:42:11 Software Distribution Service 3.0
27-01-2012 08:42:44 Software Distribution Service 3.0
27-01-2012 08:43:21 Software Distribution Service 3.0
27-01-2012 08:43:59 Software Distribution Service 3.0
27-01-2012 08:44:34 Software Distribution Service 3.0
27-01-2012 08:45:11 Software Distribution Service 3.0
27-01-2012 08:45:44 Software Distribution Service 3.0
27-01-2012 08:46:21 Software Distribution Service 3.0
27-01-2012 08:46:58 Software Distribution Service 3.0
27-01-2012 08:47:35 Software Distribution Service 3.0
27-01-2012 08:48:11 Software Distribution Service 3.0
27-01-2012 08:48:46 Software Distribution Service 3.0
27-01-2012 08:49:23 Software Distribution Service 3.0
27-01-2012 08:49:58 Software Distribution Service 3.0
27-01-2012 08:50:35 Software Distribution Service 3.0
27-01-2012 08:51:10 Software Distribution Service 3.0
27-01-2012 08:52:04 Software Distribution Service 3.0
27-01-2012 08:52:42 Software Distribution Service 3.0
27-01-2012 08:53:18 Software Distribution Service 3.0
27-01-2012 08:53:56 Software Distribution Service 3.0
27-01-2012 08:54:32 Software Distribution Service 3.0
27-01-2012 08:55:10 Software Distribution Service 3.0
27-01-2012 08:55:45 Software Distribution Service 3.0
27-01-2012 08:56:23 Software Distribution Service 3.0
27-01-2012 08:57:00 Software Distribution Service 3.0
27-01-2012 08:57:37 Software Distribution Service 3.0
27-01-2012 08:58:13 Software Distribution Service 3.0
27-01-2012 08:58:52 Software Distribution Service 3.0
27-01-2012 08:59:31 Software Distribution Service 3.0
27-01-2012 09:00:10 Software Distribution Service 3.0
27-01-2012 09:00:47 Software Distribution Service 3.0
27-01-2012 09:01:23 Software Distribution Service 3.0
27-01-2012 09:02:00 Software Distribution Service 3.0
27-01-2012 09:02:37 Software Distribution Service 3.0
27-01-2012 09:03:12 Software Distribution Service 3.0
27-01-2012 09:04:32 Software Distribution Service 3.0
27-01-2012 09:05:14 Software Distribution Service 3.0
27-01-2012 09:05:47 Software Distribution Service 3.0
27-01-2012 09:06:28 Software Distribution Service 3.0
27-01-2012 09:07:04 Software Distribution Service 3.0
27-01-2012 09:07:42 Software Distribution Service 3.0
27-01-2012 09:08:25 Software Distribution Service 3.0
27-01-2012 09:09:07 Software Distribution Service 3.0
27-01-2012 09:09:32 Installed Symantec AntiVirus

==================== Hosts content: ==========================

::1 localhost


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5891

Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5891

Error: (06/06/2013 00:10:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3938

Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3938

Error: (06/06/2013 00:10:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1953

Error: (06/06/2013 00:10:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/06/2013 07:38:23 AM) (Source: AutoEnrollment) (User: )
Description: Die automatische Zertifikatregistrierung für "XXXX\XXXXXXX" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.
 Die Registrierung wird nicht durchgeführt.


System errors:
=============
Error: (06/06/2013 01:18:04 PM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 59 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (06/06/2013 01:18:04 PM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 60 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (06/06/2013 00:48:03 PM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (06/06/2013 00:48:03 PM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 30 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (06/06/2013 00:33:05 PM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (06/06/2013 00:33:05 PM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (06/06/2013 11:37:08 AM) (Source: NETLOGON) (User: )
Description: Es steht kein Domänencontroller für die Domäne XXXXXXX-GROUP aus folgendem Grund zur
Verfügung: 
%%1311.

Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und
versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht.

Error: (06/06/2013 11:23:21 AM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 239 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error: (06/06/2013 11:23:21 AM) (Source: W32Time) (User: )
Description: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp1.XXXXXXX-group.XXXXXXXXXXXXXX.com" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 240 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)

Error: (06/06/2013 09:23:21 AM) (Source: W32Time) (User: )
Description: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 119 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 3569.16 XXXXXXX
Available physical RAM: 1232.59 XXXXXXX
Total Pagefile: 5449.57 XXXXXXX
Available Pagefile: 2453.09 XXXXXXX
Total Virtual: 2047.88 XXXXXXX
Available Virtual: 1950.13 XXXXXXX

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:369.49 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive p: (Offline) (Network) (Total:465.75 GB) (Free:369.49 GB) *NT5CSC

==================== XXXXXXXR & Partition Table ==================

========================================================
Disk: 0 (XXXXXXXR Code: Windows XP) (Size: 466 GB) (Disk ID: 05752120)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 07.06.2013, 06:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart - Standard

Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart



Zitat:
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
Dateien, wie Crack.exe, Keygen.exe oder Patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart
adobe, antivir, aufrufe, avg, avira, bho, bonjour, eigenständige, excel, firefox, flash player, format, heur/malware, home, hängen, intranet, kaspersky, launch, logfile, maus, mozilla, problem, pum.disable.recycle, pum.hijack.help, registry, rootkit, scan, security, software, spr/autoit.gen, symantec, trojan, udp, virus, webside



Ähnliche Themen: Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart


  1. Maus/Desktop/Webseiten reagieren manchmal nicht
    Plagegeister aller Art und deren Bekämpfung - 09.12.2014 (13)
  2. Virus öffnet schädliche Webseiten und Werbeseiten + Webseiten voller Werbung
    Log-Analyse und Auswertung - 27.10.2014 (10)
  3. Blackscreen mit beweglicher Maus nach Systemstart
    Alles rund um Windows - 20.10.2014 (2)
  4. Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?
    Log-Analyse und Auswertung - 19.01.2014 (20)
  5. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  6. QVO6 Virus / Firefox plötzlich verändert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (20)
  7. Virus w32.SillyFdc seitdem Startdatei verändert?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (37)
  8. LIVE SECURITY PLATINUM: kein Browser ruft Webseiten auf - habe versehentlich alle Malwarebytes-Funde entfernt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  9. Jemand steuert meinen Pc fern!
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (1)
  10. gomeo virus / proxy server verändert
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (1)
  11. Maus klickt von selber - MSN Oberfläche bei einloggen verändert sich (Keylogger?)
    Log-Analyse und Auswertung - 02.01.2010 (2)
  12. RAM-Werte stark verändert => Virus?
    Log-Analyse und Auswertung - 26.12.2009 (1)
  13. Browser öffnet Webseiten im Hintergrund / Rootkit.Agent
    Plagegeister aller Art und deren Bekämpfung - 02.12.2009 (44)
  14. Malware steuert google-Suche
    Plagegeister aller Art und deren Bekämpfung - 04.04.2009 (1)
  15. IE ruft willkürlich Webseiten auf
    Log-Analyse und Auswertung - 31.03.2009 (11)
  16. Trojaner der vieles Steuert HILFE
    Mülltonne - 04.12.2008 (0)
  17. Taskmanager/Uhrzeit verändert w-lan ständig unterbrochen ?virus?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2007 (5)

Zum Thema Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart - Hallo zusammen, ich bin seit kurzem von einem Rootkit/Virus befallen. Ich denke die Ursache war, dass ich eine veraltete Version von Firefox benutzte, bei der sich auch von selbst eine - Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart...
Archiv
Du betrachtest: Virus/Rootkit ruft Webseiten auf, steuert Maus und verändert Systemstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.