| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.datWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.11.2011, 20:07
| #1 |
 |  Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Hallo Forum, ich hoffe ihr könnt mir bei folgendem Problem(en) weiterhelfen. Ich schildere mal den chronologischen Ablauf: Es erschien -plötzlich- ein ca. 3x3 cm großes, weißes Feld was sich über alle Programme gelegt hat. Also nicht nur auf dem Desktop sichtbar sondern auch beim öffenen anderer Programme war das zu sehen. Das Feld selbst hat nicht reagiert, nicht bei links oder rechtsklick der Maus und auch nicht bei Alt+F4. Programme (Word, IE etc.) konnte ich alle (sehr verlangsamt) ausführen bei einer sehr hohen Systemauslastung. Normal runterfahren oder Neustart hat nich funktioniert, also den Reset Knopf gedrückt und neu gestartet. Das weiße Fenster war dann weg. Dennoch hatte ich eine sehr hohe Systemauslastung und ziemlich viele Prozesse die im Hintergrund gelaufen sind. Zugegeben, ich hab davon keine Ahnung und es ist sehr selten, dass ich in das Prozessfenster schaue - aber meines Erachtens war es ziemlich viel! Etwas später wollte ich auf Facebook. Internet kein Problem aber ich wurde von Facebook aufgefordert das Gerät zu bennen mit dem ich mich einlogge...da wurde ich stutzig. Das hab ich doch schon mal gemacht? Auf jeden Fall hab ich das dann getan und prompt kam die Nachricht per Mail von FB: A new device named "***" logged into your Facebook account (Sunday, November 13, 2011 at 4:03am) from Paderborn, NW, DE (IP=91.5.198.88). Das die Zeit nicht stimmt könnte ja ein Fehler von FB sein o.ä. Aber ich wohne weder in Paderborn (sondern in Düsseldorf) noch kam mir die IP bekannt vor. Logisch, wenn mir auch FB das schreibt. Dann hab ich mir gedacht ich lass den Computer in Ruhe und guck mal nach ähnlichen Problemen mit dem Macbook. Beim Macbook konnte ich keine Verbindung zu Netzwerk herstellen. An den nächsten Laptop - der kam dann rein. Erste Blick auf die IP (www.wieistmeineip.de) und es war die gleiche wie auf dem Desktop-PC. Kann das sein? Ähnliche Fehler konnte ich im Netz nicht finden. Also hab ich am (Problem-) Desktop-PC erstmal Antivir, Malwarebytes und Adware (nacheinander) laufen lassen. Malwarebyte hat dann "avdrn.dat" gefunden und in Quarantäne geschoben. Antivir und Adaware haben auch diverses gefunden, gelöscht oder verschoben. Waren soweit ich das beurteilen kann nur Cookies. Ohne "riskantes surfen" wie Online banking etc. bin ich als "Test" auf verschiedene Seiten gegangen (YouTube, Bild, Trojaner Board etc.) Interessanter Weise kam sehr häufig die Meldung: "Diese Webseite wurde aufgrund eines fehlerhaften oder bösartigen Add-Ons geschlossen" Trozdem ich immer wieder die gleichen Seiten besucht habe - mal mit und mal ohne diese Meldung. So eine Meldung hatte ich noch NIE! Jetzt zu meiner Frage: Ist das eine Reihe unglücklicher Zufälle oder kann es sein das ich mir was eingefangen habe?!? Sofern von Bedeutung: - Desktop-PC (der Problemfall) geht über LAN (Netgear Powerline Adapter) - Macbook und Laptop gehen über W-LAN - VDSL Leitung von Telekom (ein Anschluss) Ich hoffe ich hab die Anleitung richtig verstanden. Hier der OTL Code:
ATTFilter OTL logfile created on: 13.11.2011 15:42:10 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 344,69 Mb Available Physical Memory | 33,71% Memory free 2,40 Gb Paging File | 1,50 Gb Available in Paging File | 62,36% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 78,95 Gb Free Space | 61,69% Space Free | Partition Type: NTFS Computer Name: ***-6154616FC9 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe PRC - [2011.11.13 15:37:13 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6C8W199D\Defogger[1].exe PRC - [2011.10.31 13:09:09 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.10.05 09:18:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.05 09:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.11.13 15:37:13 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6C8W199D\Defogger[1].exe MOD - [2011.10.31 13:09:24 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2011.10.31 13:09:22 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2011.10.31 13:07:31 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011.10.11 14:50:10 | 000,193,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2011.10.11 14:50:08 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011.10.05 09:18:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.08.18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll MOD - [2010.11.17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Programme\Free Download Manager\iefdm2.dll MOD - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2006.10.26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.08.18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.26 19:20:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 15:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Append to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95701F45-94EB-45E9-97A3-26922D8D4750}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.15 19:02:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell - "" = AutoRun O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.13 15:39:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe [2011.11.13 15:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.11.13 14:43:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes [2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes [2011.11.13 14:42:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.13 14:42:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.11.11 19:54:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Search Settings [2011.11.11 19:54:19 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2011.11.11 19:54:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2011.11.11 19:54:18 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2011.10.31 13:24:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft [2011.10.31 13:09:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Glary Utilities [2011.10.31 13:08:49 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities [2011.10.31 13:08:14 | 006,401,096 | ---- | C] (Glarysoft Ltd ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe [2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Lavasoft [2011.10.30 16:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc [2011.10.30 16:10:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\VideoLAN [2011.10.30 16:09:39 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.10.30 15:56:56 | 000,000,000 | ---D | C] -- C:\Programme\FLV Player [2008.10.27 10:38:54 | 000,095,056 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [2008.10.27 10:37:34 | 001,692,496 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll [2008.10.27 10:36:58 | 000,526,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.13 15:43:57 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe [2011.11.13 15:42:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe [2011.11.13 15:38:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\defogger_reenable [2011.11.13 15:23:45 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kqrtxbkm.sys [2011.11.13 14:42:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.13 14:09:04 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.11.13 14:01:32 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.11.13 14:00:49 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011.11.13 14:00:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.11 15:55:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011.11.11 15:55:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011.11.09 22:23:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.06 17:19:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.11.03 16:34:00 | 000,240,640 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot [2011.10.31 21:41:08 | 000,257,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf [2011.10.31 13:44:42 | 000,094,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.10.31 13:09:26 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011.10.31 13:09:03 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk [2011.10.31 13:08:14 | 006,401,096 | ---- | M] (Glarysoft Ltd ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe [2011.10.31 13:02:58 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2011.10.31 10:57:27 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2011.10.30 16:10:23 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk [2011.10.30 12:47:41 | 000,479,008 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.10.30 12:47:41 | 000,437,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.10.30 12:47:41 | 000,092,414 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.10.30 12:47:41 | 000,069,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.10.27 20:16:45 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.13 15:43:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe [2011.11.13 15:38:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\defogger_reenable [2011.11.13 15:23:45 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kqrtxbkm.sys [2011.11.13 14:42:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.03 16:34:00 | 000,240,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot [2011.11.03 15:31:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.11.03 15:31:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.10.31 21:41:08 | 000,257,440 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf [2011.10.31 16:33:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.10.31 13:09:11 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011.10.31 13:09:03 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk [2011.10.31 13:03:21 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.10.31 13:02:58 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2011.10.31 10:57:27 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2011.10.30 16:10:23 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk [2011.09.10 23:36:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.01.10 20:04:21 | 000,113,591 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2011.01.10 20:04:21 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2011.01.01 12:15:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2010.10.05 21:10:16 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2010.09.03 16:44:55 | 000,004,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm [2009.03.29 15:27:33 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.03.24 20:23:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.03.24 20:20:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.03.23 20:20:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.22 15:36:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.03.22 15:36:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.03.21 23:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.03.21 20:39:38 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.19 22:14:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009.03.19 22:14:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1230.ini [2009.03.19 21:55:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2009.03.19 21:55:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2009.03.19 21:55:55 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin [2009.03.19 21:52:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.03.19 21:52:23 | 000,000,453 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009.03.19 21:52:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009.03.19 21:52:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.03.19 21:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.03.19 21:36:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.03.19 21:35:05 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.02.18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.02.18 14:44:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.02.18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.02.18 14:44:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009.02.18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.02.18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.02.18 14:44:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.02.18 14:44:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.10.27 10:38:20 | 013,265,184 | ---- | C] () -- C:\Programme\dxnt.cab [2008.10.27 10:38:20 | 004,163,646 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2008.10.27 10:38:20 | 001,907,944 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2008.10.27 10:38:20 | 001,803,074 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2008.10.27 10:38:18 | 001,801,176 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2008.10.27 10:38:18 | 001,795,100 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2008.10.27 10:38:18 | 001,793,624 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2008.10.27 10:38:18 | 001,770,878 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2008.10.27 10:38:18 | 001,710,376 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2008.10.27 10:38:18 | 001,709,168 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2008.10.27 10:38:18 | 001,608,374 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2008.10.27 10:38:16 | 001,608,790 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2008.10.27 10:38:16 | 001,608,302 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2008.10.27 10:38:16 | 001,607,055 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2008.10.27 10:38:16 | 001,575,392 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2008.10.27 10:38:16 | 001,572,170 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2008.10.27 10:38:14 | 001,551,228 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2008.10.27 10:38:14 | 001,465,688 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2008.10.27 10:38:14 | 001,464,894 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2008.10.27 10:38:14 | 001,413,918 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2008.10.27 10:38:14 | 001,363,812 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2008.10.27 10:38:14 | 001,358,992 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2008.10.27 10:38:12 | 001,444,298 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2008.10.27 10:38:12 | 001,398,846 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2008.10.27 10:38:12 | 001,351,558 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2008.10.27 10:38:10 | 001,348,370 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2008.10.27 10:38:10 | 001,337,018 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2008.10.27 10:38:10 | 001,248,515 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2008.10.27 10:38:10 | 001,156,507 | ---- | C] () -- C:\Programme\BDANT.cab [2008.10.27 10:38:10 | 001,128,233 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2008.10.27 10:38:10 | 001,116,237 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2008.10.27 10:38:10 | 001,080,472 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2008.10.27 10:38:08 | 001,085,736 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2008.10.27 10:38:08 | 001,079,978 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab [2008.10.27 10:38:08 | 001,078,660 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2008.10.27 10:38:08 | 001,065,941 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2008.10.27 10:38:08 | 001,014,241 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2008.10.27 10:38:08 | 000,995,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2008.10.27 10:38:08 | 000,122,810 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2008.10.27 10:38:08 | 000,097,833 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2008.10.27 10:38:08 | 000,094,750 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2008.10.27 10:38:04 | 000,976,164 | ---- | C] () -- C:\Programme\BDAXP.cab [2008.10.27 10:38:04 | 000,966,445 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2008.10.27 10:38:04 | 000,917,446 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2008.10.27 10:38:04 | 000,868,844 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2008.10.27 10:38:04 | 000,868,628 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2008.10.27 10:38:04 | 000,865,616 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2008.10.27 10:38:04 | 000,853,302 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2008.10.27 10:38:04 | 000,850,935 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2008.10.27 10:38:04 | 000,096,053 | ---- | C] () -- C:\Programme\dxupdate.cab [2008.10.27 10:38:04 | 000,094,144 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2008.10.27 10:38:04 | 000,055,538 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2008.10.27 10:38:04 | 000,045,464 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2008.10.27 10:38:02 | 000,850,183 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2008.10.27 10:38:02 | 000,845,900 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2008.10.27 10:38:02 | 000,819,276 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2008.10.27 10:38:02 | 000,094,028 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2008.10.27 10:38:02 | 000,093,700 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2008.10.27 10:38:02 | 000,088,158 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2008.10.27 10:38:02 | 000,088,117 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2008.10.27 10:38:02 | 000,087,053 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2008.10.27 10:38:02 | 000,056,170 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,056,074 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,054,318 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2008.10.27 10:38:02 | 000,047,160 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,047,074 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2008.10.27 10:38:02 | 000,046,375 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2008.10.27 10:38:02 | 000,022,921 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2008.10.27 10:38:02 | 000,022,867 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2008.10.27 10:38:02 | 000,019,512 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2008.10.27 10:38:00 | 000,804,900 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2008.10.27 10:38:00 | 000,797,883 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2008.10.27 10:38:00 | 000,700,060 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2008.10.27 10:38:00 | 000,699,628 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2008.10.27 10:38:00 | 000,047,026 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2008.10.27 10:38:00 | 000,022,883 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2008.10.27 10:37:58 | 000,699,488 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2008.10.27 10:37:58 | 000,696,881 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2008.10.27 10:37:58 | 000,272,384 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2008.10.27 10:37:58 | 000,270,858 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2008.10.27 10:37:58 | 000,270,644 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2008.10.27 10:37:54 | 000,274,976 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2008.10.27 10:37:54 | 000,273,627 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,270,040 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,252,210 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2008.10.27 10:37:52 | 000,227,266 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,199,112 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2008.10.27 10:37:50 | 000,213,823 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2008.10.27 10:37:50 | 000,198,138 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2008.10.27 10:37:50 | 000,193,491 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2008.10.27 10:37:48 | 000,197,778 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,196,782 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,195,691 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,192,736 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2008.10.27 10:37:48 | 000,183,919 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2008.10.27 10:37:48 | 000,183,377 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,181,801 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,180,149 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,179,375 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,154,028 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2008.10.27 10:37:44 | 000,153,925 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2008.10.27 10:37:44 | 000,152,241 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,149,280 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,148,999 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,146,615 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2008.10.27 10:37:42 | 000,139,033 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2008.10.27 10:37:42 | 000,138,251 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,134,687 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,133,425 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,123,352 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2008.10.27 10:37:40 | 000,122,840 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2008.10.27 10:37:40 | 000,122,070 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2008.10.27 10:37:38 | 000,134,119 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 13:00:00 | 000,479,008 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 13:00:00 | 000,437,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 13:00:00 | 000,092,414 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 13:00:00 | 000,069,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2009.05.05 19:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\1DA [2009.05.10 12:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\FreeDownloadManager.ORG [2009.05.22 15:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MGS [2009.05.22 15:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microgaming [2009.04.04 10:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011.07.04 20:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.05.10 12:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Azureus [2011.10.20 18:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoft [2011.04.25 16:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.09.12 12:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\eMule [2011.01.31 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Faxbus [2011.10.31 14:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Free Download Manager [2011.10.31 13:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft [2011.06.15 18:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\ICAClient [2011.06.13 19:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ifu Hamburg GmbH, Germany [2010.02.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Load [2009.05.27 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\OpenOffice.org [2010.02.04 21:54:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\pdfforge [2011.11.11 19:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Search Settings [2009.03.22 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Desktop Search [2009.03.22 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Search [2011.11.13 14:01:32 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011.11.13 14:00:49 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.11.2011 15:42:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 344,69 Mb Available Physical Memory | 33,71% Memory free
2,40 Gb Paging File | 1,50 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 127,99 Gb Total Space | 78,95 Gb Free Space | 61,69% Space Free | Partition Type: NTFS
Computer Name: ***-6154616FC9 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{2492ACEF-8CB8-4AB7-8E60-4F89D701EAA1}" = Connection Manager
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{34245C50-792C-437D-A4AF-645FF041739B}" = Connection Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D8B84F5-DB34-4F6E-B4BF-1C8E753D77BC}" = NETGEAR XE103 Powerline Encryption Utility
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FEBD11-E587-4C41-AD33-0CD90D26A964}" = Client für die Windows-Rechteverwaltung mit Service Pack 2
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"EFB1" = EFB1: An introduction to a company
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Glary Utilities_is1" = Glary Utilities 2.38.0.1288
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D8B84F5-DB34-4F6E-B4BF-1C8E753D77BC}" = NETGEAR XE103 Powerline Encryption Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.11.2011 11:41:28 | Computer Name = ***-6154616FC9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.4518.1014, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.11.2011 14:11:54 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul sdhelper.dll, Version 1.6.2.14, Fehleradresse 0x000051a0.
Error - 12.11.2011 06:04:51 | Computer Name = ***-6154616FC9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.11.2011 06:04:53 | Computer Name = ***-6154616FC9 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.11.2011 08:32:07 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.11.2011 09:30:01 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.11.2011 09:32:02 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.11.2011 10:34:35 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.11.2011 10:35:32 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.11.2011 10:45:51 | Computer Name = ***-6154616FC9 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
[ OSession Events ]
Error - 22.04.2010 11:52:49 | Computer Name = ***-6154616FC9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 144
seconds with 60 seconds of active time. This session ended with a crash.
Error - 30.05.2011 17:28:23 | Computer Name = ***-6154616FC9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20748
seconds with 1860 seconds of active time. This session ended with a crash.
Error - 04.11.2011 11:40:31 | Computer Name = ***-6154616FC9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3239
seconds with 1680 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.11.2011 08:51:22 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:22 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 13.11.2011 08:51:23 | Computer Name = ***-6154616FC9 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-13 18:46:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3250823AS rev.3.03
Running: s1usdy6y.exe; Driver: C:\DOKUME~1\***~1.***\LOKALE~1\Temp\awlcqfob.sys
---- System - GMER 1.0.15 ----
SSDT F7CF0864 ZwClose
SSDT F7CF081E ZwCreateKey
SSDT F7CF086E ZwCreateSection
SSDT F7CF0814 ZwCreateThread
SSDT F7CF0823 ZwDeleteKey
SSDT F7CF082D ZwDeleteValueKey
SSDT F7CF085F ZwDuplicateObject
SSDT F7CF0832 ZwLoadKey
SSDT F7CF0800 ZwOpenProcess
SSDT F7CF0805 ZwOpenThread
SSDT F7CF0887 ZwQueryValueKey
SSDT F7CF083C ZwReplaceKey
SSDT F7CF0878 ZwRequestWaitReplyPort
SSDT F7CF0837 ZwRestoreKey
SSDT F7CF0873 ZwSetContextThread
SSDT F7CF087D ZwSetSecurityObject
SSDT F7CF0828 ZwSetValueKey
SSDT F7CF0882 ZwSystemDebugControl
SSDT F7CF080F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5B3D360, 0x35483F, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[792] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413652C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41365334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413651FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413653FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4136525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 4126DBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2484] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 413656FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[3312] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605629 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413652C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41365334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413651FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413653FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[4024] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4136525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7QZINQB9\forumnav_bg_2[1].gif 897 bytes
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7QZINQB9\vbulletin_ajax_tagsugg[1].js 5332 bytes
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7QZINQB9\vbulletin_ajax_threadrate[1].js 2602 bytes
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PY7XUF04\7044906_43d66aea-ef3e-4726-92f2-0bd96700e6c9[1].js 3757 bytes
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YAKLCZQU\search[8] 1254 bytes
File C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YAKLCZQU\search[9] 958 bytes
---- EOF - GMER 1.0.15 ----
|
|
14.11.2011, 20:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
15.11.2011, 20:38
| #3 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Hallo Arne,
__________________hier die Daten: Neuer Vollscan Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8166
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.11.2011 18:31:31
mbam-log-2011-11-15 (18-31-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 343080
Laufzeit: 2 Stunde(n), 4 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\system volume information\_restore{57b149ff-20fc-4500-8eb2-dda73a4eb26a}\RP691\A0064487.exe (PUP.Casino) -> No action taken.
hier noch ein "alter" Quickscan direkt nach dem Fehler: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8152
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.11.2011 15:15:16
mbam-log-2011-11-13 (15-15-14).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 232009
Laufzeit: 10 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\***.***-6154616fc9\anwendungsdaten\avdrn.dat (Malware.Trace) -> No action taken.
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ee8926e1b4c0f45a836a3ef37821343
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 07:33:26
# local_time=2011-11-15 08:33:26 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 3231273 3231273 0 0
# compatibility_mode=8192 67108863 100 0 3903 3903 0 0
# scanned=114238
# found=6
# cleaned=0
# scan_time=6348
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\jar_cache5752015444070384545.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\Red18.tmp a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\rub17.tmp a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OH2AH71I\index[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\MicroGaming\Casino\RedFlush\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\MicroGaming\Casino\RubyFortune\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
|
|
16.11.2011, 09:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.11.2011, 18:46
| #5 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Ok - einmal der OTL: Code:
ATTFilter OTL logfile created on: 16.11.2011 17:53:29 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 233,35 Mb Available Physical Memory | 22,82% Memory free 2,40 Gb Paging File | 1,69 Gb Available in Paging File | 70,44% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 127,99 Gb Total Space | 78,89 Gb Free Space | 61,64% Space Free | Partition Type: NTFS Computer Name: ***-6154616FC9 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe PRC - [2011.10.31 13:09:09 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.10.05 09:18:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.05 09:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.10.31 13:09:24 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2011.10.31 13:09:22 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2011.10.31 13:07:31 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2011.10.11 14:50:10 | 000,193,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2011.10.11 14:50:08 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011.10.05 09:18:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.08.18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll MOD - [2010.11.17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2008.07.24 14:52:00 | 000,307,200 | ---- | M] () -- C:\Programme\Connection Manager\sysctrl.exe MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2006.10.26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2006.10.26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.31 13:09:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.08.18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.26 19:20:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 15:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Append to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95701F45-94EB-45E9-97A3-26922D8D4750}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.15 19:02:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell - "" = AutoRun O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.15 18:42:37 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.11.14 20:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\CCleaner [2011.11.14 20:12:54 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.11.14 20:11:51 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\ccsetup312.exe [2011.11.13 15:39:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe [2011.11.13 15:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.11.13 14:43:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes [2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.11.13 14:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes [2011.11.13 14:42:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.13 14:42:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.10.31 13:24:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft [2011.10.31 13:09:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Glary Utilities [2011.10.31 13:08:49 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities [2011.10.31 13:08:14 | 006,401,096 | ---- | C] (Glarysoft Ltd ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe [2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2011.10.31 13:02:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Lavasoft [2011.10.30 16:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc [2011.10.30 16:10:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\VideoLAN [2011.10.30 16:09:39 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.10.30 15:56:56 | 000,000,000 | ---D | C] -- C:\Programme\FLV Player [2008.10.27 10:38:54 | 000,095,056 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [2008.10.27 10:37:34 | 001,692,496 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll [2008.10.27 10:36:58 | 000,526,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.16 17:40:28 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.11.16 17:40:06 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.11.16 17:39:24 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011.11.16 17:39:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.11.16 17:39:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.14 20:49:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.11.14 20:12:57 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk [2011.11.14 20:12:03 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\ccsetup312.exe [2011.11.14 16:48:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011.11.14 16:48:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011.11.13 15:43:57 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe [2011.11.13 15:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\OTL.exe [2011.11.13 14:42:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.09 22:23:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.03 16:34:00 | 000,240,640 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot [2011.10.31 21:41:08 | 000,257,440 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf [2011.10.31 13:44:42 | 000,094,208 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.31 13:09:27 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011.10.31 13:09:26 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011.10.31 13:09:03 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk [2011.10.31 13:08:14 | 006,401,096 | ---- | M] (Glarysoft Ltd ) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\gusetup_slim238.exe [2011.10.31 13:02:58 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2011.10.31 10:57:27 | 000,001,817 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2011.10.30 16:10:23 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk [2011.10.30 12:47:41 | 000,479,008 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.10.30 12:47:41 | 000,437,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.10.30 12:47:41 | 000,092,414 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.10.30 12:47:41 | 000,069,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.10.27 20:16:45 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.14 20:12:57 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\CCleaner.lnk [2011.11.13 15:43:56 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\s1usdy6y.exe [2011.11.13 14:42:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.03 16:34:00 | 000,240,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Vorlage V3.6_soeren.dot [2011.11.03 15:31:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.11.03 15:31:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.10.31 21:41:08 | 000,257,440 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\v117935_pdf[1].pdf [2011.10.31 16:33:06 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011.10.31 13:09:11 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011.10.31 13:09:03 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Glary Utilities.lnk [2011.10.31 13:03:21 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.10.31 13:02:58 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Ad-Aware.lnk [2011.10.31 10:57:27 | 000,001,817 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\Avira Free Antivirus Profil Suche nach Rootkits und aktiver Malware.LNK [2011.10.30 16:10:23 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\VLC media player.lnk [2011.09.10 23:36:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.01.10 20:04:21 | 000,113,591 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2011.01.10 20:04:21 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2011.01.01 12:15:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2010.10.05 21:10:16 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2010.09.03 16:44:55 | 000,004,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\keyfile3.drm [2009.03.29 15:27:33 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.03.24 20:23:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.03.24 20:20:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.03.23 20:20:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.22 15:36:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.03.22 15:36:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.03.21 23:15:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.03.21 20:39:38 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.19 22:14:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009.03.19 22:14:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1230.ini [2009.03.19 21:55:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2009.03.19 21:55:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2009.03.19 21:55:55 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin [2009.03.19 21:52:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.03.19 21:52:23 | 000,000,453 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009.03.19 21:52:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009.03.19 21:52:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.03.19 21:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.03.19 21:36:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.03.19 21:35:05 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.02.18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.02.18 14:44:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.02.18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.02.18 14:44:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009.02.18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.02.18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.02.18 14:44:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.02.18 14:44:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.10.27 10:38:20 | 013,265,184 | ---- | C] () -- C:\Programme\dxnt.cab [2008.10.27 10:38:20 | 004,163,646 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2008.10.27 10:38:20 | 001,907,944 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2008.10.27 10:38:20 | 001,803,074 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2008.10.27 10:38:18 | 001,801,176 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2008.10.27 10:38:18 | 001,795,100 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2008.10.27 10:38:18 | 001,793,624 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2008.10.27 10:38:18 | 001,770,878 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2008.10.27 10:38:18 | 001,710,376 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2008.10.27 10:38:18 | 001,709,168 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2008.10.27 10:38:18 | 001,608,374 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2008.10.27 10:38:16 | 001,608,790 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2008.10.27 10:38:16 | 001,608,302 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2008.10.27 10:38:16 | 001,607,055 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2008.10.27 10:38:16 | 001,575,392 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2008.10.27 10:38:16 | 001,572,170 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2008.10.27 10:38:14 | 001,551,228 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2008.10.27 10:38:14 | 001,465,688 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2008.10.27 10:38:14 | 001,464,894 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2008.10.27 10:38:14 | 001,413,918 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2008.10.27 10:38:14 | 001,363,812 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2008.10.27 10:38:14 | 001,358,992 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2008.10.27 10:38:12 | 001,444,298 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2008.10.27 10:38:12 | 001,398,846 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2008.10.27 10:38:12 | 001,351,558 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2008.10.27 10:38:10 | 001,348,370 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2008.10.27 10:38:10 | 001,337,018 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2008.10.27 10:38:10 | 001,248,515 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2008.10.27 10:38:10 | 001,156,507 | ---- | C] () -- C:\Programme\BDANT.cab [2008.10.27 10:38:10 | 001,128,233 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2008.10.27 10:38:10 | 001,116,237 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2008.10.27 10:38:10 | 001,080,472 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2008.10.27 10:38:08 | 001,085,736 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2008.10.27 10:38:08 | 001,079,978 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab [2008.10.27 10:38:08 | 001,078,660 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2008.10.27 10:38:08 | 001,065,941 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2008.10.27 10:38:08 | 001,014,241 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2008.10.27 10:38:08 | 000,995,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2008.10.27 10:38:08 | 000,122,810 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2008.10.27 10:38:08 | 000,097,833 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2008.10.27 10:38:08 | 000,094,750 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2008.10.27 10:38:04 | 000,976,164 | ---- | C] () -- C:\Programme\BDAXP.cab [2008.10.27 10:38:04 | 000,966,445 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2008.10.27 10:38:04 | 000,917,446 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2008.10.27 10:38:04 | 000,868,844 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2008.10.27 10:38:04 | 000,868,628 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2008.10.27 10:38:04 | 000,865,616 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2008.10.27 10:38:04 | 000,853,302 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2008.10.27 10:38:04 | 000,850,935 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2008.10.27 10:38:04 | 000,096,053 | ---- | C] () -- C:\Programme\dxupdate.cab [2008.10.27 10:38:04 | 000,094,144 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2008.10.27 10:38:04 | 000,055,538 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2008.10.27 10:38:04 | 000,045,464 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2008.10.27 10:38:02 | 000,850,183 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2008.10.27 10:38:02 | 000,845,900 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2008.10.27 10:38:02 | 000,819,276 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2008.10.27 10:38:02 | 000,094,028 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2008.10.27 10:38:02 | 000,093,700 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2008.10.27 10:38:02 | 000,088,158 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2008.10.27 10:38:02 | 000,088,117 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2008.10.27 10:38:02 | 000,087,053 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2008.10.27 10:38:02 | 000,056,170 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,056,074 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,054,318 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2008.10.27 10:38:02 | 000,047,160 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2008.10.27 10:38:02 | 000,047,074 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2008.10.27 10:38:02 | 000,046,375 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2008.10.27 10:38:02 | 000,022,921 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2008.10.27 10:38:02 | 000,022,867 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2008.10.27 10:38:02 | 000,019,512 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2008.10.27 10:38:00 | 000,804,900 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2008.10.27 10:38:00 | 000,797,883 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2008.10.27 10:38:00 | 000,700,060 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2008.10.27 10:38:00 | 000,699,628 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2008.10.27 10:38:00 | 000,047,026 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2008.10.27 10:38:00 | 000,022,883 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2008.10.27 10:37:58 | 000,699,488 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2008.10.27 10:37:58 | 000,696,881 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2008.10.27 10:37:58 | 000,272,384 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2008.10.27 10:37:58 | 000,270,858 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2008.10.27 10:37:58 | 000,270,644 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2008.10.27 10:37:54 | 000,274,976 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2008.10.27 10:37:54 | 000,273,627 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,270,040 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,252,210 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2008.10.27 10:37:52 | 000,227,266 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2008.10.27 10:37:52 | 000,199,112 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2008.10.27 10:37:50 | 000,213,823 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2008.10.27 10:37:50 | 000,198,138 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2008.10.27 10:37:50 | 000,193,491 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2008.10.27 10:37:48 | 000,197,778 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,196,782 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,195,691 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2008.10.27 10:37:48 | 000,192,736 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2008.10.27 10:37:48 | 000,183,919 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2008.10.27 10:37:48 | 000,183,377 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,181,801 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,180,149 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,179,375 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2008.10.27 10:37:46 | 000,154,028 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2008.10.27 10:37:44 | 000,153,925 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2008.10.27 10:37:44 | 000,152,241 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,149,280 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,148,999 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2008.10.27 10:37:42 | 000,146,615 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2008.10.27 10:37:42 | 000,139,033 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2008.10.27 10:37:42 | 000,138,251 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,134,687 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,133,425 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2008.10.27 10:37:40 | 000,123,352 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2008.10.27 10:37:40 | 000,122,840 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2008.10.27 10:37:40 | 000,122,070 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2008.10.27 10:37:38 | 000,134,119 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 13:00:00 | 000,479,008 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 13:00:00 | 000,437,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 13:00:00 | 000,092,414 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 13:00:00 | 000,069,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== LOP Check ========== [2009.05.05 19:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\1DA [2009.05.10 12:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\FreeDownloadManager.ORG [2009.05.22 15:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\MGS [2009.05.22 15:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microgaming [2009.04.04 10:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011.07.04 20:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.05.10 12:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Azureus [2011.10.20 18:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoft [2011.04.25 16:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.09.12 12:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\eMule [2011.01.31 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Faxbus [2011.10.31 14:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Free Download Manager [2011.10.31 13:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft [2011.06.15 18:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\ICAClient [2011.06.13 19:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ifu Hamburg GmbH, Germany [2010.02.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Load [2009.05.27 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\OpenOffice.org [2009.03.22 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Desktop Search [2009.03.22 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Search [2011.11.16 17:40:06 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011.11.16 17:39:24 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.13 12:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Adobe [2009.03.24 20:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ahead [2011.09.23 16:45:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Apple Computer [2011.10.09 09:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Avira [2009.05.10 12:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Azureus [2011.10.20 18:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoft [2011.04.25 16:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.09.12 12:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\eMule [2011.01.31 17:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Faxbus [2011.10.31 14:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Free Download Manager [2011.10.31 13:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft [2011.01.10 20:25:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\HP [2011.06.15 18:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\ICAClient [2009.03.19 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Identities [2011.06.13 19:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Ifu Hamburg GmbH, Germany [2009.03.19 22:01:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\InstallShield [2010.02.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Load [2009.03.19 22:13:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Macromedia [2011.11.13 14:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes [2011.08.02 22:19:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Microsoft [2010.02.20 13:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks [2009.05.27 20:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\OpenOffice.org [2011.09.25 18:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Skype [2011.06.23 12:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\skypePM [2009.03.19 22:05:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Sun [2011.10.30 16:11:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc [2009.03.22 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Desktop Search [2009.03.22 13:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Windows Search [2009.03.21 21:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2011.05.29 14:11:10 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2010.02.20 13:01:17 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\***.***-6154616FC9\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe < %SYSTEMDRIVE%\*.exe > [2008.10.27 10:36:58 | 000,526,160 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe [2009.08.18 18:23:12 | 002,680,920 | ---- | M] (Microsoft Corporation) -- C:\office-kb967688-fullfile-x86-de-de.exe < MD5 for: AGP440.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.10.03 10:40:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OEMDRV\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.02.12 01:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2010.12.26 13:20:19 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.05.18 15:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEMDRV\viamraid.sys < MD5 for: WINLOGON.EXE > [2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.03.19 22:34:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.03.19 22:34:09 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.03.19 22:34:09 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > |
|
16.11.2011, 20:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.15 19:02:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell - "" = AutoRun
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\Shell\AutoRun\command - "" = H:\Setup.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat |
|
16.11.2011, 21:13
| #7 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Jawoll, danke! Hier der Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Z810SysStart deleted successfully.
C:\Programme\Connection Manager\sysctrl.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f440109b-118d-11de-986a-e3ed3b1bcaf7}\ not found.
File H:\Setup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: All Users.WINDOWS
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService.NT-AUTORITÄT
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 262546 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: NetworkService.NT-AUTORITÄT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 148367204 bytes
User: ***
->Temp folder emptied: 35210287 bytes
->Temporary Internet Files folder emptied: 73774634 bytes
->Java cache emptied: 7622315 bytes
->Flash cache emptied: 1048 bytes
User: ***.***-6154616FC9
->Temp folder emptied: 45278138 bytes
->Temporary Internet Files folder emptied: 1418335469 bytes
->Java cache emptied: 119350911 bytes
->Flash cache emptied: 3303620 bytes
User: ***~1~ULK
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17112 bytes
RecycleBin emptied: 2896196430 bytes
Total Files Cleaned = 4.530,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11162011_210057
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
16.11.2011, 21:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2011, 22:06
| #9 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Alles klar, hier der file: Code:
ATTFilter 22:00:04.0796 1636 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
22:00:05.0140 1636 ============================================================
22:00:05.0140 1636 Current date / time: 2011/11/16 22:00:05.0140
22:00:05.0140 1636 SystemInfo:
22:00:05.0140 1636
22:00:05.0140 1636 OS Version: 5.1.2600 ServicePack: 3.0
22:00:05.0140 1636 Product type: Workstation
22:00:05.0140 1636 ComputerName: ***-6154616FC9
22:00:05.0140 1636 UserName: ***
22:00:05.0140 1636 Windows directory: C:\WINDOWS
22:00:05.0140 1636 System windows directory: C:\WINDOWS
22:00:05.0140 1636 Processor architecture: Intel x86
22:00:05.0140 1636 Number of processors: 2
22:00:05.0140 1636 Page size: 0x1000
22:00:05.0140 1636 Boot type: Normal boot
22:00:05.0140 1636 ============================================================
22:00:06.0281 1636 Initialize success
22:01:18.0859 1656 ============================================================
22:01:18.0859 1656 Scan started
22:01:18.0859 1656 Mode: Manual; SigCheck; TDLFS;
22:01:18.0859 1656 ============================================================
22:01:20.0203 1656 Abiosdsk - ok
22:01:20.0234 1656 abp480n5 - ok
22:01:20.0281 1656 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:21.0421 1656 ACPI - ok
22:01:21.0500 1656 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:01:21.0687 1656 ACPIEC - ok
22:01:21.0687 1656 adpu160m - ok
22:01:21.0734 1656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:01:21.0890 1656 aec - ok
22:01:21.0937 1656 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:01:21.0984 1656 AFD - ok
22:01:22.0000 1656 Aha154x - ok
22:01:22.0015 1656 aic78u2 - ok
22:01:22.0015 1656 aic78xx - ok
22:01:22.0031 1656 AliIde - ok
22:01:22.0046 1656 amsint - ok
22:01:22.0093 1656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:01:22.0234 1656 Arp1394 - ok
22:01:22.0250 1656 asc - ok
22:01:22.0265 1656 asc3350p - ok
22:01:22.0265 1656 asc3550 - ok
22:01:22.0296 1656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:22.0453 1656 AsyncMac - ok
22:01:22.0484 1656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:22.0640 1656 atapi - ok
22:01:22.0640 1656 Atdisk - ok
22:01:22.0671 1656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:22.0859 1656 Atmarpc - ok
22:01:22.0906 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:23.0031 1656 audstub - ok
22:01:23.0078 1656 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:01:23.0156 1656 avgntflt - ok
22:01:23.0203 1656 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:01:23.0218 1656 avipbb - ok
22:01:23.0250 1656 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:01:23.0265 1656 avkmgr - ok
22:01:23.0312 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:23.0453 1656 Beep - ok
22:01:23.0515 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:23.0703 1656 cbidf2k - ok
22:01:23.0703 1656 cd20xrnt - ok
22:01:23.0734 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:23.0875 1656 Cdaudio - ok
22:01:23.0921 1656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:24.0062 1656 Cdfs - ok
22:01:24.0109 1656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:24.0250 1656 Cdrom - ok
22:01:24.0265 1656 Changer - ok
22:01:24.0281 1656 CmdIde - ok
22:01:24.0343 1656 cmudax (d7fcada6833a0e243ca89c03bd559bd9) C:\WINDOWS\system32\drivers\cmudax.sys
22:01:24.0437 1656 cmudax - ok
22:01:24.0468 1656 Cpqarray - ok
22:01:24.0484 1656 dac2w2k - ok
22:01:24.0484 1656 dac960nt - ok
22:01:24.0531 1656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:24.0718 1656 Disk - ok
22:01:24.0765 1656 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:25.0000 1656 dmboot - ok
22:01:25.0031 1656 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:01:25.0203 1656 dmio - ok
22:01:25.0234 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:25.0421 1656 dmload - ok
22:01:25.0468 1656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:25.0593 1656 DMusic - ok
22:01:25.0625 1656 dpti2o - ok
22:01:25.0625 1656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:25.0781 1656 drmkaud - ok
22:01:25.0812 1656 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:01:25.0828 1656 E100B - ok
22:01:25.0890 1656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:26.0062 1656 Fastfat - ok
22:01:26.0078 1656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:01:26.0234 1656 Fdc - ok
22:01:26.0250 1656 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:01:26.0390 1656 Fips - ok
22:01:26.0421 1656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:01:26.0546 1656 Flpydisk - ok
22:01:26.0593 1656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:01:26.0781 1656 FltMgr - ok
22:01:26.0828 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:26.0968 1656 Fs_Rec - ok
22:01:27.0000 1656 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:27.0187 1656 Ftdisk - ok
22:01:27.0218 1656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:01:27.0234 1656 GEARAspiWDM - ok
22:01:27.0265 1656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:27.0406 1656 Gpc - ok
22:01:27.0421 1656 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
22:01:27.0500 1656 HdAudAddService - ok
22:01:27.0531 1656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:27.0687 1656 HDAudBus - ok
22:01:27.0734 1656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:27.0875 1656 hidusb - ok
22:01:27.0890 1656 hpn - ok
22:01:27.0921 1656 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:01:28.0015 1656 HPZid412 - ok
22:01:28.0031 1656 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:01:28.0109 1656 HPZipr12 - ok
22:01:28.0125 1656 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:01:28.0203 1656 HPZius12 - ok
22:01:28.0234 1656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:28.0312 1656 HTTP - ok
22:01:28.0328 1656 i2omgmt - ok
22:01:28.0328 1656 i2omp - ok
22:01:28.0390 1656 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
22:01:28.0531 1656 i8042prt - ok
22:01:28.0546 1656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:28.0687 1656 Imapi - ok
22:01:28.0703 1656 ini910u - ok
22:01:28.0718 1656 IntelIde - ok
22:01:28.0750 1656 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:28.0890 1656 intelppm - ok
22:01:28.0921 1656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:01:29.0078 1656 Ip6Fw - ok
22:01:29.0109 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:29.0250 1656 IpFilterDriver - ok
22:01:29.0281 1656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:29.0437 1656 IpInIp - ok
22:01:29.0453 1656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:29.0593 1656 IpNat - ok
22:01:29.0640 1656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:29.0781 1656 IPSec - ok
22:01:29.0796 1656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:29.0968 1656 IRENUM - ok
22:01:30.0000 1656 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:30.0171 1656 isapnp - ok
22:01:30.0203 1656 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:30.0328 1656 Kbdclass - ok
22:01:30.0343 1656 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:30.0484 1656 kbdhid - ok
22:01:30.0515 1656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:30.0656 1656 kmixer - ok
22:01:30.0703 1656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:30.0796 1656 KSecDD - ok
22:01:30.0890 1656 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
22:01:30.0906 1656 Lavasoft Kernexplorer - ok
22:01:31.0000 1656 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:01:31.0046 1656 Lbd - ok
22:01:31.0078 1656 lbrtfdc - ok
22:01:31.0125 1656 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:01:31.0156 1656 MBAMProtector - ok
22:01:31.0156 1656 MBAMSwissArmy - ok
22:01:31.0203 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:31.0343 1656 mnmdd - ok
22:01:31.0375 1656 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:01:31.0546 1656 Modem - ok
22:01:31.0578 1656 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:31.0718 1656 Mouclass - ok
22:01:31.0765 1656 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:31.0890 1656 mouhid - ok
22:01:31.0906 1656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:32.0078 1656 MountMgr - ok
22:01:32.0093 1656 mraid35x - ok
22:01:32.0125 1656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:32.0265 1656 MRxDAV - ok
22:01:32.0312 1656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:32.0375 1656 MRxSmb - ok
22:01:32.0406 1656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:32.0546 1656 Msfs - ok
22:01:32.0562 1656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:32.0718 1656 MSKSSRV - ok
22:01:32.0734 1656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:32.0906 1656 MSPCLOCK - ok
22:01:32.0921 1656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:33.0093 1656 MSPQM - ok
22:01:33.0125 1656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:33.0265 1656 mssmbios - ok
22:01:33.0296 1656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:33.0343 1656 Mup - ok
22:01:33.0375 1656 NAL (d02734423b59b3ac14cdfe91e9665ff0) C:\WINDOWS\system32\Drivers\iqvw32.sys
22:01:33.0406 1656 NAL - ok
22:01:33.0453 1656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:33.0640 1656 NDIS - ok
22:01:33.0687 1656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:33.0734 1656 NdisTapi - ok
22:01:33.0781 1656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:33.0921 1656 Ndisuio - ok
22:01:33.0937 1656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:34.0078 1656 NdisWan - ok
22:01:34.0125 1656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:34.0187 1656 NDProxy - ok
22:01:34.0218 1656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:34.0359 1656 NetBIOS - ok
22:01:34.0375 1656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:34.0515 1656 NetBT - ok
22:01:34.0562 1656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:01:34.0703 1656 NIC1394 - ok
22:01:34.0718 1656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:34.0859 1656 Npfs - ok
22:01:34.0890 1656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:35.0109 1656 Ntfs - ok
22:01:35.0203 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:35.0343 1656 Null - ok
22:01:35.0531 1656 nv (0ae3a22dbe88dc219f8c0fdd30239e4f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:01:35.0843 1656 nv - ok
22:01:35.0875 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:36.0031 1656 NwlnkFlt - ok
22:01:36.0062 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:36.0234 1656 NwlnkFwd - ok
22:01:36.0281 1656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:01:36.0406 1656 ohci1394 - ok
22:01:36.0437 1656 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:36.0578 1656 Parport - ok
22:01:36.0593 1656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:36.0750 1656 PartMgr - ok
22:01:36.0796 1656 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:36.0921 1656 ParVdm - ok
22:01:36.0937 1656 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:37.0109 1656 PCI - ok
22:01:37.0140 1656 PCIDump - ok
22:01:37.0156 1656 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:37.0328 1656 PCIIde - ok
22:01:37.0375 1656 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:37.0546 1656 Pcmcia - ok
22:01:37.0546 1656 PDCOMP - ok
22:01:37.0562 1656 PDFRAME - ok
22:01:37.0578 1656 PDRELI - ok
22:01:37.0593 1656 PDRFRAME - ok
22:01:37.0593 1656 perc2 - ok
22:01:37.0609 1656 perc2hib - ok
22:01:37.0656 1656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:37.0796 1656 PptpMiniport - ok
22:01:37.0812 1656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:37.0937 1656 PSched - ok
22:01:37.0968 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:38.0109 1656 Ptilink - ok
22:01:38.0125 1656 ql1080 - ok
22:01:38.0125 1656 Ql10wnt - ok
22:01:38.0140 1656 ql12160 - ok
22:01:38.0156 1656 ql1240 - ok
22:01:38.0171 1656 ql1280 - ok
22:01:38.0187 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:38.0328 1656 RasAcd - ok
22:01:38.0359 1656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:38.0484 1656 Rasl2tp - ok
22:01:38.0500 1656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:38.0656 1656 RasPppoe - ok
22:01:38.0703 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:38.0859 1656 Raspti - ok
22:01:39.0140 1656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:39.0343 1656 Rdbss - ok
22:01:39.0609 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:39.0765 1656 RDPCDD - ok
22:01:40.0031 1656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:40.0093 1656 RDPWD - ok
22:01:40.0156 1656 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:40.0296 1656 redbook - ok
22:01:40.0343 1656 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
22:01:40.0359 1656 SBRE - ok
22:01:40.0390 1656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:40.0562 1656 Secdrv - ok
22:01:40.0640 1656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:40.0781 1656 serenum - ok
22:01:40.0781 1656 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:40.0921 1656 Serial - ok
22:01:40.0953 1656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:41.0093 1656 Sfloppy - ok
22:01:41.0109 1656 Simbad - ok
22:01:41.0125 1656 Sparrow - ok
22:01:41.0140 1656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:41.0265 1656 splitter - ok
22:01:41.0296 1656 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:41.0453 1656 sr - ok
22:01:41.0484 1656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:41.0546 1656 Srv - ok
22:01:41.0578 1656 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:01:41.0625 1656 sscdbus - ok
22:01:41.0656 1656 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:01:41.0703 1656 sscdmdfl - ok
22:01:41.0734 1656 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:01:41.0765 1656 sscdmdm - ok
22:01:41.0812 1656 sscdserd (0d6de65f5d4254d432014d9540d2812f) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
22:01:41.0859 1656 sscdserd - ok
22:01:41.0890 1656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:01:41.0906 1656 ssmdrv - ok
22:01:41.0937 1656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:42.0078 1656 swenum - ok
22:01:42.0109 1656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:42.0250 1656 swmidi - ok
22:01:42.0265 1656 symc810 - ok
22:01:42.0281 1656 symc8xx - ok
22:01:42.0296 1656 sym_hi - ok
22:01:42.0312 1656 sym_u3 - ok
22:01:42.0328 1656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:42.0468 1656 sysaudio - ok
22:01:42.0531 1656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:42.0609 1656 Tcpip - ok
22:01:42.0656 1656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:42.0812 1656 TDPIPE - ok
22:01:42.0843 1656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:43.0015 1656 TDTCP - ok
22:01:43.0046 1656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:43.0171 1656 TermDD - ok
22:01:43.0187 1656 TosIde - ok
22:01:43.0218 1656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:43.0406 1656 Udfs - ok
22:01:43.0421 1656 ultra - ok
22:01:43.0468 1656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:43.0625 1656 Update - ok
22:01:43.0671 1656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:01:43.0750 1656 USBAAPL - ok
22:01:43.0781 1656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:43.0906 1656 usbccgp - ok
22:01:43.0953 1656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:44.0093 1656 usbehci - ok
22:01:44.0125 1656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:44.0250 1656 usbhub - ok
22:01:44.0281 1656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:44.0468 1656 usbprint - ok
22:01:44.0484 1656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:44.0640 1656 usbscan - ok
22:01:44.0687 1656 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:44.0828 1656 usbstor - ok
22:01:44.0875 1656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:45.0000 1656 usbuhci - ok
22:01:45.0015 1656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:01:45.0156 1656 VgaSave - ok
22:01:45.0171 1656 ViaIde - ok
22:01:45.0187 1656 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:45.0343 1656 VolSnap - ok
22:01:45.0390 1656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:45.0531 1656 Wanarp - ok
22:01:45.0531 1656 WDICA - ok
22:01:45.0562 1656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:45.0703 1656 wdmaud - ok
22:01:45.0781 1656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:01:45.0875 1656 WudfPf - ok
22:01:45.0890 1656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:01:45.0937 1656 WudfRd - ok
22:01:45.0984 1656 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:01:46.0156 1656 \Device\Harddisk0\DR0 - ok
22:01:46.0171 1656 Boot (0x1200) (25737b056a075ee1745480e6fcb75ea8) \Device\Harddisk0\DR0\Partition0
22:01:46.0171 1656 \Device\Harddisk0\DR0\Partition0 - ok
22:01:46.0171 1656 ============================================================
22:01:46.0171 1656 Scan finished
22:01:46.0171 1656 ============================================================
22:01:46.0281 3060 Detected object count: 0
22:01:46.0281 3060 Actual detected object count: 0
|
|
17.11.2011, 08:33
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 19:07
| #11 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Alles klar, hier der File: Code:
ATTFilter ComboFix 11-11-17.03 - *** 17.11.2011 18:24:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.431 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***.***-6154616FC9\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\1DA
c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\1DA\{50D1E794-B300-42B7-AC93-A4029780E9D2}.swf
c:\dokumente und einstellungen\***.***-6154616FC9\Recent\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-17 bis 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-16 19:40 . 2011-11-16 19:40 -------- d-----w- C:\_OTL
2011-11-15 17:42 . 2011-11-15 17:42 -------- d-----w- c:\programme\ESET
2011-11-14 19:12 . 2011-11-14 19:12 -------- d-----w- c:\programme\CCleaner
2011-11-13 14:28 . 2011-11-13 14:28 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2011-11-13 13:43 . 2011-11-13 13:43 -------- d-----w- c:\dokumente und einstellungen\***.***-6154616FC9\Anwendungsdaten\Malwarebytes
2011-11-13 13:42 . 2011-11-13 13:42 -------- d-----w- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2011-11-13 13:42 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 13:42 . 2011-11-13 13:42 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-10-31 15:33 . 2011-10-31 12:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-31 12:24 . 2011-10-31 12:24 -------- d-----w- c:\dokumente und einstellungen\***.***-6154616FC9\Anwendungsdaten\GlarySoft
2011-10-31 12:08 . 2011-10-31 12:09 -------- d-----w- c:\programme\Glary Utilities
2011-10-31 12:02 . 2011-10-31 12:02 -------- d-----w- c:\programme\Lavasoft
2011-10-30 15:10 . 2011-10-30 15:11 -------- d-----w- c:\dokumente und einstellungen\***.***-6154616FC9\Anwendungsdaten\vlc
2011-10-30 15:09 . 2011-10-30 15:09 -------- d-----w- c:\programme\VideoLAN
2011-10-30 14:56 . 2011-10-30 14:56 -------- d-----w- c:\programme\FLV Player
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 12:09 . 2010-11-27 17:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-13 14:28 . 2011-05-29 13:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-03-19 20:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2011-05-29 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2009-05-27 19:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2006-02-28 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-02-28 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-18 06:39 . 2011-10-09 08:13 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-15 21:55 . 2011-10-09 08:13 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-15 21:55 . 2011-10-09 08:13 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-06 14:10 . 2006-02-28 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2008-10-27 09:38 . 2008-10-27 09:38 95056 ----a-w- c:\programme\DSETUP.dll
2008-10-27 09:37 . 2008-10-27 09:37 1692496 ----a-w- c:\programme\dsetup32.dll
2008-10-27 09:36 . 2008-10-27 09:36 526160 ----a-w- c:\programme\DXSETUP.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2010 18:57 64512]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.10.2011 09:13 36000]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [27.11.2010 18:57 101720]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.10.2011 09:13 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.11.2011 14:42 366152]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [19.03.2009 21:55 1287296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.11.2011 14:42 22216]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.08.2011 15:25 2152152]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 12:09]
.
2011-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-17 c:\windows\Tasks\GlaryInitialize.job
- c:\programme\Glary Utilities\initialize.exe [2011-10-31 08:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Append to existing PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Convert link target to Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-17 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-813497703-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2011-11-17 18:36:57
ComboFix-quarantined-files.txt 2011-11-17 17:36
.
Vor Suchlauf: 14 Verzeichnis(se), 89.046.720.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 89.230.159.872 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
.
- - End Of File - - 2E706E4FBEE79C7583364B688E25503D
|
|
17.11.2011, 20:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 22:46
| #13 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Ok, und die files: GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-17 22:23:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3250823AS rev.3.03
Running: dsxg5ety.exe; Driver: C:\DOKUME~1\***~1.ULK\LOKALE~1\Temp\awlcqfob.sys
---- System - GMER 1.0.15 ----
SSDT F7D54A1C ZwClose
SSDT F7D549D6 ZwCreateKey
SSDT F7D54A26 ZwCreateSection
SSDT F7D549CC ZwCreateThread
SSDT F7D549DB ZwDeleteKey
SSDT F7D549E5 ZwDeleteValueKey
SSDT F7D54A17 ZwDuplicateObject
SSDT F7D549EA ZwLoadKey
SSDT F7D549B8 ZwOpenProcess
SSDT F7D549BD ZwOpenThread
SSDT F7D54A3F ZwQueryValueKey
SSDT F7D549F4 ZwReplaceKey
SSDT F7D54A30 ZwRequestWaitReplyPort
SSDT F7D549EF ZwRestoreKey
SSDT F7D54A2B ZwSetContextThread
SSDT F7D54A35 ZwSetSecurityObject
SSDT F7D549E0 ZwSetValueKey
SSDT F7D54A3A ZwSystemDebugControl
SSDT F7D549C7 ZwTerminateProcess
Code \??\C:\DOKUME~1\***~1.ULK\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D6C 80504608 4 Bytes [EA, 49, D5, F7]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6248360, 0x35483F, 0xE8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\***~1.ULK\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[1048] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413652C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41365334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413651FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413653FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 4136525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:31:20 on 17.11.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GlaryInitialize.job" - "Glarysoft Ltd" - C:\Programme\Glary Utilities\initialize.exe "Ad-Aware Update (Weekly).job" - "Lavasoft Limited " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "awlcqfob" (awlcqfob) - ? - C:\DOKUME~1\***~1.ULK\LOKALE~1\Temp\awlcqfob.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\DOKUME~1\***~1.ULK\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Nal Service " (NAL) - "Intel Corporation " - C:\WINDOWS\system32\Drivers\iqvw32.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SBRE" (SBRE) - "Sunbelt Software" - C:\WINDOWS\system32\drivers\SBREdrv.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - "Glarysoft Ltd" - C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} "Flash Casino Helper Control" - "Microgaming.co.uk" - C:\WINDOWS\Downloaded Program Files\iefax.dll / https://plugins.valueactive.eu/flashax/iefax.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Programme\Free Download Manager\iefdm2.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***.***-6154616FC9\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - none (File not found) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-17 22:39:28
-----------------------------
22:39:28.212 OS Version: Windows 5.1.2600 Service Pack 3
22:39:28.212 Number of processors: 2 586 0x604
22:39:28.212 ComputerName: ***-6154616FC9 UserName: ***
22:39:28.572 Initialize success
22:40:20.353 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:40:20.353 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
22:40:22.415 Disk 0 MBR read successfully
22:40:22.415 Disk 0 MBR scan
22:40:22.415 Disk 0 Windows XP default MBR code
22:40:22.462 Disk 0 scanning sectors +268410240
22:40:22.587 Disk 0 scanning C:\WINDOWS\system32\drivers
22:40:44.462 Service scanning
22:40:45.337 Modules scanning
22:41:07.431 Disk 0 trace - called modules:
22:41:07.447 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:41:07.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8674dab8]
22:41:07.447 3 CLASSPNP.SYS[f7670fd7] -> nt!IofCallDriver -> \Device\00000061[0x867529e8]
22:41:07.447 5 ACPI.sys[f74e6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8676e940]
22:41:07.447 Scan finished successfully
22:41:28.228 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\MBR.dat"
22:41:28.228 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***.***-6154616FC9\Desktop\aswMBR.txt"
|
|
18.11.2011, 09:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2011, 22:14
| #15 |
| | Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat Alles klar, hier die logs: ESET Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ee8926e1b4c0f45a836a3ef37821343
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 07:33:26
# local_time=2011-11-15 08:33:26 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 3231273 3231273 0 0
# compatibility_mode=8192 67108863 100 0 3903 3903 0 0
# scanned=114238
# found=6
# cleaned=0
# scan_time=6348
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\jar_cache5752015444070384545.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\Red18.tmp a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temp\rub17.tmp a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\***.***-6154616FC9\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OH2AH71I\index[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\MicroGaming\Casino\RedFlush\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\MicroGaming\Casino\RubyFortune\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ee8926e1b4c0f45a836a3ef37821343
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-18 08:08:00
# local_time=2011-11-18 09:08:00 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 3492747 3492747 0 0
# compatibility_mode=8192 67108863 100 0 265377 265377 0 0
# scanned=115298
# found=10
# cleaned=0
# scan_time=6168
C:\MicroGaming\Casino\RedFlush\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\MicroGaming\Casino\RubyFortune\install.exe a variant of Win32/PrimeCasino application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP663\A0061992.rbf a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP663\A0061994.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP663\A0062005.rbf a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP717\A0067927.rbf a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP717\A0067929.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP717\A0067940.rbf a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP717\A0068026.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{57B149FF-20FC-4500-8EB2-DDA73A4EB26A}\RP717\A0068027.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8188
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18.11.2011 17:19:57
mbam-log-2011-11-18 (17-19-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 330363
Laufzeit: 58 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/19/2011 at 01:07 PM
Application Version : 5.0.1136
Core Rules Database Version : 7960
Trace Rules Database Version: 5772
Scan type : Complete Scan
Total Scan Time : 01:48:58
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 37884
Registry threats detected : 0
File items scanned : 160117
File threats detected : 16
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\MZ4NJDIB.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\L6IIIDBA.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\XNW9V1FM.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\18K4JH16.txt [ /eas.apm.emediate.eu ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\UZO7LRBV.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\6J8R2BGG.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\QIYH9BLI.txt [ /msnportal.112.2o7.net ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\8TB8S4Y7.txt [ /tradedoubler.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\W5LJR283.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\3B0L4K6R.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\UDAPHCXM.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\QFB5JJPB.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\4F458JZV.txt [ /track.webgains.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\1OFG4JOF.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\***.***-6154616FC9\Cookies\TPV3FOFK.txt [ /ww251.smartadserver.com ]
Trojan.Agent/Gen-FakeAV
C:\PROGRAMME\WINRAR\DEFAULT.SFX
|
|
| Themen zu Weißes Feld=> Systemabsturz=> überhöhte Prozessorleistung=> neue IP + avdrn.dat |
| 0x00000001, ablauf, ad-aware, antivir, avira, bho, bonjour, browser, computer, desktop, device driver, error, excel, flash player, free download, hdaudio.sys, helper, home, homepage, iexplore.exe, logfile, maus, microsoft office word, officejet, pdfforge toolbar, plug-in, problem, safer networking, scan, security, server, shell32.dll, software, trojaner, trojaner board, version=1.0, viele prozesse, windows internet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
