|
Plagegeister aller Art und deren Bekämpfung: ihavenet.com TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.03.2013, 01:43 | #1 |
| ihavenet.com Trojaner Hallo liebes Trojaner-Board, auf dem Laptop meiner Mutter befindet sich seit Neuestem ein Schadprogramm, das im Browser bei Anklicken von google-Links immer auf diverse Webseiten, meist ihavenet.com umleitet. Ich habe mit Avira mal einen Check laufen lassen und Antivir hatte jogek.di /.dk in einer Datei im Java-cache gefunden. Hab diese in Quarantäne geschickt. Danach habe ich dummerweise Avira geupdatet, sodass der Bericht dazu leider nicht mehr vorhanden ist. Allerdings habe ich nichts dazu gefunden, dass jogek.di etc mit dem ihavenet-Trojaner zusammenhängt. Das Problem besteht sowieso immer noch (wobei ich jetzt nicht weiß, ob beim Avira-Update die Quarantänezone "gelöscht" wurde) Booten über die Kaspersky Rescue Disc 10 und ein Suchlauf hat nix gefunden. Einige andere Posts in eurem Board haben empfehlen zuerst defogger, OTL und GMER laufen zu lassen, der Rest geht anscheinend nur individuell. Habe OTL gestern schonmal laufen lassen, da wurden OTL.txt und Extra.txt erstellt. Seit heute wird die Extra.txt nicht mehr erstellt. Ich arbeite grade per TeamViewer auf dem Rechner meiner Mutter. Angehängt habe ich die logs der drei Programme und die Liste der installierten Programme per ccleaner. Vielen Dank schon mal für eure Hilfe Gruß Sven defogger_disable (keine Funde, kann es aus irgendeinem Grund nicht posten) ccleaner install Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 19.02.2009 14,0MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.02.2009 10.0.12.36 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 11.6.602.171 Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 22.02.2013 121,2MB 10.1.6 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 30.01.2013 17,8MB 11.6.8.638 Apple Application Support Apple Inc. 30.01.2013 65,1MB 2.3 Apple Software Update Apple Inc. 30.01.2013 2,38MB 2.1.3.127 Avira Free Antivirus Avira 03.03.2013 174,1MB 13.0.0.3185 Azurewave Wireless LAN RaLink 08.12.2008 1,93MB 1.00.0000 Bison Webcam Bison Webcam 14.12.2008 5,39MB 7.96.701.12a CCleaner Piriform 05.02.2012 3,50MB 3.15 Compatibility Pack für 2007 Office System Microsoft Corporation 08.01.2013 168,6MB 12.0.6612.1000 Corel MediaOne Corel Corporation 14.12.2008 164,5MB 2.00.0000 CorelDRAW Essential Edition 3 Corel Corporation 14.12.2008 227MB CyberLink MakeDisc CyberLink Corp. 19.02.2009 102,6MB 3.0.2601 CyberLink MediaShow CyberLink Corp. 14.12.2008 312MB 4.1.2318 CyberLink PhotoNow CyberLink Corp. 14.12.2008 21,7MB 1.1.5615 CyberLink PowerDirector CyberLink Corp. 14.12.2008 422MB 7.0.2209b CyberLink PowerDVD 8 CyberLink Corp. 14.12.2008 91,8MB 8.0.2217 CyberLink PowerProducer CyberLink Corp. 14.12.2008 298MB 5.1111 CyberLink YouCam CyberLink Corp. 14.12.2008 73,8MB 2.0.2305 Defraggler Piriform 05.02.2012 3,74MB 2.09 Duden Korrektor Duden 23.05.2009 251MB 4.00.1301.00 Google Earth Google 19.02.2009 25,3MB 4.3.7284.3916 HP Imaging Device Functions 9.0 HP 11.04.2009 4,21MB 9.0 HP OCR Software 9.0 HP 11.04.2009 4,21MB 9.0 HP Photosmart All-In-One Software 9.0 HP 11.04.2009 18,9MB 9.0 HP Photosmart Essential 2.01 HP 11.04.2009 4,21MB 2.01 HP Smart Web Printing 4.60 HP 02.07.2010 26,3MB 4.60 HP Solution Center 9.0 HP 11.04.2009 4,21MB 9.0 HP Update Hewlett-Packard 29.05.2011 3,93MB 5.003.001.001 Java 7 Update 15 Oracle 03.03.2013 129,0MB 7.0.150 Java(TM) 6 Update 11 Sun Microsystems, Inc. 08.12.2008 96,9MB 6.0.110 Logitech SetPoint Logitech 21.03.2011 18,2MB 4.80 mathepower.de - 2012 Computerdienst Meyn GmbH 25.08.2012 1.043MB 2012 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.02.2009 27,8MB Microsoft Office File Validation Add-In Microsoft Corporation 01.05.2012 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 07.02.2012 304MB 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 30.04.2012 0,49MB 2.0.4024.1 Microsoft Silverlight Microsoft Corporation 30.01.2013 13,2MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 08.12.2008 0,32MB 3.1.0000 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 08.12.2008 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.08.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 13.08.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.05.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.01.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.05.2012 12,3MB 10.0.40219 Microsoft Works Microsoft Corporation 09.10.2012 545MB 9.7.0621 Mozilla Firefox 19.0 (x86 de) Mozilla 01.03.2013 45,4MB 19.0 Mozilla Maintenance Service Mozilla 01.03.2013 0,22MB 19.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 08.12.2008 1,28MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 08.12.2008 1,28MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.12.2008 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 Nero 8 Essentials Nero AG 08.12.2008 1.889MB 8.3.124 NVIDIA Drivers NVIDIA Corporation 21.10.2009 Picasa 2 Google, Inc. 19.02.2009 35,3MB 2.0 QuickTime Apple Inc. 30.01.2013 73,2MB 7.73.80.64 RealPlayer RealNetworks 19.10.2012 95,5MB 15.0.6 Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 08.12.2008 1,67MB 1.00.0000 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.12.2008 9,29MB 6.0.1.5730 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 08.12.2008 1,50MB 6.0.6000.20111 Schroedel Arbeitsblätter 27.07.2011 6,50MB Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 08.12.2008 65,3MB 9.0.0 Synaptics Pointing Device Driver Synaptics 08.12.2008 14,1MB 11.1.7.0 TeamViewer 8 TeamViewer 04.03.2013 22,0MB 8.0.17292 Windows Live Anmelde-Assistent Microsoft Corporation 05.03.2009 1,93MB 5.000.818.6 Windows Live Fotogalerie Microsoft Corporation 08.12.2008 21,0MB 12.0.1347.0718 Windows Live installer Microsoft Corporation 08.12.2008 1,71MB 12.0.1471.1025 Windows Live Mail Microsoft Corporation 08.12.2008 22,6MB 12.0.1606.1023 Windows Live Messenger Microsoft Corporation 08.12.2008 30,0MB 8.5.1302.1018 Windows Live Writer Microsoft Corporation 08.12.2008 17,1MB 12.0.1370.0325 WinRAR 4.01 (32-Bit) win.rar GmbH 31.12.2011 4,03MB 4.01.0 X10 Hardware(TM) 19.02.2009 12,00KB Code:
ATTFilter OTL logfile created on: 05.03.2013 15:18:35 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marianne\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,14% Memory free 6,21 Gb Paging File | 4,83 Gb Available in Paging File | 77,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,07 Gb Total Space | 198,81 Gb Free Space | 71,49% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32 Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe PRC - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.04 17:58:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.04 17:58:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.28 19:45:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.28 16:04:17 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe PRC - [2013.02.26 13:23:14 | 004,161,888 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe PRC - [2013.02.26 13:23:13 | 010,219,872 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer.exe PRC - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.02.26 13:15:58 | 000,185,696 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\tv_w32.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2007.06.22 14:57:38 | 000,369,368 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe PRC - [2007.06.22 12:32:20 | 000,565,976 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.02.28 19:45:57 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.28 16:04:17 | 014,718,320 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2007.04.15 18:44:42 | 000,898,560 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\libxml2.dll MOD - [2007.04.15 18:44:26 | 000,073,728 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\zlib1.dll ========== Services (SafeList) ========== SRV - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:45:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 16:04:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008.11.21 22:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.09.25 05:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2007.07.31 17:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2006.11.17 11:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.20 15:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 19:45:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 19:45:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.02.20 21:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Extensions [2013.03.04 19:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions [2010.09.13 17:40:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.23 11:08:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.03.04 19:13:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.28 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.28 19:45:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.20 15:28:25 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.10.14 18:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.14 18:33:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.14 18:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.14 18:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.14 18:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.14 18:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - Startup: C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{dba750ac-9e6c-11df-afac-001f16134791}\Shell\verb1\command - "" = desktop.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.05 14:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2013.03.04 20:44:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.03.04 18:50:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe [2013.03.04 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Avira [2013.03.04 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.04 18:13:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.04 18:13:26 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.04 18:13:26 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.04 18:13:26 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.02.28 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.03.05 15:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2013.03.05 15:20:40 | 000,377,856 | ---- | M] () -- C:\Users\Marianne\Desktop\gmer_2.1.19155.exe [2013.03.05 15:16:54 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.05 15:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.05 14:48:33 | 000,050,477 | ---- | M] () -- C:\Users\Marianne\Desktop\Defogger.exe [2013.03.05 14:33:23 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.05 14:16:02 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.05 14:15:09 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.05 14:15:09 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.05 14:15:09 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.05 14:15:09 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.05 14:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.05 14:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.05 14:07:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job [2013.03.05 14:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.05 14:07:44 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe [2013.03.04 18:13:43 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.04 16:52:33 | 000,000,175 | ---- | M] () -- C:\Users\Marianne\AppData\Local\rahistory.xml [2013.03.03 15:19:42 | 000,000,680 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat [2013.02.24 18:42:19 | 000,000,368 | ---- | M] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk [2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll [2013.02.13 19:43:25 | 000,317,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.05 15:20:38 | 000,377,856 | ---- | C] () -- C:\Users\Marianne\Desktop\gmer_2.1.19155.exe [2013.03.05 14:48:33 | 000,050,477 | ---- | C] () -- C:\Users\Marianne\Desktop\Defogger.exe [2013.03.05 14:33:23 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.05 14:33:23 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.04 18:13:43 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.03 15:19:42 | 000,000,680 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat [2013.02.24 18:42:19 | 000,000,368 | ---- | C] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk [2013.02.24 10:25:40 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\dbghelpn.dll [2013.02.24 10:25:40 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\QWODVDFYB.job [2013.01.31 17:18:57 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\RAExpertHistory.xml [2013.01.31 17:18:45 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\rahistory.xml [2009.07.03 10:23:56 | 000,000,760 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\setup_ldm.iss [2009.07.03 10:22:15 | 000,001,825 | ---- | C] () -- C:\Users\Marianne\Logitech-Maus- und -Tastatureinstellungen.lnk [2009.02.22 12:40:19 | 000,013,824 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.15 05:47:10 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.15 05:37:57 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Cornelsen ========== Purity Check ========== < End of report > Gmer(wobei ich hier ja nicht die Wlan Verbindung kappen konnte und deswegen Antivir auch nicht ausmachen wollte.) Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-06 01:11:57 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Marianne\AppData\Local\Temp\kgldapow.sys ---- System - GMER 2.1 ---- SSDT 8038BFBE ZwCreateSection SSDT 8038BFC8 ZwRequestWaitReplyPort SSDT 8038BFC3 ZwSetContextThread SSDT 8038BFCD ZwSetSecurityObject SSDT 8038BFD2 ZwSystemDebugControl SSDT 8038BF5F ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 826F48D8 4 Bytes [BE, BF, 38, 80] .text ntkrnlpa.exe!KeSetEvent + 539 826F4BFC 1 Byte [C8] .text ntkrnlpa.exe!KeSetEvent + 539 826F4BFC 4 Bytes [C8, BF, 38, 80] {ENTER 0x38bf, 0x80} .text ntkrnlpa.exe!KeSetEvent + 56D 826F4C30 4 Bytes [C3, BF, 38, 80] .text ntkrnlpa.exe!KeSetEvent + 5D1 826F4C94 4 Bytes [CD, BF, 38, 80] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E207340, 0x3EB347, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[3004] SHELL32.dll!SHCoCreateInstance + 657 76211B20 8 Bytes [E0, 10, 99, 6C, 00, 11, 99, ...] {LOOPNZ 0x12; CDQ ; INS BYTE [ES:EDI], DX; ADD [ECX], DL; CDQ ; INS BYTE [ES:EDI], DX} ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4380 series@ChangeID 5635489 ---- EOF - GMER 2.1 ---- OTL.txt von gestern! Code:
ATTFilter OTL logfile created on: 04.03.2013 18:51:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marianne\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,15% Memory free 6,21 Gb Paging File | 4,82 Gb Available in Paging File | 77,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,07 Gb Total Space | 199,34 Gb Free Space | 71,69% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32 Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Downloads\OTL.exe PRC - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.04 17:58:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.04 17:58:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.04 15:38:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\javaws.exe PRC - [2013.03.04 15:38:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\javaw.exe PRC - [2013.02.28 19:45:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.28 16:04:17 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2007.06.22 14:57:38 | 000,369,368 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe PRC - [2007.06.22 12:32:20 | 000,565,976 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.02.28 19:45:57 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.28 16:04:17 | 014,718,320 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2007.04.15 18:44:42 | 000,898,560 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\libxml2.dll MOD - [2007.04.15 18:44:26 | 000,073,728 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\zlib1.dll ========== Services (SafeList) ========== SRV - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:45:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 16:04:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008.11.21 22:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.09.25 05:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2007.07.31 17:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2006.11.17 11:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.20 15:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 19:45:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 19:45:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.02.20 21:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Extensions [2013.02.23 11:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions [2010.09.13 17:40:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.23 11:08:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.02.28 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.28 19:45:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.20 15:28:25 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.10.14 18:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.14 18:33:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.14 18:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.14 18:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.14 18:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.14 18:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - Startup: C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{dba750ac-9e6c-11df-afac-001f16134791}\Shell\verb1\command - "" = desktop.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Avira [2013.03.04 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.04 18:13:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.04 18:13:26 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.04 18:13:26 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.04 18:13:26 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.02.28 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.03.04 18:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2013.03.04 18:36:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 18:36:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 18:17:39 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.04 18:17:39 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.04 18:17:39 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.04 18:17:39 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.04 18:13:43 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.04 18:11:28 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.04 18:11:01 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.04 18:10:39 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job [2013.03.04 18:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 18:10:28 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 18:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.04 16:52:33 | 000,000,175 | ---- | M] () -- C:\Users\Marianne\AppData\Local\rahistory.xml [2013.03.03 15:19:42 | 000,000,680 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat [2013.02.24 18:42:19 | 000,000,368 | ---- | M] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk [2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll [2013.02.13 19:43:25 | 000,317,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.04 18:13:43 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.03 15:19:42 | 000,000,680 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat [2013.02.24 18:42:19 | 000,000,368 | ---- | C] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk [2013.02.24 10:25:40 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\dbghelpn.dll [2013.02.24 10:25:40 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\QWODVDFYB.job [2013.02.03 13:47:50 | 000,001,728 | ---- | C] () -- C:\Users\Marianne\Desktop\Mozilla Firefox.lnk [2013.01.31 17:18:57 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\RAExpertHistory.xml [2013.01.31 17:18:45 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\rahistory.xml [2009.07.03 10:23:56 | 000,000,760 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\setup_ldm.iss [2009.07.03 10:22:15 | 000,001,825 | ---- | C] () -- C:\Users\Marianne\Logitech-Maus- und -Tastatureinstellungen.lnk [2009.02.22 12:40:19 | 000,013,824 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.15 05:47:10 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.15 05:37:57 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Cornelsen ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 18:51:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marianne\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,15% Memory free 6,21 Gb Paging File | 4,82 Gb Available in Paging File | 77,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,07 Gb Total Space | 199,34 Gb Free Space | 71,69% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32 Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2981673612-1989944714-3398691111-1000] "EnableNotificationsRef" = 5 "EnableNotifications" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B346597-5DB9-4BDD-A0C9-A09301000EC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{85C40F5B-371C-4898-8011-74A27D35D045}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{89571134-4DFA-42A6-A0DD-41E0E8B3EF35}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{A52E931E-0393-4639-904B-FAAD6A301F19}" = lport=3389 | protocol=6 | dir=in | name=remote-control | "{E940EBF6-2775-4F08-BB01-9858D0713A0A}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{078F71C3-FEBB-4F92-BC68-BAAF22542A58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{2ADFBC11-741F-454D-90FF-061CE2B528BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{2EDD6B19-A57B-4F3E-B473-92002FF21313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{32E06D9D-11A6-434F-921F-3E17BF2511FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{37CA905B-D50D-4B3D-B1A1-18E884EFA992}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{3CA2DE0B-780F-46EA-B2EC-3D4FAEBD5645}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3EDFF91E-D68C-4DF4-A8AE-9E561F783C2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{3F9C4394-6873-4E8B-96C1-9DF869AE3E92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | "{4626EFC0-84A8-4E9C-B1DD-E3574CAA03B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{4E0D07ED-9BCA-4633-B8FE-EC80C82D10FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{614CE474-B194-4EF3-B466-3F692D1AE01D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{6308F8CE-229A-4474-9AAB-3950CDE4C12C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{6B022A8B-48B9-4554-99C8-69E5B3728CAF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{7256E0FA-4B4B-4D4A-BBE1-A29156F77EDB}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{8A8F86DF-24ED-4DB9-B596-83E77191B53B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{977E8C04-BEAD-4F44-9F72-056B0FD5795F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{A24C2048-2B09-4E42-BDD2-4C92C5340F2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{A6A2FD4D-29CB-4EA0-8091-DC85D785A568}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{AA176B7E-9C8F-4975-B07C-B1E6B91F1EBD}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{B8321955-DE76-42DD-A011-DE69071CD5AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C8C7FD69-D452-40C4-9BCC-459A371AD4DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{D785E749-16B3-4A39-BD54-B8AB96CEC71E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{D91059B8-2C0E-4E13-AD8D-0B35F8912B37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{DE3E20E0-50B4-4D30-87BA-4F0CB6D29471}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E29E346F-FD36-4770-92FB-64A24F9A6362}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3F21514E-34B6-4D52-83E2-E3C07D19E2B9}_is1" = mathepower.de - 2012 "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc "{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380 "{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min "{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext "{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Defraggler" = Defraggler "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPOCR" = HP OCR Software 9.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "RealPlayer 15.0" = RealPlayer "Schroedel Arbeitsblätter" = Schroedel Arbeitsblätter "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (32-Bit) "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.04.2011 03:30:01 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:30:03 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:32:56 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:32:57 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:33:09 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:33:10 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:33:12 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:33:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:35:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 03:35:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ OSession Events ] Error - 17.06.2012 06:30:59 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7450 seconds with 2160 seconds of active time. This session ended with a crash. Error - 17.06.2012 06:55:37 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1042 seconds with 300 seconds of active time. This session ended with a crash. Error - 17.06.2012 08:30:49 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2071 seconds with 600 seconds of active time. This session ended with a crash. Error - 24.06.2012 05:37:33 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7015 seconds with 1200 seconds of active time. This session ended with a crash. [ System Events ] Error - 02.03.2013 02:40:07 | Computer Name = Engel | Source = Service Control Manager | ID = 7000 Description = Error - 02.03.2013 02:40:16 | Computer Name = Engel | Source = Service Control Manager | ID = 7022 Description = Error - 03.03.2013 03:18:05 | Computer Name = Engel | Source = Service Control Manager | ID = 7000 Description = Error - 03.03.2013 03:18:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7022 Description = Error - 03.03.2013 14:48:52 | Computer Name = Engel | Source = Service Control Manager | ID = 7000 Description = Error - 03.03.2013 14:49:00 | Computer Name = Engel | Source = Service Control Manager | ID = 7022 Description = Error - 04.03.2013 10:29:58 | Computer Name = Engel | Source = Service Control Manager | ID = 7000 Description = Error - 04.03.2013 10:30:05 | Computer Name = Engel | Source = Service Control Manager | ID = 7022 Description = Error - 04.03.2013 13:12:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7000 Description = Error - 04.03.2013 13:12:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7022 Description = < End of report > |
06.03.2013, 12:58 | #2 |
/// Malware-holic | ihavenet.com Trojaner Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL [2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll [2013.03.05 14:07:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job :files :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
odownloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ |
06.03.2013, 20:18 | #3 |
| ihavenet.com Trojaner Hi,
__________________danke, dass du mir hilfst! Upload hat geklappt. Ich sehe nur nicht, wo der Upload hier im Thread markiert/angekommen ist. OTL fix: Code:
ATTFilter All processes killed ========== OTL ========== C:\Windows\System32\dbghelpn.dll moved successfully. C:\Windows\Tasks\QWODVDFYB.job moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 83 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marianne ->Temp folder emptied: 8290804 bytes ->Temporary Internet Files folder emptied: 6542329 bytes ->Java cache emptied: 23492072 bytes ->FireFox cache emptied: 132753499 bytes ->Flash cache emptied: 1526 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 389587 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 164,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03062013_195944 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter System volume information: dwHighDateTime = 0x1c96262,dwLowDateTime = 0xaa1758f1 System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16 dwSerialNumber = 0x183de116 Gruß Sven |
08.03.2013, 21:06 | #4 |
/// Malware-holic | ihavenet.com Trojaner hi danke den upload sehen wir nur intern. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.03.2013, 20:45 | #5 |
| ihavenet.com Trojaner Hier das Logfile von TDSSKiller. Es wurden 9 Threats gefunden. Ein paar davon sind glaube ich Druckertreiber von HP oder so etwas. Code:
ATTFilter 20:41:45.0810 2948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:41:45.0905 2948 ============================================================ 20:41:45.0905 2948 Current date / time: 2013/03/09 20:41:45.0905 20:41:45.0905 2948 SystemInfo: 20:41:45.0905 2948 20:41:45.0905 2948 OS Version: 6.0.6002 ServicePack: 2.0 20:41:45.0905 2948 Product type: Workstation 20:41:45.0905 2948 ComputerName: ENGEL 20:41:45.0909 2948 UserName: Marianne 20:41:45.0909 2948 Windows directory: C:\Windows 20:41:45.0909 2948 System windows directory: C:\Windows 20:41:45.0909 2948 Processor architecture: Intel x86 20:41:45.0909 2948 Number of processors: 2 20:41:45.0909 2948 Page size: 0x1000 20:41:45.0909 2948 Boot type: Normal boot 20:41:45.0909 2948 ============================================================ 20:41:47.0299 2948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:41:47.0312 2948 ============================================================ 20:41:47.0312 2948 \Device\Harddisk0\DR0: 20:41:47.0313 2948 MBR partitions: 20:41:47.0313 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22C25800 20:41:47.0313 2948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x22C28D8D, BlocksNum 0x2804934 20:41:47.0313 2948 ============================================================ 20:41:47.0357 2948 C: <-> \Device\Harddisk0\DR0\Partition1 20:41:47.0387 2948 D: <-> \Device\Harddisk0\DR0\Partition2 20:41:47.0387 2948 ============================================================ 20:41:47.0387 2948 Initialize success 20:41:47.0387 2948 ============================================================ 20:41:57.0136 5716 ============================================================ 20:41:57.0136 5716 Scan started 20:41:57.0136 5716 Mode: Manual; SigCheck; TDLFS; 20:41:57.0136 5716 ============================================================ 20:41:57.0605 5716 ================ Scan system memory ======================== 20:41:57.0605 5716 System memory - ok 20:41:57.0606 5716 ================ Scan services ============================= 20:41:57.0817 5716 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:41:58.0025 5716 ACPI - ok 20:41:58.0101 5716 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:41:58.0137 5716 AdobeARMservice - ok 20:41:58.0205 5716 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:41:58.0233 5716 AdobeFlashPlayerUpdateSvc - ok 20:41:58.0292 5716 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:41:58.0330 5716 adp94xx - ok 20:41:58.0358 5716 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:41:58.0390 5716 adpahci - ok 20:41:58.0417 5716 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:41:58.0443 5716 adpu160m - ok 20:41:58.0461 5716 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:41:58.0486 5716 adpu320 - ok 20:41:58.0549 5716 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:41:58.0591 5716 AeLookupSvc - ok 20:41:58.0645 5716 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:41:58.0687 5716 AFD - ok 20:41:58.0715 5716 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:41:58.0741 5716 agp440 - ok 20:41:58.0767 5716 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:41:58.0791 5716 aic78xx - ok 20:41:58.0811 5716 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:41:58.0854 5716 ALG - ok 20:41:58.0882 5716 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:41:58.0904 5716 aliide - ok 20:41:58.0931 5716 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:41:58.0958 5716 amdagp - ok 20:41:58.0975 5716 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:41:58.0998 5716 amdide - ok 20:41:59.0020 5716 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:41:59.0066 5716 AmdK7 - ok 20:41:59.0077 5716 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:41:59.0124 5716 AmdK8 - ok 20:41:59.0223 5716 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:41:59.0247 5716 AntiVirSchedulerService - ok 20:41:59.0272 5716 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:41:59.0291 5716 AntiVirService - ok 20:41:59.0341 5716 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 20:41:59.0377 5716 Appinfo - ok 20:41:59.0421 5716 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:41:59.0444 5716 arc - ok 20:41:59.0476 5716 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:41:59.0500 5716 arcsas - ok 20:41:59.0531 5716 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:41:59.0577 5716 AsyncMac - ok 20:41:59.0611 5716 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 20:41:59.0634 5716 atapi - ok 20:41:59.0678 5716 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:41:59.0718 5716 AudioEndpointBuilder - ok 20:41:59.0745 5716 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:41:59.0785 5716 Audiosrv - ok 20:41:59.0846 5716 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:41:59.0875 5716 avgntflt - ok 20:41:59.0919 5716 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:41:59.0941 5716 avipbb - ok 20:41:59.0966 5716 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:41:59.0989 5716 avkmgr - ok 20:42:00.0055 5716 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:42:00.0097 5716 Beep - ok 20:42:00.0143 5716 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 20:42:00.0190 5716 BFE - ok 20:42:00.0258 5716 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 20:42:00.0323 5716 BITS - ok 20:42:00.0340 5716 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:42:00.0385 5716 blbdrive - ok 20:42:00.0419 5716 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:42:00.0451 5716 bowser - ok 20:42:00.0472 5716 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:42:00.0509 5716 BrFiltLo - ok 20:42:00.0520 5716 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:42:00.0557 5716 BrFiltUp - ok 20:42:00.0592 5716 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:42:00.0652 5716 Browser - ok 20:42:00.0668 5716 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:42:00.0750 5716 Brserid - ok 20:42:00.0782 5716 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:42:00.0859 5716 BrSerWdm - ok 20:42:00.0881 5716 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:42:00.0957 5716 BrUsbMdm - ok 20:42:00.0983 5716 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:42:01.0056 5716 BrUsbSer - ok 20:42:01.0070 5716 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:42:01.0146 5716 BTHMODEM - ok 20:42:01.0254 5716 [ BC46E036AD1FEC3C56583D2802E68EFE ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys 20:42:01.0382 5716 Cam5607 - ok 20:42:01.0419 5716 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:42:01.0470 5716 cdfs - ok 20:42:01.0495 5716 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:42:01.0530 5716 cdrom - ok 20:42:01.0575 5716 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:42:01.0610 5716 CertPropSvc - ok 20:42:01.0638 5716 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:42:01.0683 5716 circlass - ok 20:42:01.0714 5716 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:42:01.0748 5716 CLFS - ok 20:42:01.0805 5716 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:42:01.0830 5716 clr_optimization_v2.0.50727_32 - ok 20:42:01.0885 5716 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:42:01.0931 5716 CmBatt - ok 20:42:01.0952 5716 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:42:01.0975 5716 cmdide - ok 20:42:01.0989 5716 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:42:02.0013 5716 Compbatt - ok 20:42:02.0021 5716 COMSysApp - ok 20:42:02.0039 5716 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:42:02.0061 5716 crcdisk - ok 20:42:02.0080 5716 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:42:02.0125 5716 Crusoe - ok 20:42:02.0167 5716 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:42:02.0208 5716 CryptSvc - ok 20:42:02.0269 5716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:42:02.0319 5716 DcomLaunch - ok 20:42:02.0344 5716 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:42:02.0370 5716 DfsC - ok 20:42:02.0449 5716 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:42:02.0691 5716 DFSR - ok 20:42:02.0792 5716 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:42:02.0834 5716 Dhcp - ok 20:42:02.0867 5716 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:42:02.0894 5716 disk - ok 20:42:02.0941 5716 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:42:02.0977 5716 Dnscache - ok 20:42:03.0016 5716 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:42:03.0062 5716 dot3svc - ok 20:42:03.0105 5716 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:42:03.0170 5716 DPS - ok 20:42:03.0211 5716 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:42:03.0247 5716 drmkaud - ok 20:42:03.0294 5716 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:42:03.0359 5716 DXGKrnl - ok 20:42:03.0410 5716 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:42:03.0457 5716 E1G60 - ok 20:42:03.0501 5716 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:42:03.0538 5716 EapHost - ok 20:42:03.0606 5716 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:42:03.0637 5716 Ecache - ok 20:42:03.0707 5716 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:42:03.0738 5716 ehRecvr - ok 20:42:03.0760 5716 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:42:03.0788 5716 ehSched - ok 20:42:03.0807 5716 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:42:03.0829 5716 ehstart - ok 20:42:03.0868 5716 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:42:03.0907 5716 elxstor - ok 20:42:03.0982 5716 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:42:04.0036 5716 EMDMgmt - ok 20:42:04.0079 5716 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:42:04.0129 5716 ErrDev - ok 20:42:04.0179 5716 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:42:04.0230 5716 EventSystem - ok 20:42:04.0286 5716 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:42:04.0321 5716 exfat - ok 20:42:04.0356 5716 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:42:04.0404 5716 fastfat - ok 20:42:04.0421 5716 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:42:04.0469 5716 fdc - ok 20:42:04.0497 5716 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:42:04.0544 5716 fdPHost - ok 20:42:04.0563 5716 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:42:04.0644 5716 FDResPub - ok 20:42:04.0655 5716 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:42:04.0679 5716 FileInfo - ok 20:42:04.0700 5716 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:42:04.0758 5716 Filetrace - ok 20:42:04.0803 5716 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:42:04.0851 5716 flpydisk - ok 20:42:04.0885 5716 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:42:04.0920 5716 FltMgr - ok 20:42:04.0961 5716 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:42:04.0992 5716 FontCache3.0.0.0 - ok 20:42:05.0043 5716 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:42:05.0080 5716 Fs_Rec - ok 20:42:05.0106 5716 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:42:05.0132 5716 gagp30kx - ok 20:42:05.0182 5716 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:42:05.0248 5716 gpsvc - ok 20:42:05.0318 5716 [ 649F407A844DDE2B97BC086AF97D663B ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:42:05.0351 5716 gusvc - ok 20:42:05.0397 5716 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:42:05.0488 5716 HdAudAddService - ok 20:42:05.0538 5716 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:42:05.0608 5716 HDAudBus - ok 20:42:05.0654 5716 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:42:05.0737 5716 HidBth - ok 20:42:05.0758 5716 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:42:05.0846 5716 HidIr - ok 20:42:05.0880 5716 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 20:42:05.0910 5716 hidserv - ok 20:42:05.0944 5716 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:42:05.0981 5716 HidUsb - ok 20:42:06.0014 5716 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:42:06.0068 5716 hkmsvc - ok 20:42:06.0091 5716 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:42:06.0118 5716 HpCISSs - ok 20:42:06.0229 5716 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 20:42:06.0246 5716 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 20:42:06.0246 5716 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 20:42:06.0289 5716 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 20:42:06.0307 5716 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 20:42:06.0307 5716 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 20:42:06.0347 5716 [ 6F9CB6539A1B2508BD1C53D29334431A ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 20:42:06.0389 5716 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 20:42:06.0389 5716 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 20:42:06.0439 5716 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:42:06.0492 5716 HTTP - ok 20:42:06.0529 5716 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:42:06.0557 5716 i2omp - ok 20:42:06.0604 5716 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:42:06.0652 5716 i8042prt - ok 20:42:06.0680 5716 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:42:06.0713 5716 iaStorV - ok 20:42:06.0798 5716 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:42:06.0881 5716 idsvc - ok 20:42:06.0901 5716 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:42:06.0922 5716 iirsp - ok 20:42:06.0965 5716 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:42:07.0025 5716 IKEEXT - ok 20:42:07.0128 5716 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:42:07.0255 5716 IntcAzAudAddService - ok 20:42:07.0294 5716 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 20:42:07.0324 5716 intelide - ok 20:42:07.0364 5716 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:42:07.0410 5716 intelppm - ok 20:42:07.0461 5716 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:42:07.0512 5716 IPBusEnum - ok 20:42:07.0532 5716 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:42:07.0583 5716 IpFilterDriver - ok 20:42:07.0625 5716 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:42:07.0656 5716 iphlpsvc - ok 20:42:07.0664 5716 IpInIp - ok 20:42:07.0693 5716 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:42:07.0744 5716 IPMIDRV - ok 20:42:07.0774 5716 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:42:07.0820 5716 IPNAT - ok 20:42:07.0843 5716 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:42:07.0892 5716 IRENUM - ok 20:42:07.0909 5716 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:42:07.0940 5716 isapnp - ok 20:42:07.0995 5716 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:42:08.0026 5716 iScsiPrt - ok 20:42:08.0050 5716 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:42:08.0082 5716 iteatapi - ok 20:42:08.0106 5716 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:42:08.0136 5716 iteraid - ok 20:42:08.0154 5716 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:42:08.0181 5716 kbdclass - ok 20:42:08.0213 5716 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:42:08.0253 5716 kbdhid - ok 20:42:08.0293 5716 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:42:08.0319 5716 KeyIso - ok 20:42:08.0354 5716 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:42:08.0405 5716 KSecDD - ok 20:42:08.0488 5716 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:42:08.0542 5716 KtmRm - ok 20:42:08.0570 5716 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 20:42:08.0602 5716 LanmanServer - ok 20:42:08.0664 5716 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:42:08.0694 5716 LanmanWorkstation - ok 20:42:08.0755 5716 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe 20:42:08.0776 5716 LBTServ - ok 20:42:08.0846 5716 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 20:42:08.0863 5716 LHidFilt - ok 20:42:08.0916 5716 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:42:08.0970 5716 lltdio - ok 20:42:09.0009 5716 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:42:09.0063 5716 lltdsvc - ok 20:42:09.0079 5716 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:42:09.0173 5716 lmhosts - ok 20:42:09.0193 5716 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 20:42:09.0211 5716 LMouFilt - ok 20:42:09.0241 5716 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:42:09.0268 5716 LSI_FC - ok 20:42:09.0289 5716 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:42:09.0315 5716 LSI_SAS - ok 20:42:09.0347 5716 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:42:09.0377 5716 LSI_SCSI - ok 20:42:09.0394 5716 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:42:09.0440 5716 luafv - ok 20:42:09.0472 5716 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 20:42:09.0492 5716 LUsbFilt - ok 20:42:09.0507 5716 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:42:09.0533 5716 Mcx2Svc - ok 20:42:09.0567 5716 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:42:09.0594 5716 megasas - ok 20:42:09.0628 5716 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:42:09.0669 5716 MegaSR - ok 20:42:09.0689 5716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:42:09.0739 5716 MMCSS - ok 20:42:09.0764 5716 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:42:09.0809 5716 Modem - ok 20:42:09.0825 5716 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:42:09.0881 5716 monitor - ok 20:42:09.0897 5716 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:42:09.0921 5716 mouclass - ok 20:42:09.0947 5716 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:42:09.0998 5716 mouhid - ok 20:42:10.0018 5716 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:42:10.0044 5716 MountMgr - ok 20:42:10.0091 5716 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:42:10.0115 5716 MozillaMaintenance - ok 20:42:10.0144 5716 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:42:10.0170 5716 mpio - ok 20:42:10.0187 5716 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:42:10.0229 5716 mpsdrv - ok 20:42:10.0270 5716 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 20:42:10.0317 5716 MpsSvc - ok 20:42:10.0335 5716 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:42:10.0355 5716 Mraid35x - ok 20:42:10.0384 5716 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:42:10.0412 5716 MRxDAV - ok 20:42:10.0452 5716 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:42:10.0480 5716 mrxsmb - ok 20:42:10.0504 5716 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:42:10.0532 5716 mrxsmb10 - ok 20:42:10.0541 5716 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:42:10.0566 5716 mrxsmb20 - ok 20:42:10.0605 5716 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 20:42:10.0636 5716 msahci - ok 20:42:10.0659 5716 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:42:10.0682 5716 msdsm - ok 20:42:10.0712 5716 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:42:10.0762 5716 MSDTC - ok 20:42:10.0781 5716 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:42:10.0831 5716 Msfs - ok 20:42:10.0865 5716 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:42:10.0894 5716 msisadrv - ok 20:42:10.0927 5716 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:42:10.0980 5716 MSiSCSI - ok 20:42:10.0989 5716 msiserver - ok 20:42:11.0034 5716 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:42:11.0087 5716 MSKSSRV - ok 20:42:11.0110 5716 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:42:11.0164 5716 MSPCLOCK - ok 20:42:11.0183 5716 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:42:11.0241 5716 MSPQM - ok 20:42:11.0290 5716 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:42:11.0322 5716 MsRPC - ok 20:42:11.0343 5716 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:42:11.0368 5716 mssmbios - ok 20:42:11.0389 5716 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:42:11.0444 5716 MSTEE - ok 20:42:11.0474 5716 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:42:11.0504 5716 Mup - ok 20:42:11.0561 5716 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:42:11.0607 5716 napagent - ok 20:42:11.0665 5716 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:42:11.0701 5716 NativeWifiP - ok 20:42:11.0745 5716 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:42:11.0786 5716 NDIS - ok 20:42:11.0818 5716 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:42:11.0855 5716 NdisTapi - ok 20:42:11.0877 5716 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:42:11.0934 5716 Ndisuio - ok 20:42:11.0973 5716 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:42:12.0015 5716 NdisWan - ok 20:42:12.0036 5716 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:42:12.0076 5716 NDProxy - ok 20:42:12.0215 5716 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 20:42:12.0280 5716 Nero BackItUp Scheduler 3 - ok 20:42:12.0335 5716 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:42:12.0345 5716 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:42:12.0345 5716 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:42:12.0388 5716 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:42:12.0434 5716 NetBIOS - ok 20:42:12.0465 5716 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:42:12.0506 5716 netbt - ok 20:42:12.0518 5716 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:42:12.0543 5716 Netlogon - ok 20:42:12.0590 5716 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 20:42:12.0647 5716 Netman - ok 20:42:12.0673 5716 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 20:42:12.0738 5716 netprofm - ok 20:42:12.0796 5716 [ 3F540B257442CC1A2220DD8F73AC1C77 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys 20:42:12.0830 5716 netr28 - ok 20:42:12.0875 5716 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:42:12.0904 5716 NetTcpPortSharing - ok 20:42:12.0950 5716 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:42:12.0976 5716 nfrd960 - ok 20:42:13.0003 5716 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:42:13.0056 5716 NlaSvc - ok 20:42:13.0127 5716 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 20:42:13.0160 5716 NMIndexingService - ok 20:42:13.0200 5716 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:42:13.0245 5716 Npfs - ok 20:42:13.0272 5716 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 20:42:13.0325 5716 nsi - ok 20:42:13.0338 5716 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:42:13.0387 5716 nsiproxy - ok 20:42:13.0444 5716 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:42:13.0508 5716 Ntfs - ok 20:42:13.0544 5716 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:42:13.0622 5716 ntrigdigi - ok 20:42:13.0641 5716 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:42:13.0687 5716 Null - ok 20:42:13.0732 5716 [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 20:42:13.0752 5716 NVHDA - ok 20:42:14.0026 5716 [ 99A7CD6662DB4E32F75A641C5D080DB3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:42:14.0455 5716 nvlddmkm - ok 20:42:14.0488 5716 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:42:14.0516 5716 nvraid - ok 20:42:14.0539 5716 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:42:14.0564 5716 nvstor - ok 20:42:14.0584 5716 [ 3DFD9B00AAF472042E6D4FA8CCB74EFD ] nvsvc C:\Windows\system32\nvvsvc.exe 20:42:14.0612 5716 nvsvc - ok 20:42:14.0633 5716 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:42:14.0666 5716 nv_agp - ok 20:42:14.0676 5716 NwlnkFlt - ok 20:42:14.0691 5716 NwlnkFwd - ok 20:42:14.0781 5716 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:42:14.0828 5716 odserv - ok 20:42:14.0859 5716 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:42:14.0939 5716 ohci1394 - ok 20:42:14.0973 5716 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:42:15.0006 5716 ose - ok 20:42:15.0046 5716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:42:15.0094 5716 p2pimsvc - ok 20:42:15.0135 5716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:42:15.0181 5716 p2psvc - ok 20:42:15.0197 5716 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:42:15.0283 5716 Parport - ok 20:42:15.0314 5716 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:42:15.0341 5716 partmgr - ok 20:42:15.0364 5716 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:42:15.0440 5716 Parvdm - ok 20:42:15.0481 5716 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:42:15.0514 5716 PcaSvc - ok 20:42:15.0544 5716 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:42:15.0576 5716 pci - ok 20:42:15.0594 5716 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 20:42:15.0618 5716 pciide - ok 20:42:15.0637 5716 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:42:15.0678 5716 pcmcia - ok 20:42:15.0724 5716 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:42:15.0865 5716 PEAUTH - ok 20:42:15.0977 5716 [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap C:\Windows\system32\DRIVERS\PhilCap.sys 20:42:16.0063 5716 PhilCap - ok 20:42:16.0128 5716 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:42:16.0261 5716 pla - ok 20:42:16.0297 5716 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe 20:42:16.0312 5716 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 20:42:16.0312 5716 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 20:42:16.0358 5716 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:42:16.0407 5716 PlugPlay - ok 20:42:16.0456 5716 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:42:16.0466 5716 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:42:16.0466 5716 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:42:16.0513 5716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:42:16.0562 5716 PNRPAutoReg - ok 20:42:16.0614 5716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:42:16.0660 5716 PNRPsvc - ok 20:42:16.0686 5716 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:42:16.0764 5716 PolicyAgent - ok 20:42:16.0806 5716 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:42:16.0857 5716 PptpMiniport - ok 20:42:16.0874 5716 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:42:16.0920 5716 Processor - ok 20:42:16.0947 5716 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:42:16.0996 5716 ProfSvc - ok 20:42:17.0010 5716 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:42:17.0037 5716 ProtectedStorage - ok 20:42:17.0075 5716 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe 20:42:17.0102 5716 ProtexisLicensing - ok 20:42:17.0139 5716 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:42:17.0179 5716 PSched - ok 20:42:17.0212 5716 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 20:42:17.0232 5716 PxHelp20 - ok 20:42:17.0292 5716 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:42:17.0394 5716 ql2300 - ok 20:42:17.0414 5716 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:42:17.0438 5716 ql40xx - ok 20:42:17.0487 5716 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 20:42:17.0521 5716 QWAVE - ok 20:42:17.0534 5716 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:42:17.0561 5716 QWAVEdrv - ok 20:42:17.0584 5716 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:42:17.0632 5716 RasAcd - ok 20:42:17.0657 5716 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:42:17.0732 5716 RasAuto - ok 20:42:17.0751 5716 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:42:17.0814 5716 Rasl2tp - ok 20:42:17.0857 5716 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:42:17.0921 5716 RasMan - ok 20:42:17.0967 5716 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:42:18.0005 5716 RasPppoe - ok 20:42:18.0044 5716 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:42:18.0074 5716 RasSstp - ok 20:42:18.0116 5716 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:42:18.0168 5716 rdbss - ok 20:42:18.0212 5716 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:42:18.0260 5716 RDPCDD - ok 20:42:18.0283 5716 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:42:18.0336 5716 rdpdr - ok 20:42:18.0352 5716 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:42:18.0402 5716 RDPENCDD - ok 20:42:18.0449 5716 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:42:18.0493 5716 RDPWD - ok 20:42:18.0570 5716 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:42:18.0627 5716 RemoteAccess - ok 20:42:18.0675 5716 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:42:18.0717 5716 RemoteRegistry - ok 20:42:18.0786 5716 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe 20:42:18.0797 5716 resetWinService ( UnsignedFile.Multi.Generic ) - warning 20:42:18.0797 5716 resetWinService - detected UnsignedFile.Multi.Generic (1) 20:42:18.0856 5716 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 20:42:18.0867 5716 RichVideo ( UnsignedFile.Multi.Generic ) - warning 20:42:18.0868 5716 RichVideo - detected UnsignedFile.Multi.Generic (1) 20:42:18.0916 5716 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:42:18.0940 5716 RpcLocator - ok 20:42:18.0967 5716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:42:19.0021 5716 RpcSs - ok 20:42:19.0060 5716 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:42:19.0113 5716 rspndr - ok 20:42:19.0133 5716 [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 20:42:19.0177 5716 RTL8169 - ok 20:42:19.0224 5716 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 20:42:19.0247 5716 RTSTOR - ok 20:42:19.0267 5716 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:42:19.0294 5716 SamSs - ok 20:42:19.0325 5716 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:42:19.0350 5716 sbp2port - ok 20:42:19.0382 5716 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:42:19.0426 5716 SCardSvr - ok 20:42:19.0480 5716 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:42:19.0526 5716 Schedule - ok 20:42:19.0542 5716 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:42:19.0579 5716 SCPolicySvc - ok 20:42:19.0611 5716 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:42:19.0642 5716 SDRSVC - ok 20:42:19.0662 5716 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:42:19.0741 5716 secdrv - ok 20:42:19.0756 5716 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:42:19.0804 5716 seclogon - ok 20:42:19.0827 5716 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 20:42:19.0879 5716 SENS - ok 20:42:19.0898 5716 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:42:19.0974 5716 Serenum - ok 20:42:19.0993 5716 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:42:20.0073 5716 Serial - ok 20:42:20.0086 5716 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:42:20.0135 5716 sermouse - ok 20:42:20.0178 5716 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 20:42:20.0230 5716 SessionEnv - ok 20:42:20.0251 5716 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:42:20.0298 5716 sffdisk - ok 20:42:20.0312 5716 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:42:20.0363 5716 sffp_mmc - ok 20:42:20.0397 5716 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:42:20.0444 5716 sffp_sd - ok 20:42:20.0463 5716 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:42:20.0550 5716 sfloppy - ok 20:42:20.0589 5716 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:42:20.0647 5716 SharedAccess - ok 20:42:20.0683 5716 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:42:20.0719 5716 ShellHWDetection - ok 20:42:20.0733 5716 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:42:20.0756 5716 sisagp - ok 20:42:20.0778 5716 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:42:20.0806 5716 SiSRaid2 - ok 20:42:20.0842 5716 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:42:20.0868 5716 SiSRaid4 - ok 20:42:20.0997 5716 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:42:21.0168 5716 slsvc - ok 20:42:21.0221 5716 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:42:21.0267 5716 SLUINotify - ok 20:42:21.0313 5716 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:42:21.0349 5716 Smb - ok 20:42:21.0383 5716 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:42:21.0417 5716 SNMPTRAP - ok 20:42:21.0440 5716 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:42:21.0465 5716 spldr - ok 20:42:21.0539 5716 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:42:21.0595 5716 Spooler - ok 20:42:21.0635 5716 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:42:21.0672 5716 srv - ok 20:42:21.0701 5716 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:42:21.0731 5716 srv2 - ok 20:42:21.0750 5716 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:42:21.0776 5716 srvnet - ok 20:42:21.0802 5716 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:42:21.0857 5716 SSDPSRV - ok 20:42:21.0893 5716 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 20:42:21.0913 5716 ssmdrv - ok 20:42:21.0939 5716 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:42:21.0972 5716 SstpSvc - ok 20:42:21.0998 5716 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 20:42:22.0035 5716 StillCam - ok 20:42:22.0093 5716 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:42:22.0136 5716 stisvc - ok 20:42:22.0176 5716 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:42:22.0216 5716 swenum - ok 20:42:22.0262 5716 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:42:22.0316 5716 swprv - ok 20:42:22.0336 5716 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:42:22.0361 5716 Symc8xx - ok 20:42:22.0376 5716 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:42:22.0400 5716 Sym_hi - ok 20:42:22.0430 5716 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:42:22.0451 5716 Sym_u3 - ok 20:42:22.0509 5716 [ CB01162BD6DD7B26D4CC6DCAC780E39C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:42:22.0536 5716 SynTP - ok 20:42:22.0589 5716 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 20:42:22.0643 5716 SysMain - ok 20:42:22.0680 5716 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:42:22.0713 5716 TabletInputService - ok 20:42:22.0761 5716 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:42:22.0808 5716 TapiSrv - ok 20:42:22.0836 5716 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:42:22.0884 5716 TBS - ok 20:42:22.0944 5716 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:42:23.0012 5716 Tcpip - ok 20:42:23.0053 5716 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:42:23.0107 5716 Tcpip6 - ok 20:42:23.0136 5716 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:42:23.0163 5716 tcpipreg - ok 20:42:23.0212 5716 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:42:23.0261 5716 TDPIPE - ok 20:42:23.0290 5716 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:42:23.0341 5716 TDTCP - ok 20:42:23.0383 5716 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:42:23.0423 5716 tdx - ok 20:42:23.0577 5716 [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe 20:42:23.0758 5716 TeamViewer8 - ok 20:42:23.0786 5716 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:42:23.0814 5716 TermDD - ok 20:42:23.0857 5716 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:42:23.0928 5716 TermService - ok 20:42:23.0964 5716 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:42:23.0999 5716 Themes - ok 20:42:24.0020 5716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:42:24.0086 5716 THREADORDER - ok 20:42:24.0131 5716 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:42:24.0185 5716 TrkWks - ok 20:42:24.0251 5716 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:42:24.0291 5716 TrustedInstaller - ok 20:42:24.0333 5716 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:42:24.0389 5716 tssecsrv - ok 20:42:24.0420 5716 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:42:24.0448 5716 tunmp - ok 20:42:24.0491 5716 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:42:24.0517 5716 tunnel - ok 20:42:24.0544 5716 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:42:24.0572 5716 uagp35 - ok 20:42:24.0651 5716 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:42:24.0699 5716 udfs - ok 20:42:24.0735 5716 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:42:24.0800 5716 UI0Detect - ok 20:42:24.0838 5716 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:42:24.0870 5716 uliagpkx - ok 20:42:24.0895 5716 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:42:24.0929 5716 uliahci - ok 20:42:24.0953 5716 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:42:24.0984 5716 UlSata - ok 20:42:25.0005 5716 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:42:25.0032 5716 ulsata2 - ok 20:42:25.0052 5716 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:42:25.0099 5716 umbus - ok 20:42:25.0133 5716 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 20:42:25.0194 5716 upnphost - ok 20:42:25.0231 5716 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:42:25.0272 5716 usbccgp - ok 20:42:25.0292 5716 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:42:25.0386 5716 usbcir - ok 20:42:25.0470 5716 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:42:25.0509 5716 usbehci - ok 20:42:25.0535 5716 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:42:25.0590 5716 usbhub - ok 20:42:25.0607 5716 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:42:25.0686 5716 usbohci - ok 20:42:25.0703 5716 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:42:25.0831 5716 usbprint - ok 20:42:25.0880 5716 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:42:25.0922 5716 USBSTOR - ok 20:42:25.0937 5716 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:42:26.0027 5716 usbuhci - ok 20:42:26.0099 5716 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:42:26.0158 5716 usbvideo - ok 20:42:26.0229 5716 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Program Files\Windows Live\Messenger\usnsvc.exe 20:42:26.0266 5716 usnjsvc - ok 20:42:26.0310 5716 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:42:26.0356 5716 UxSms - ok 20:42:26.0410 5716 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:42:26.0478 5716 vds - ok 20:42:26.0529 5716 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:42:26.0595 5716 vga - ok 20:42:26.0618 5716 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:42:26.0679 5716 VgaSave - ok 20:42:26.0710 5716 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:42:26.0739 5716 viaagp - ok 20:42:26.0788 5716 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:42:26.0859 5716 ViaC7 - ok 20:42:26.0881 5716 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:42:26.0908 5716 viaide - ok 20:42:26.0930 5716 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:42:26.0982 5716 volmgr - ok 20:42:27.0059 5716 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:42:27.0104 5716 volmgrx - ok 20:42:27.0152 5716 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:42:27.0186 5716 volsnap - ok 20:42:27.0207 5716 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:42:27.0239 5716 vsmraid - ok 20:42:27.0326 5716 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:42:27.0437 5716 VSS - ok 20:42:27.0463 5716 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:42:27.0539 5716 W32Time - ok 20:42:27.0563 5716 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:42:27.0646 5716 WacomPen - ok 20:42:27.0659 5716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:42:27.0702 5716 Wanarp - ok 20:42:27.0709 5716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:42:27.0749 5716 Wanarpv6 - ok 20:42:27.0779 5716 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:42:27.0856 5716 wcncsvc - ok 20:42:27.0910 5716 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:42:27.0952 5716 WcsPlugInService - ok 20:42:27.0989 5716 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:42:28.0016 5716 Wd - ok 20:42:28.0043 5716 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:42:28.0101 5716 Wdf01000 - ok 20:42:28.0118 5716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:42:28.0171 5716 WdiServiceHost - ok 20:42:28.0183 5716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:42:28.0234 5716 WdiSystemHost - ok 20:42:28.0276 5716 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 20:42:28.0313 5716 WebClient - ok 20:42:28.0337 5716 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:42:28.0390 5716 Wecsvc - ok 20:42:28.0410 5716 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:42:28.0454 5716 wercplsupport - ok 20:42:28.0482 5716 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:42:28.0527 5716 WerSvc - ok 20:42:28.0577 5716 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:42:28.0609 5716 WinDefend - ok 20:42:28.0623 5716 WinHttpAutoProxySvc - ok 20:42:28.0710 5716 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:42:28.0749 5716 Winmgmt - ok 20:42:28.0788 5716 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll 20:42:28.0846 5716 WinRM - ok 20:42:28.0906 5716 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:42:28.0947 5716 Wlansvc - ok 20:42:29.0005 5716 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe 20:42:29.0030 5716 WLSetupSvc - ok 20:42:29.0112 5716 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:42:29.0151 5716 WmiAcpi - ok 20:42:29.0193 5716 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:42:29.0242 5716 wmiApSrv - ok 20:42:29.0327 5716 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:42:29.0396 5716 WMPNetworkSvc - ok 20:42:29.0465 5716 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:42:29.0495 5716 WPCSvc - ok 20:42:29.0519 5716 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:42:29.0566 5716 WPDBusEnum - ok 20:42:29.0611 5716 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:42:29.0665 5716 WpdUsb - ok 20:42:29.0703 5716 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:42:29.0753 5716 ws2ifsl - ok 20:42:29.0799 5716 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 20:42:29.0836 5716 wscsvc - ok 20:42:29.0852 5716 WSearch - ok 20:42:29.0944 5716 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:42:30.0068 5716 wuauserv - ok 20:42:30.0132 5716 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:42:30.0185 5716 WUDFRd - ok 20:42:30.0220 5716 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:42:30.0278 5716 wudfsvc - ok 20:42:30.0315 5716 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys 20:42:30.0346 5716 X10Hid - ok 20:42:30.0414 5716 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 20:42:30.0424 5716 x10nets ( UnsignedFile.Multi.Generic ) - warning 20:42:30.0424 5716 x10nets - detected UnsignedFile.Multi.Generic (1) 20:42:30.0441 5716 ================ Scan global =============================== 20:42:30.0475 5716 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:42:30.0526 5716 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:42:30.0560 5716 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:42:30.0595 5716 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:42:30.0602 5716 [Global] - ok 20:42:30.0602 5716 ================ Scan MBR ================================== 20:42:30.0616 5716 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:42:31.0850 5716 \Device\Harddisk0\DR0 - ok 20:42:31.0851 5716 ================ Scan VBR ================================== 20:42:31.0856 5716 [ 58A0A2195F41B9277CD50F7662E37EF6 ] \Device\Harddisk0\DR0\Partition1 20:42:31.0860 5716 \Device\Harddisk0\DR0\Partition1 - ok 20:42:31.0881 5716 [ B79789AD66AC856C8405E21755569AE9 ] \Device\Harddisk0\DR0\Partition2 20:42:31.0883 5716 \Device\Harddisk0\DR0\Partition2 - ok 20:42:31.0884 5716 ============================================================ 20:42:31.0884 5716 Scan finished 20:42:31.0884 5716 ============================================================ 20:42:31.0903 3656 Detected object count: 9 20:42:31.0903 3656 Actual detected object count: 9 20:42:44.0476 3656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0476 3656 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0476 3656 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0477 3656 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0477 3656 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0477 3656 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0478 3656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0478 3656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0479 3656 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0479 3656 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0482 3656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0482 3656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0483 3656 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0483 3656 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0487 3656 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0487 3656 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:44.0488 3656 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 20:42:44.0488 3656 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:42:47.0029 5632 Deinitialize success |
11.03.2013, 17:56 | #6 |
/// Malware-holic | ihavenet.com Trojaner Hi, Scan mit Combofix
__________________ --> ihavenet.com Trojaner |
11.03.2013, 22:26 | #7 |
| ihavenet.com Trojaner Ich habe AntiVir vorher deaktiviert (zusammengefalteter Regenschirm), da ich es nicht komplett beenden konnte. Combofix hat mir dennoch gesagt, dass Avira Antivir und Antispy aktiv seien. Habe es dennoch ausgeführt. Das Fenster mit dem Registrierungsschlüssel kam nach Beenden des Scans (einmal bei ipmgoi.exe von Antivir und einmal bei Starten von TeamViewer), nach Neustart war es wie im Hinweis nicht mehr da. Hier der Inhalt der Logdatei: Code:
ATTFilter ComboFix 13-03-11.01 - Marianne 11.03.2013 21:25:59.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2058 [GMT 1:00] ausgeführt von:: c:\users\Marianne\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Recent\AOL eMail.URL c:\windows\IsUn0407.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 )))))))))))))))))))))))))))))) . . 2013-03-11 20:34 . 2013-03-11 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-06 18:59 . 2013-03-06 19:05 -------- d-----w- C:\_OTL 2013-03-05 13:33 . 2013-03-05 13:33 -------- d-----w- c:\program files\TeamViewer 2013-03-04 19:44 . 2013-03-04 21:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-03-04 17:18 . 2013-03-04 17:18 -------- d-----w- c:\users\Marianne\AppData\Roaming\Avira 2013-03-04 17:13 . 2013-03-04 16:59 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-04 17:13 . 2013-03-04 16:59 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-04 17:13 . 2013-03-04 16:59 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-04 17:13 . 2013-03-04 17:13 -------- d-----w- c:\program files\Avira 2013-03-04 14:38 . 2013-03-04 14:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-04 14:38 . 2013-01-31 15:59 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-04 14:38 . 2013-01-31 15:59 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-28 15:04 . 2013-01-31 15:56 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-28 15:04 . 2013-01-31 15:56 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-16 13:12 . 2012-12-21 09:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 09:37 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-03-08 13:09 . 2013-03-08 13:08 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Duden Korrektor SysTray"="c:\program files\Duden\Duden Korrektor\DKTray.exe" [2007-06-22 565976] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-04 385248] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] . c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Inhaltsverzeichnis.onetoc2 [2009-5-24 3656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Marianne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt] 2008-11-03 13:14 217088 ----a-w- c:\program files\BisonCam\BsMnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] 2008-10-14 09:57 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu] 2008-11-14 21:02 218408 ------w- c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 10:36 50472 ------w- c:\program files\HomeCinema\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-10-20 14:28 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2008-11-14 21:02 218408 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut] 2008-01-04 10:02 222504 ------w- c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2981673612-1989944714-3398691111-1000] "EnableNotificationsRef"=dword:00000005 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 15:04] . 2013-03-11 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\u334tkw9.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - ExtSQL: 2013-03-04 19:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\u334tkw9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: !HIDDEN! 2009-09-02 16:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2010-07-03 12:24; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe AddRemove-Schroedel Arbeitsblätter - c:\windows\ISUN0407.EXE AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-03-11 22:09 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(1324) c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PSIService.exe c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\TeamViewer\Version8\TeamViewer_Service.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\system32\WUDFHost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Duden\Duden Korrektor\DKCore.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Zeit der Fertigstellung: 2013-03-11 22:13:39 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-03-11 21:13 . Vor Suchlauf: 10 Verzeichnis(se), 210.863.824.896 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 210.441.191.424 Bytes frei . - - End Of File - - AADC27C18367AE5B5D49A4B996F77606 |
12.03.2013, 19:56 | #8 |
/// Malware-holic | ihavenet.com Trojaner Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu ihavenet.com Trojaner |
.com, 32 bit, antivir, autorun, avira, bho, browser, error, firefox, flash player, format, helper, home, install.exe, kaspersky, logfile, office 2007, plug-in, problem, registry, rundll, scan, senden, server, software, svchost.exe, trojaner, trojaner-board, usb, vista, wlan verbindung |