| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet ExplorerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.04.2013, 12:27
| #1 |
 |  Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Guten Tag, ich habe derzeit folgendes Problem an meinem Zweitrechner, wo nur meine kleine Schwester ab und zu kleinere Minigames spielt. Sobald man Internet Explorer, oder Mozilla Firefox öffnet und beispielsweise eine Internetseite besucht, öffnen sich parallel dazu zwei Tabs selbstständig. Dies passiert andauernd (mal häufiger, mal weniger) und ist sehr nervenaufreibend, wie ihr euch vorstellen könnt. Ich hatte erst Verlauf, Cookies etc. gelöscht, aber das Problem besteht weiterhin. Deswegen denke ich, dass es irgendein bösartiges Programm o.ä. sein könnte, was mir zu schaffen macht. Als Antivirenprogramm habe ich Avira Free Antivirus auf dem PC installiert (aus Kostengründen). Ich würde mich sehr über Hilfe bei meinem Problem freuen und hoffe, dass mein Post den Informationsansprüchen hier genügt ! Hier die Log-Datei von Malwarebytes : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 L. :: OEM-37FF81E6E19 [Administrator] 06.04.2013 13:09:22 mbam-log-2013-04-06 (13-09-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246450 Laufzeit: 10 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Mit freundlichen Grüßen, Nürnberger |
|
06.04.2013, 22:57
| #2 | |
| /// TB-Ausbilder   | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hi,
__________________Zitat:
__________________ |
|
08.04.2013, 17:17
| #3 | |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet ExplorerZitat:
Grüß dich, danke erstmal für deine Antwort ! Leider schreibe ich erst so spät, da ich jetzt 1 Tag mehr oder weniger darauf gewartet habe, dass sich mal wieder ungewollt Tabs öffnen. Denn eigentlich haben sie immer ein und dieselbe Website angezeigt Nun konnte ich natürlich auch keinen Screen davon machen. Ich glaube allerdings mich daran zu erinnern, dass mich die Tabs immer zu einer Seite mit der Adresse "ww.example.com" führen wollten, welche allerdings nur einen Fehler seitens des Browsers ausgab, da die Adresse fehlerhaft ist. Ist es nun ein gutes Zeichen, dass sich keine Tabs mehr ungewollt öffnen, oder bloß ein Schein und morgen geht es wieder los/weiter ? Ich warte mal ab und melde mich wieder, sobald ich etwas verdächtiges erblicke ! Würde mich, aber trotzdem über eure Meinungen freuen ! Danke im Voraus, Nürnberger |
|
08.04.2013, 17:23
| #4 | |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hi, Zitat:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ cheers, Leo |
|
12.04.2013, 02:12
| #5 |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________ cheers, Leo |
|
14.04.2013, 16:26
| #6 |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ --> Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer |
|
18.04.2013, 14:32
| #7 |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hier auch nochmals Entschuldigung für meine Inaktivität ! Ich habe nun die Schritte der Anleitung befolgt und dies sind die Ergebnisse : Im Übrigen habe ich hier einen Screen der Seite, welche sich dauernd von alleine öffnet :  OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.04.2013 14:06:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Ludi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 484,58 Mb Available Physical Memory | 47,40% Memory free 2,40 Gb Paging File | 1,87 Gb Available in Paging File | 78,06% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 278,81 Gb Total Space | 215,07 Gb Free Space | 77,14% Space Free | Partition Type: NTFS Drive D: | 19,27 Gb Total Space | 13,72 Gb Free Space | 71,19% Space Free | Partition Type: FAT32 Drive E: | 298,08 Gb Total Space | 297,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: OEM-37FF81E6E19 | User Name: Ludi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe PRC - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 10:56:14 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.28 10:56:11 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.09.11 04:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2009.11.19 00:51:46 | 000,473,704 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2013.04.12 14:04:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.14 17:02:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2009.06.28 18:46:00 | 003,100,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.07 20:09:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009.10.31 14:06:12 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.31 14:06:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.08.03 14:59:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.06.12 18:17:47 | 000,138,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2008.03.07 13:46:38 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt) DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006.09.18 19:42:48 | 000,141,824 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService) DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_deDE518 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.23 23:39:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 14:04:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.08 20:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions [2013.04.12 14:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 14:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 14:04:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.02.28 17:20:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.28 17:20:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.02.28 17:20:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.02.28 17:20:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.28 17:20:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.28 17:20:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.09 09:39:22 | 000,000,984 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Programme\WiseConvert_1.3\prxtbWis1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158754282359 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158754271218 (MUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ADB9F89-88FC-45C3-A623-F6D28716FECA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD313F6-2E3D-4D74-BB6C-1731AD27289B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\winuhy32: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.19 12:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{44e6fcba-4138-11de-8bae-001617880946}\Shell - "" = AutoRun O33 - MountPoints2\{44e6fcba-4138-11de-8bae-001617880946}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44e6fcba-4138-11de-8bae-001617880946}\Shell\AutoRun\command - "" = K:\setup.exe O33 - MountPoints2\{6f177e5e-1d24-11e2-8f5e-001617880946}\Shell - "" = AutoRun O33 - MountPoints2\{6f177e5e-1d24-11e2-8f5e-001617880946}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6f177e5e-1d24-11e2-8f5e-001617880946}\Shell\AutoRun\command - "" = M:\setup.exe O33 - MountPoints2\{79619182-673d-11de-8c3f-001617880946}\Shell - "" = AutoRun O33 - MountPoints2\{79619182-673d-11de-8c3f-001617880946}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79619182-673d-11de-8c3f-001617880946}\Shell\AutoRun\command - "" = K:\VTP_Manager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.18 14:04:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe [2013.04.12 14:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.10 22:37:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2013.04.10 20:55:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Startmenü\Programme\digital publishing [2013.04.10 20:54:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2013.04.10 20:51:02 | 000,000,000 | ---D | C] -- C:\Programme\digital publishing [2013.04.06 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.06 13:07:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.06 13:07:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.06 11:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InstallShield [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe [2013.04.18 14:03:57 | 002,359,350 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Neu Bitmap.bmp [2013.04.18 14:01:20 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 14:01:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.18 14:00:10 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2013.04.18 14:00:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.18 13:58:53 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\SLOW-PCfighter-Ludi-Startup.job [2013.04.18 13:58:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.18 13:58:46 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2013.04.18 13:57:31 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable [2013.04.18 13:52:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe [2013.04.16 20:56:03 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013.04.16 20:56:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.04.16 20:55:51 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013.04.16 20:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2013.04.16 14:04:46 | 000,253,912 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2013.04.14 18:12:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2013.04.13 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013.04.12 19:21:17 | 000,194,891 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt [2013.04.12 18:49:01 | 000,156,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf [2013.04.12 07:23:13 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.11 19:58:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.10 22:29:53 | 000,004,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip [2013.04.10 22:13:10 | 000,001,364 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN1C3450PC05JZ.job [2013.04.10 20:55:52 | 000,001,754 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk [2013.04.06 20:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.31 09:43:19 | 000,453,922 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.31 09:43:19 | 000,436,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.31 09:43:19 | 000,083,096 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.31 09:43:19 | 000,069,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.29 12:29:58 | 000,034,363 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt [2013.03.29 12:14:17 | 000,032,269 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt [2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.03.24 15:47:14 | 000,160,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf [2013.03.24 15:46:57 | 000,218,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.18 14:02:58 | 002,359,350 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Neu Bitmap.bmp [2013.04.18 13:57:08 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable [2013.04.18 13:52:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe [2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013.04.16 20:55:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.04.16 20:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2013.04.12 19:21:17 | 000,194,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt [2013.04.12 18:49:00 | 000,156,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf [2013.04.10 22:29:53 | 000,004,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip [2013.04.10 20:55:52 | 000,001,754 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk [2013.04.06 13:07:55 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.29 12:14:38 | 000,034,363 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt [2013.03.29 11:54:38 | 000,032,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt [2013.03.24 15:40:10 | 000,160,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf [2013.03.24 15:36:40 | 000,218,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt [2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.11.03 20:29:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.04.11 08:59:30 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.17 16:50:27 | 000,001,056 | RHS- | C] () -- C:\Dokumente und Einstellungen\Ludi\ntuser.pol [2008.12.03 22:26:07 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.22 16:52:42 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2006.09.22 16:52:42 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2006.09.22 16:52:42 | 000,000,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak ========== ZeroAccess Check ========== [2006.09.19 12:32:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.24 15:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2010.05.08 19:37:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.10.06 18:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.10.23 19:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2010.05.02 12:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs [2009.02.22 19:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2012.10.24 11:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2009.02.08 20:54:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.03.09 19:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU [2010.04.05 12:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground [2009.01.27 22:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.28 21:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2012.10.23 19:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2010.05.08 19:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Canneverbe Limited [2012.10.24 12:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\DAEMON Tools Lite [2009.02.22 20:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Datalayer [2010.02.13 15:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Firaxis Games [2012.10.24 10:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\FUJIFILM [2012.10.23 17:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ICQ [2010.05.06 16:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InfraRecorder [2009.10.06 20:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Leadertech [2012.10.23 19:14:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\MSNInstaller [2012.10.23 19:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\My Games [2009.02.22 20:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Nokia [2012.10.24 15:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org [2009.02.04 21:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PC Suite [2013.01.23 23:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PDF Architect [2013.01.23 23:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\pdfforge [2013.04.06 13:28:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PriceGong [2008.12.08 17:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ScummVM [2009.12.01 15:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\temp [2009.12.28 22:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Ubisoft [2009.05.15 12:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Vodafone ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Manufacturer < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.04.2013 14:06:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Ludi\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 484,58 Mb Available Physical Memory | 47,40% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 78,06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 278,81 Gb Total Space | 215,07 Gb Free Space | 77,14% Space Free | Partition Type: NTFS
Drive D: | 19,27 Gb Total Space | 13,72 Gb Free Space | 71,19% Space Free | Partition Type: FAT32
Drive E: | 298,08 Gb Total Space | 297,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: OEM-37FF81E6E19 | User Name: Ludi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7776:TCP" = 7776:TCP:*:Enabled:Borderlands
"7777:TCP" = 7777:TCP:*:Enabled:Borderlands
"7778:TCP" = 7778:TCP:*:Enabled:Borderlands
"29899:TCP" = 29899:TCP:*:Enabled:Borderlands
"29900:TCP" = 29900:TCP:*:Enabled:Borderlands
"29901:TCP" = 29901:TCP:*:Enabled:Borderlands
"6514:TCP" = 6514:TCP:*:Enabled:Borderlands
"6515:TCP" = 6515:TCP:*:Enabled:Borderlands
"6516:TCP" = 6516:TCP:*:Enabled:Borderlands
"6499:TCP" = 6499:TCP:*:Enabled:Borderlands
"6500:TCP" = 6500:TCP:*:Enabled:Borderlands
"6501:TCP" = 6501:TCP:*:Enabled:Borderlands
"28909:TCP" = 28909:TCP:*:Enabled:Borderlands
"28901:TCP" = 28901:TCP:*:Enabled:Borderlands
"28902:TCP" = 28902:TCP:*:Enabled:Borderlands
"28903:TCP" = 28903:TCP:*:Enabled:Borderlands
"7776:UDP" = 7776:UDP:*:Enabled:Borderlands
"7777:UDP" = 7777:UDP:*:Enabled:Borderlands
"7778:UDP" = 7778:UDP:*:Enabled:Borderlands
"29899:UDP" = 29899:UDP:*:Enabled:Borderlands
"29900:UDP" = 29900:UDP:*:Enabled:Borderlands
"29901:UDP" = 29901:UDP:*:Enabled:Borderlands
"13138:UDP" = 13138:UDP:*:Enabled:Borderlands
"13139:UDP" = 13139:UDP:*:Enabled:Borderlands
"13140:UDP" = 13140:UDP:*:Enabled:Borderlands
"27899:UDP" = 27899:UDP:*:Enabled:Borderlands
"27900:UDP" = 27900:UDP:*:Enabled:Borderlands
"28910:TCP" = 28910:TCP:*:Enabled:Borderlands
"28902:UDP" = 28902:UDP:*:Enabled:Borderlands
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms EU\NMService.exe" = C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = C:\Programme\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Warcraft III\yawle.exe" = C:\Program Files\Warcraft III\yawle.exe:*:Enabled:Yet Another Warcraft LAN Emulator
"C:\Dokumente und Einstellungen\Ludi\Desktop\Warcraft3\Frozen Throne.exe" = C:\Dokumente und Einstellungen\Ludi\Desktop\Warcraft3\Frozen Throne.exe:*:Enabled:Frozen Throne.exe
"C:\Dokumente und Einstellungen\Ludi\Desktop\Warcraft3\Warcraft III.exe" = C:\Dokumente und Einstellungen\Ludi\Desktop\Warcraft3\Warcraft III.exe:*:Enabled:Warcraft III.exe
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Programme\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BET_14_674329" = Business English - Telefonieren
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by eSupport.com
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SystemRequirementsLab" = System Requirements Lab
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WET7Cable" = Windows-EasyTransfer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WiseConvert_1.3 Toolbar" = WiseConvert 1.3 Toolbar
"WMCSetup" = Windows Media Connect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2013 11:24:06 | Computer Name = OEM-37FF81E6E19 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 22.03.2013 11:23:05 | Computer Name = OEM-37FF81E6E19 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 28.03.2013 04:57:32 | Computer Name = OEM-37FF81E6E19 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x14
Error - 28.03.2013 10:17:33 | Computer Name = OEM-37FF81E6E19 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x2
Error - 29.03.2013 05:45:51 | Computer Name = OEM-37FF81E6E19 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 29.03.2013 05:45:51 | Computer Name = OEM-37FF81E6E19 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 05.04.2013 10:59:29 | Computer Name = OEM-37FF81E6E19 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 06.04.2013 05:46:54 | Computer Name = OEM-37FF81E6E19 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 06.04.2013 05:46:55 | Computer Name = OEM-37FF81E6E19 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 12.04.2013 10:59:41 | Computer Name = OEM-37FF81E6E19 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ Media Center Events ]
Error - 25.06.2009 04:00:49 | Computer Name = OEM-37FF81E6E19 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 25.06.2009 10:00:49
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
[ System Events ]
Error - 17.04.2013 16:36:25 | Computer Name = OEM-37FF81E6E19 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2661637)
Error - 17.04.2013 17:07:23 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 17.04.2013 17:07:23 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 17.04.2013 17:09:56 | Computer Name = OEM-37FF81E6E19 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2661637)
Error - 18.04.2013 07:18:15 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 18.04.2013 07:18:15 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 18.04.2013 07:26:07 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 18.04.2013 07:26:07 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 18.04.2013 07:59:14 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 18.04.2013 07:59:14 | Computer Name = OEM-37FF81E6E19 | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-18 15:12:23
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3320820AS rev.3.AAC 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Ludi\LOKALE~1\Temp\kflcipod.sys
---- System - GMER 2.1 ----
SSDT F2D06CDC ZwClose
SSDT F2D06C96 ZwCreateKey
SSDT F2D06CE6 ZwCreateSection
SSDT F2D06C8C ZwCreateThread
SSDT F2D06C9B ZwDeleteKey
SSDT F2D06CA5 ZwDeleteValueKey
SSDT F2D06CD7 ZwDuplicateObject
SSDT F2D06CAA ZwLoadKey
SSDT F2D06C78 ZwOpenProcess
SSDT F2D06C7D ZwOpenThread
SSDT F2D06CFF ZwQueryValueKey
SSDT F2D06CB4 ZwReplaceKey
SSDT F2D06CF0 ZwRequestWaitReplyPort
SSDT F2D06CAF ZwRestoreKey
SSDT F2D06CEB ZwSetContextThread
SSDT F2D06CF5 ZwSetSecurityObject
SSDT F2D06CA0 ZwSetValueKey
SSDT F2D06CFA ZwSystemDebugControl
SSDT F2D06C87 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.rsrc C:\WINDOWS\system32\drivers\pciide.sys entry point in ".rsrc" section [0xF7BD8814]
? C:\WINDOWS\system32\drivers\pciide.sys suspicious PE modification
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E273C0, 0x84E2FA, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5245300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF2D74300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\wuauclt.exe[224] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[224] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[224] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[848] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[848] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 02F5000A
.text C:\WINDOWS\System32\svchost.exe[848] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 02E0000A
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C
---- Devices - GMER 2.1 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-1c 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-24 86619CE2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 86619CE2
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3320820AS_____________________________3.AAC___#5&375cce0e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x86619ee4]<< 86619ee4
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86687ab8] 86687ab8
Trace 3 CLASSPNP.SYS[f7670fd7] -> nt!IofCallDriver -> [0x8672eed0] 8672eed0
Trace 5 xfilt.sys[f7681046] -> nt!IofCallDriver -> \Device\00000070[0x867e0260] 867e0260
Trace 7 ACPI.sys[f74e6620] -> nt!IofCallDriver -> [0x8668dd98] 8668dd98
Trace [0x866124b8] -> IRP_MJ_CREATE -> 0x86619ee4 86619ee4
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0xFE 0x29 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0x50 0xE8 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x96 0xFE 0x29 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x76 0x50 0xE8 0x18 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3320820AS_____________________________3.AAC___#5&375cce0e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
Disk \Device\Harddisk0\DR0 Device \Driver\atapi -> DriverStartIo 86619ce2
Disk \Device\Harddisk0\DR0 unknown MBR code <-- ROOTKIT !!!
---- Files - GMER 2.1 ----
File C:\WINDOWS\system32\drivers\pciide.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 2.1 ----
|
|
18.04.2013, 15:02
| #8 |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hallo, gar kein Problem.  Aber der Gmer-Scan bringt keine frohe Kunde.. Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung. Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
18.04.2013, 16:44
| #9 |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Ok das hab ich dann mal gemacht : Nochmals ein fettes Dankeschön für die Hilfe ! Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-18 17:32:58
-----------------------------
17:32:58.273 OS Version: Windows 5.1.2600 Service Pack 3
17:32:58.273 Number of processors: 2 586 0x407
17:32:58.273 ComputerName: OEM-37FF81E6E19 UserName: Ludi
17:33:05.445 Initialize success
17:35:41.726 AVAST engine defs: 13041800
17:35:54.351 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
17:35:54.351 Disk 0 Vendor: ST3320820AS 3.AAC Size: 305245MB BusType: 3
17:35:54.351 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:35:54.367 Disk 1 Vendor: ST3320820AS 3.AAC Size: 305245MB BusType: 3
17:35:54.367 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3320820AS_____________________________3.AAC___#5&375cce0e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
17:35:54.398 Device \Driver\atapi -> DriverStartIo 86619ce2
17:35:55.695 Disk 0 MBR read successfully
17:35:55.742 Disk 0 MBR scan
17:35:55.976 Disk 0 unknown MBR code
17:35:56.023 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 285498 MB offset 63
17:35:56.242 Disk 0 Partition - 00 0F Extended LBA 19743 MB offset 584701740
17:35:56.289 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 19743 MB offset 584701803
17:35:56.351 Disk 0 scanning sectors +625137345
17:35:57.258 Disk 0 scanning C:\WINDOWS\system32\drivers
17:36:32.320 File: C:\WINDOWS\system32\drivers\pciide.sys TDL3 **ROOTKIT**
17:36:46.601 Scan finished successfully
17:37:15.664 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Ludi\Desktop\MBR.dat"
17:37:15.711 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Ludi\Desktop\aswMBR.txt"
Code:
ATTFilter 17:39:29.0664 2460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:39:29.0820 2460 ============================================================
17:39:29.0820 2460 Current date / time: 2013/04/18 17:39:29.0820
17:39:29.0820 2460 SystemInfo:
17:39:29.0820 2460
17:39:29.0820 2460 OS Version: 5.1.2600 ServicePack: 3.0
17:39:29.0820 2460 Product type: Workstation
17:39:29.0820 2460 ComputerName: OEM-37FF81E6E19
17:39:29.0820 2460 UserName: Ludi
17:39:29.0820 2460 Windows directory: C:\WINDOWS
17:39:29.0820 2460 System windows directory: C:\WINDOWS
17:39:29.0820 2460 Processor architecture: Intel x86
17:39:29.0820 2460 Number of processors: 2
17:39:29.0820 2460 Page size: 0x1000
17:39:29.0820 2460 Boot type: Normal boot
17:39:29.0820 2460 ============================================================
17:39:33.0008 2460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:39:33.0023 2460 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:39:33.0070 2460 ============================================================
17:39:33.0070 2460 \Device\Harddisk0\DR0:
17:39:33.0070 2460 MBR partitions:
17:39:33.0070 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22D9D6ED
17:39:33.0086 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x22D9D76B, BlocksNum 0x268FF56
17:39:33.0086 2460 \Device\Harddisk1\DR1:
17:39:33.0086 2460 MBR partitions:
17:39:33.0101 2460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x254297C1
17:39:33.0101 2460 ============================================================
17:39:33.0148 2460 C: <-> \Device\Harddisk0\DR0\Partition1
17:39:33.0148 2460 D: <-> \Device\Harddisk0\DR0\Partition2
17:39:33.0164 2460 E: <-> \Device\Harddisk1\DR1\Partition1
17:39:33.0164 2460 ============================================================
17:39:33.0164 2460 Initialize success
17:39:33.0164 2460 ============================================================
17:39:42.0320 1084 ============================================================
17:39:42.0320 1084 Scan started
17:39:42.0320 1084 Mode: Manual;
17:39:42.0320 1084 ============================================================
17:39:43.0601 1084 ================ Scan system memory ========================
17:39:43.0601 1084 System memory - ok
17:39:43.0601 1084 ================ Scan services =============================
17:39:43.0976 1084 Abiosdsk - ok
17:39:43.0992 1084 abp480n5 - ok
17:39:44.0101 1084 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:39:44.0101 1084 ACPI - ok
17:39:44.0148 1084 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:39:44.0148 1084 ACPIEC - ok
17:39:44.0305 1084 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:44.0430 1084 AdobeFlashPlayerUpdateSvc - ok
17:39:44.0430 1084 adpu160m - ok
17:39:44.0539 1084 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:39:44.0539 1084 aec - ok
17:39:44.0648 1084 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:39:44.0648 1084 AFD - ok
17:39:44.0664 1084 Aha154x - ok
17:39:44.0680 1084 aic78u2 - ok
17:39:44.0695 1084 aic78xx - ok
17:39:44.0742 1084 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:39:44.0758 1084 Alerter - ok
17:39:44.0805 1084 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:39:44.0836 1084 ALG - ok
17:39:44.0851 1084 AliIde - ok
17:39:44.0867 1084 amsint - ok
17:39:45.0039 1084 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:39:45.0180 1084 AntiVirSchedulerService - ok
17:39:45.0258 1084 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:39:45.0320 1084 AntiVirService - ok
17:39:45.0476 1084 [ 7E94E567C1AA5ABE6174032B3DAB6C23 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
17:39:45.0601 1084 Apple Mobile Device - ok
17:39:45.0695 1084 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:39:45.0789 1084 AppMgmt - ok
17:39:45.0820 1084 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:39:45.0820 1084 Arp1394 - ok
17:39:45.0836 1084 asc - ok
17:39:45.0851 1084 asc3350p - ok
17:39:45.0867 1084 asc3550 - ok
17:39:46.0008 1084 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:39:46.0070 1084 aspnet_state - ok
17:39:46.0101 1084 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:39:46.0101 1084 AsyncMac - ok
17:39:46.0164 1084 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:39:46.0164 1084 atapi - ok
17:39:46.0180 1084 Atdisk - ok
17:39:46.0320 1084 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:39:46.0351 1084 atksgt - ok
17:39:46.0414 1084 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:39:46.0414 1084 Atmarpc - ok
17:39:46.0476 1084 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:39:46.0523 1084 AudioSrv - ok
17:39:46.0555 1084 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:39:46.0570 1084 audstub - ok
17:39:46.0633 1084 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:39:46.0633 1084 avgntflt - ok
17:39:46.0695 1084 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:39:46.0695 1084 avipbb - ok
17:39:46.0726 1084 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:39:46.0726 1084 avkmgr - ok
17:39:46.0789 1084 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:39:46.0789 1084 Beep - ok
17:39:46.0961 1084 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:39:47.0148 1084 BITS - ok
17:39:47.0273 1084 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:39:47.0398 1084 Bonjour Service - ok
17:39:47.0492 1084 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:39:47.0539 1084 Browser - ok
17:39:47.0586 1084 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:39:47.0586 1084 cbidf2k - ok
17:39:47.0586 1084 cd20xrnt - ok
17:39:47.0633 1084 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:39:47.0633 1084 Cdaudio - ok
17:39:47.0695 1084 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:39:47.0695 1084 Cdfs - ok
17:39:47.0773 1084 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:39:47.0773 1084 Cdrom - ok
17:39:47.0773 1084 Changer - ok
17:39:47.0820 1084 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:39:47.0851 1084 CiSvc - ok
17:39:47.0883 1084 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:39:47.0914 1084 ClipSrv - ok
17:39:47.0976 1084 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:48.0086 1084 clr_optimization_v2.0.50727_32 - ok
17:39:48.0086 1084 CmdIde - ok
17:39:48.0101 1084 COMSysApp - ok
17:39:48.0117 1084 Cpqarray - ok
17:39:48.0180 1084 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:39:48.0226 1084 CryptSvc - ok
17:39:48.0242 1084 dac2w2k - ok
17:39:48.0242 1084 dac960nt - ok
17:39:48.0430 1084 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:39:48.0695 1084 DcomLaunch - ok
17:39:48.0820 1084 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:39:48.0836 1084 Dhcp - ok
17:39:48.0898 1084 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:39:48.0898 1084 Disk - ok
17:39:48.0914 1084 dmadmin - ok
17:39:49.0226 1084 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:39:49.0461 1084 dmboot - ok
17:39:49.0555 1084 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:39:49.0555 1084 dmio - ok
17:39:49.0586 1084 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:39:49.0586 1084 dmload - ok
17:39:49.0648 1084 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:39:49.0680 1084 dmserver - ok
17:39:49.0742 1084 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:39:49.0742 1084 DMusic - ok
17:39:49.0805 1084 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:39:49.0867 1084 Dnscache - ok
17:39:49.0976 1084 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:39:50.0055 1084 Dot3svc - ok
17:39:50.0070 1084 dpti2o - ok
17:39:50.0101 1084 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:39:50.0101 1084 drmkaud - ok
17:39:50.0101 1084 EagleNT - ok
17:39:50.0148 1084 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:39:50.0195 1084 EapHost - ok
17:39:50.0367 1084 [ 026DA2AB097171C02EAC7AB3EE22D269 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
17:39:50.0508 1084 ehRecvr - ok
17:39:50.0601 1084 [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe
17:39:50.0680 1084 ehSched - ok
17:39:50.0726 1084 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:39:50.0758 1084 ERSvc - ok
17:39:50.0851 1084 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:39:50.0945 1084 Eventlog - ok
17:39:51.0086 1084 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:39:51.0226 1084 EventSystem - ok
17:39:51.0320 1084 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:39:51.0320 1084 Fastfat - ok
17:39:51.0430 1084 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:39:51.0695 1084 FastUserSwitchingCompatibility - ok
17:39:52.0070 1084 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
17:39:52.0367 1084 Fax - ok
17:39:52.0414 1084 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:39:52.0414 1084 Fdc - ok
17:39:52.0476 1084 [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:39:52.0476 1084 FET5X86V - ok
17:39:52.0523 1084 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:39:52.0523 1084 FETNDIS - ok
17:39:52.0570 1084 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:39:52.0570 1084 Fips - ok
17:39:52.0617 1084 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:39:52.0617 1084 Flpydisk - ok
17:39:52.0711 1084 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:39:52.0711 1084 FltMgr - ok
17:39:52.0805 1084 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:39:53.0008 1084 FontCache3.0.0.0 - ok
17:39:53.0039 1084 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:39:53.0039 1084 Fs_Rec - ok
17:39:53.0086 1084 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:39:53.0101 1084 Ftdisk - ok
17:39:53.0148 1084 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:39:53.0148 1084 GEARAspiWDM - ok
17:39:53.0195 1084 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:39:53.0195 1084 Gpc - ok
17:39:53.0273 1084 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:39:53.0273 1084 hamachi - ok
17:39:53.0367 1084 [ B93F1AEDBE74C100EFD4F6B4A27907B2 ] HdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
17:39:53.0367 1084 HdAudAddService - ok
17:39:53.0430 1084 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:39:53.0430 1084 HDAudBus - ok
17:39:53.0539 1084 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:39:53.0586 1084 helpsvc - ok
17:39:53.0617 1084 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:39:53.0648 1084 HidServ - ok
17:39:53.0680 1084 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:39:53.0680 1084 HidUsb - ok
17:39:53.0758 1084 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:39:53.0820 1084 hkmsvc - ok
17:39:53.0820 1084 hpn - ok
17:39:53.0945 1084 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:39:53.0961 1084 HTTP - ok
17:39:54.0008 1084 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:39:54.0039 1084 HTTPFilter - ok
17:39:54.0101 1084 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
17:39:54.0101 1084 hwdatacard - ok
17:39:54.0101 1084 i2omgmt - ok
17:39:54.0117 1084 i2omp - ok
17:39:54.0164 1084 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:39:54.0164 1084 i8042prt - ok
17:39:54.0289 1084 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:39:54.0367 1084 IDriverT - ok
17:39:54.0742 1084 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:39:55.0258 1084 idsvc - ok
17:39:55.0305 1084 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:39:55.0305 1084 Imapi - ok
17:39:55.0398 1084 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:39:55.0508 1084 ImapiService - ok
17:39:55.0523 1084 ini910u - ok
17:39:55.0539 1084 IntelIde - ok
17:39:55.0601 1084 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:39:55.0601 1084 intelppm - ok
17:39:55.0633 1084 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:39:55.0633 1084 Ip6Fw - ok
17:39:55.0680 1084 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:39:55.0680 1084 IpFilterDriver - ok
17:39:55.0711 1084 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:39:55.0711 1084 IpInIp - ok
17:39:55.0805 1084 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:39:55.0805 1084 IpNat - ok
17:39:55.0883 1084 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:39:55.0883 1084 IPSec - ok
17:39:55.0914 1084 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:39:55.0914 1084 IRENUM - ok
17:39:55.0976 1084 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:39:55.0976 1084 isapnp - ok
17:39:56.0195 1084 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:39:56.0336 1084 JavaQuickStarterService - ok
17:39:56.0367 1084 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:39:56.0383 1084 Kbdclass - ok
17:39:56.0398 1084 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:39:56.0398 1084 kbdhid - ok
17:39:56.0508 1084 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:39:56.0508 1084 kmixer - ok
17:39:56.0586 1084 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:39:56.0586 1084 KSecDD - ok
17:39:56.0664 1084 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:39:56.0742 1084 lanmanserver - ok
17:39:56.0836 1084 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:39:56.0914 1084 lanmanworkstation - ok
17:39:56.0930 1084 lbrtfdc - ok
17:39:56.0992 1084 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:39:56.0992 1084 lirsgt - ok
17:39:57.0039 1084 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:39:57.0070 1084 LmHosts - ok
17:39:57.0117 1084 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:39:57.0117 1084 MBAMProtector - ok
17:39:57.0305 1084 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:39:57.0555 1084 MBAMScheduler - ok
17:39:57.0820 1084 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:39:58.0180 1084 MBAMService - ok
17:39:58.0258 1084 [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
17:39:58.0336 1084 McrdSvc - ok
17:39:58.0367 1084 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:39:58.0398 1084 Messenger - ok
17:39:58.0461 1084 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll
17:39:58.0523 1084 MHN - ok
17:39:58.0539 1084 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:39:58.0539 1084 MHNDRV - ok
17:39:58.0586 1084 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:39:58.0586 1084 mnmdd - ok
17:39:58.0633 1084 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:39:58.0664 1084 mnmsrvc - ok
17:39:58.0711 1084 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:39:58.0711 1084 Modem - ok
17:39:58.0742 1084 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:39:58.0742 1084 Mouclass - ok
17:39:58.0805 1084 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:39:58.0805 1084 mouhid - ok
17:39:58.0836 1084 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:39:58.0836 1084 MountMgr - ok
17:39:58.0945 1084 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:39:59.0023 1084 MozillaMaintenance - ok
17:39:59.0023 1084 mraid35x - ok
17:39:59.0101 1084 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:39:59.0101 1084 MRxDAV - ok
17:39:59.0305 1084 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:39:59.0305 1084 MRxSmb - ok
17:39:59.0383 1084 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:39:59.0430 1084 MSDTC - ok
17:39:59.0523 1084 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:39:59.0523 1084 Msfs - ok
17:39:59.0539 1084 MSIServer - ok
17:39:59.0570 1084 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:39:59.0570 1084 MSKSSRV - ok
17:39:59.0617 1084 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:39:59.0617 1084 MSPCLOCK - ok
17:39:59.0633 1084 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:39:59.0633 1084 MSPQM - ok
17:39:59.0680 1084 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:39:59.0680 1084 mssmbios - ok
17:39:59.0773 1084 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:39:59.0773 1084 Mup - ok
17:39:59.0961 1084 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:40:00.0133 1084 napagent - ok
17:40:00.0211 1084 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:40:00.0226 1084 NDIS - ok
17:40:00.0273 1084 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:40:00.0273 1084 NdisTapi - ok
17:40:00.0320 1084 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:40:00.0320 1084 Ndisuio - ok
17:40:00.0351 1084 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:40:00.0367 1084 NdisWan - ok
17:40:00.0398 1084 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:40:00.0398 1084 NDProxy - ok
17:40:00.0492 1084 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:40:00.0492 1084 NetBIOS - ok
17:40:00.0555 1084 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:40:00.0555 1084 NetBT - ok
17:40:00.0617 1084 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:40:00.0695 1084 NetDDE - ok
17:40:00.0789 1084 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:40:00.0789 1084 NetDDEdsdm - ok
17:40:00.0820 1084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:40:00.0851 1084 Netlogon - ok
17:40:00.0961 1084 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:40:01.0070 1084 Netman - ok
17:40:01.0148 1084 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:01.0258 1084 NetTcpPortSharing - ok
17:40:01.0289 1084 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:40:01.0305 1084 NIC1394 - ok
17:40:01.0414 1084 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:40:01.0523 1084 Nla - ok
17:40:01.0586 1084 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:40:01.0586 1084 Npfs - ok
17:40:01.0586 1084 npggsvc - ok
17:40:01.0633 1084 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\WINDOWS\system32\npptNT2.sys
17:40:01.0664 1084 NPPTNT2 - ok
17:40:01.0867 1084 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:40:01.0992 1084 Ntfs - ok
17:40:02.0023 1084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:40:02.0023 1084 NtLmSsp - ok
17:40:02.0226 1084 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:40:02.0461 1084 NtmsSvc - ok
17:40:02.0508 1084 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:40:02.0508 1084 Null - ok
17:40:08.0148 1084 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:40:13.0773 1084 nv - ok
17:40:13.0976 1084 [ 96F1A6F0A0D4F11047DF2F5C17C87E9D ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:40:14.0383 1084 NVSvc - ok
17:40:14.0633 1084 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:40:14.0633 1084 NwlnkFlt - ok
17:40:14.0648 1084 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:40:14.0648 1084 NwlnkFwd - ok
17:40:14.0695 1084 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:40:14.0695 1084 ohci1394 - ok
17:40:14.0773 1084 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:40:14.0773 1084 Parport - ok
17:40:14.0820 1084 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:40:14.0820 1084 PartMgr - ok
17:40:14.0867 1084 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:40:14.0867 1084 ParVdm - ok
17:40:14.0914 1084 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:40:14.0914 1084 PCI - ok
17:40:14.0914 1084 PCIDump - ok
17:40:14.0945 1084 [ BF300B9683C6F13F7ED1E5C7C9BF8BE6 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:40:14.0945 1084 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: BF300B9683C6F13F7ED1E5C7C9BF8BE6, Fake md5: 59BA86D9A61CBCF4DF8E598C331F5B82
17:40:14.0945 1084 PCIIde ( Rootkit.Win32.TDSS.tdl3 ) - infected
17:40:14.0945 1084 PCIIde - detected Rootkit.Win32.TDSS.tdl3 (0)
17:40:15.0023 1084 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:40:15.0039 1084 Pcmcia - ok
17:40:15.0039 1084 PDCOMP - ok
17:40:15.0711 1084 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Programme\PDF Architect\HelperService.exe
17:40:16.0383 1084 PDF Architect Helper Service - ok
17:40:16.0726 1084 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Programme\PDF Architect\ConversionService.exe
17:40:17.0133 1084 PDF Architect Service - ok
17:40:17.0133 1084 PDFRAME - ok
17:40:17.0148 1084 PDRELI - ok
17:40:17.0164 1084 PDRFRAME - ok
17:40:17.0164 1084 perc2 - ok
17:40:17.0180 1084 perc2hib - ok
17:40:17.0242 1084 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:40:17.0242 1084 PlugPlay - ok
17:40:17.0320 1084 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:40:17.0383 1084 PnkBstrA - ok
17:40:17.0445 1084 [ C39FD4DBF5CF5AF9E4BDAB58A1C323C9 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
17:40:17.0695 1084 PnkBstrB - ok
17:40:17.0789 1084 [ FB0C07EACB692DEAB8468FF048EC9E47 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
17:40:17.0789 1084 PnkBstrK - ok
17:40:17.0836 1084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:40:17.0836 1084 PolicyAgent - ok
17:40:17.0914 1084 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:40:17.0914 1084 PptpMiniport - ok
17:40:17.0945 1084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:40:17.0945 1084 ProtectedStorage - ok
17:40:18.0023 1084 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:40:18.0023 1084 Ptilink - ok
17:40:18.0101 1084 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:40:18.0101 1084 PxHelp20 - ok
17:40:18.0117 1084 ql1080 - ok
17:40:18.0148 1084 Ql10wnt - ok
17:40:18.0180 1084 ql12160 - ok
17:40:18.0211 1084 ql1240 - ok
17:40:18.0258 1084 ql1280 - ok
17:40:18.0305 1084 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:40:18.0320 1084 RasAcd - ok
17:40:18.0398 1084 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:40:18.0476 1084 RasAuto - ok
17:40:18.0555 1084 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:40:18.0555 1084 Rasl2tp - ok
17:40:18.0695 1084 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:40:18.0789 1084 RasMan - ok
17:40:18.0820 1084 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:40:18.0820 1084 RasPppoe - ok
17:40:18.0867 1084 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:40:18.0867 1084 Raspti - ok
17:40:18.0976 1084 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:40:18.0992 1084 Rdbss - ok
17:40:19.0039 1084 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:40:19.0039 1084 RDPCDD - ok
17:40:19.0148 1084 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:40:19.0148 1084 rdpdr - ok
17:40:19.0258 1084 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:40:19.0258 1084 RDPWD - ok
17:40:19.0351 1084 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:40:19.0461 1084 RDSessMgr - ok
17:40:19.0523 1084 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:40:19.0539 1084 redbook - ok
17:40:19.0664 1084 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:40:19.0711 1084 RemoteAccess - ok
17:40:19.0773 1084 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:40:19.0851 1084 RemoteRegistry - ok
17:40:19.0883 1084 Roxio UPnP Renderer 9 - ok
17:40:19.0945 1084 RoxLiveShare9 - ok
17:40:20.0008 1084 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:40:20.0070 1084 RpcLocator - ok
17:40:20.0242 1084 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:40:20.0242 1084 RpcSs - ok
17:40:20.0336 1084 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:40:20.0445 1084 RSVP - ok
17:40:20.0492 1084 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:40:20.0492 1084 SamSs - ok
17:40:20.0570 1084 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:40:20.0680 1084 SCardSvr - ok
17:40:20.0789 1084 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:40:20.0930 1084 Schedule - ok
17:40:21.0008 1084 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:40:21.0008 1084 Secdrv - ok
17:40:21.0039 1084 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:40:21.0086 1084 seclogon - ok
17:40:21.0148 1084 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:40:21.0195 1084 SENS - ok
17:40:21.0242 1084 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:40:21.0242 1084 serenum - ok
17:40:21.0305 1084 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:40:21.0305 1084 Serial - ok
17:40:21.0383 1084 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:40:21.0383 1084 Sfloppy - ok
17:40:21.0555 1084 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:40:21.0742 1084 SharedAccess - ok
17:40:21.0836 1084 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:40:21.0836 1084 ShellHWDetection - ok
17:40:21.0867 1084 Simbad - ok
17:40:21.0914 1084 Sparrow - ok
17:40:22.0180 1084 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:40:22.0180 1084 splitter - ok
17:40:22.0242 1084 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:40:22.0289 1084 Spooler - ok
17:40:22.0586 1084 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
17:40:22.0758 1084 sptd - ok
17:40:22.0789 1084 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:40:22.0789 1084 sr - ok
17:40:22.0883 1084 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:40:22.0976 1084 srservice - ok
17:40:23.0133 1084 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:40:23.0195 1084 Srv - ok
17:40:23.0273 1084 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:40:23.0336 1084 SSDPSRV - ok
17:40:23.0398 1084 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:40:23.0398 1084 ssmdrv - ok
17:40:23.0398 1084 StarOpen - ok
17:40:23.0461 1084 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:40:23.0476 1084 StillCam - ok
17:40:23.0633 1084 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:40:23.0836 1084 stisvc - ok
17:40:23.0867 1084 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:40:23.0867 1084 swenum - ok
17:40:23.0914 1084 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:40:23.0914 1084 swmidi - ok
17:40:23.0930 1084 SwPrv - ok
17:40:23.0945 1084 symc810 - ok
17:40:23.0945 1084 symc8xx - ok
17:40:23.0961 1084 sym_hi - ok
17:40:23.0976 1084 sym_u3 - ok
17:40:24.0008 1084 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:40:24.0008 1084 sysaudio - ok
17:40:24.0070 1084 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:40:24.0133 1084 SysmonLog - ok
17:40:24.0242 1084 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:40:24.0383 1084 TapiSrv - ok
17:40:24.0555 1084 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:40:24.0601 1084 Tcpip - ok
17:40:24.0648 1084 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:40:24.0648 1084 TDPIPE - ok
17:40:24.0680 1084 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:40:24.0680 1084 TDTCP - ok
17:40:24.0726 1084 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:40:24.0726 1084 TermDD - ok
17:40:24.0883 1084 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:40:25.0039 1084 TermService - ok
17:40:25.0117 1084 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:40:25.0117 1084 Themes - ok
17:40:25.0195 1084 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:40:25.0242 1084 TlntSvr - ok
17:40:25.0258 1084 TosIde - ok
17:40:25.0320 1084 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:40:25.0414 1084 TrkWks - ok
17:40:25.0461 1084 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
17:40:25.0461 1084 TVICHW32 - ok
17:40:25.0523 1084 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:40:25.0523 1084 uagp35 - ok
17:40:25.0570 1084 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:40:25.0570 1084 Udfs - ok
17:40:25.0586 1084 ultra - ok
17:40:25.0633 1084 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:40:25.0680 1084 UMWdf - ok
17:40:25.0851 1084 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:40:25.0914 1084 Update - ok
17:40:26.0008 1084 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:40:26.0195 1084 upnphost - ok
17:40:26.0273 1084 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:40:26.0289 1084 UPS - ok
17:40:26.0336 1084 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:40:26.0336 1084 usbccgp - ok
17:40:26.0367 1084 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:40:26.0367 1084 usbehci - ok
17:40:26.0414 1084 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:40:26.0414 1084 usbhub - ok
17:40:26.0461 1084 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:40:26.0461 1084 usbscan - ok
17:40:26.0508 1084 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:40:26.0508 1084 USBSTOR - ok
17:40:26.0539 1084 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:40:26.0539 1084 usbuhci - ok
17:40:26.0586 1084 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:40:26.0586 1084 VgaSave - ok
17:40:26.0617 1084 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:40:26.0617 1084 ViaIde - ok
17:40:26.0664 1084 [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
17:40:26.0664 1084 videX32 - ok
17:40:26.0680 1084 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:40:26.0695 1084 VolSnap - ok
17:40:26.0836 1084 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:40:26.0992 1084 VSS - ok
17:40:27.0070 1084 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:40:27.0180 1084 W32Time - ok
17:40:27.0242 1084 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:40:27.0242 1084 Wanarp - ok
17:40:27.0258 1084 wanatw - ok
17:40:27.0273 1084 WDICA - ok
17:40:27.0320 1084 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:40:27.0320 1084 wdmaud - ok
17:40:27.0383 1084 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:40:27.0445 1084 WebClient - ok
17:40:27.0664 1084 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:40:27.0773 1084 winmgmt - ok
17:40:28.0148 1084 [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS C:\Programme\Windows Media Connect 2\wmccds.exe
17:40:28.0555 1084 WMConnectCDS - ok
17:40:28.0617 1084 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:40:28.0648 1084 WmdmPmSN - ok
17:40:28.0914 1084 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:40:29.0148 1084 Wmi - ok
17:40:29.0258 1084 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:40:29.0351 1084 WmiApSrv - ok
17:40:29.0398 1084 [ BBAEACA1FFA3C86361CF0998474F6C3A ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
17:40:29.0398 1084 WpdUsb - ok
17:40:29.0461 1084 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:40:29.0539 1084 wscsvc - ok
17:40:29.0570 1084 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:40:29.0601 1084 wuauserv - ok
17:40:29.0805 1084 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:40:30.0055 1084 WZCSVC - ok
17:40:30.0117 1084 [ BEC604CDC548A528EBD3D7AA1DD46A89 ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys
17:40:30.0117 1084 xfilt - ok
17:40:30.0195 1084 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:40:30.0258 1084 xmlprov - ok
17:40:30.0273 1084 ================ Scan global ===============================
17:40:30.0320 1084 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:40:30.0492 1084 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:40:30.0758 1084 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:40:30.0820 1084 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:40:30.0820 1084 [Global] - ok
17:40:30.0820 1084 ================ Scan MBR ==================================
17:40:30.0851 1084 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
17:40:31.0117 1084 \Device\Harddisk0\DR0 - ok
17:40:31.0133 1084 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
17:40:31.0133 1084 \Device\Harddisk1\DR1 - ok
17:40:31.0133 1084 ================ Scan VBR ==================================
17:40:31.0148 1084 [ F27DE02AA180C24007B8ACE6E50AA3D6 ] \Device\Harddisk0\DR0\Partition1
17:40:31.0148 1084 \Device\Harddisk0\DR0\Partition1 - ok
17:40:31.0180 1084 [ 5AD5E73A57AE711187396F2A25EE9552 ] \Device\Harddisk0\DR0\Partition2
17:40:31.0180 1084 \Device\Harddisk0\DR0\Partition2 - ok
17:40:31.0180 1084 [ 20F249BF966EFBC2595D34ABF46003A9 ] \Device\Harddisk1\DR1\Partition1
17:40:31.0180 1084 \Device\Harddisk1\DR1\Partition1 - ok
17:40:31.0180 1084 ============================================================
17:40:31.0180 1084 Scan finished
17:40:31.0180 1084 ============================================================
17:40:31.0195 2728 Detected object count: 1
17:40:31.0195 2728 Actual detected object count: 1
17:40:48.0055 2728 PCIIde ( Rootkit.Win32.TDSS.tdl3 ) - skipped by user
17:40:48.0055 2728 PCIIde ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Skip
17:43:01.0742 3168 Deinitialize success
|
|
18.04.2013, 17:22
| #10 |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Gut. Schauen wir mal, ob sich das Ding erfolgreich ausgraben lässt: Schritt 1 Starte bitte TDSSkiller.exe. Vista und Win7 User mit Rechtsklick "als Administrator ausführen".
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
18.04.2013, 19:40
| #11 |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer So, nun hab ich 3 Dateien von TDSSKiller auf C:\ ! Zwei Textdokumente, eines mit 5 kb und eines mit 86 kb, sowie ein Ordner mit dem Namen "TDSSKiller_Quarantine". ich poste mal beide logs. Code:
ATTFilter 20:20:46.0546 3468 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:20:46.0812 3468 ============================================================
20:20:46.0812 3468 Current date / time: 2013/04/18 20:20:46.0812
20:20:46.0812 3468 SystemInfo:
20:20:46.0812 3468
20:20:46.0812 3468 OS Version: 5.1.2600 ServicePack: 3.0
20:20:46.0812 3468 Product type: Workstation
20:20:46.0812 3468 ComputerName: OEM-37FF81E6E19
20:20:46.0812 3468 UserName: Ludi
20:20:46.0812 3468 Windows directory: C:\WINDOWS
20:20:46.0812 3468 System windows directory: C:\WINDOWS
20:20:46.0812 3468 Processor architecture: Intel x86
20:20:46.0812 3468 Number of processors: 2
20:20:46.0812 3468 Page size: 0x1000
20:20:46.0812 3468 Boot type: Normal boot
20:20:46.0812 3468 ============================================================
20:20:58.0703 3468 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:20:58.0828 3468 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:20:58.0953 3468 ============================================================
20:20:58.0953 3468 \Device\Harddisk0\DR0:
20:20:59.0015 3468 MBR partitions:
20:20:59.0015 3468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22D9D6ED
20:20:59.0312 3468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x22D9D76B, BlocksNum 0x268FF56
20:20:59.0312 3468 \Device\Harddisk1\DR1:
20:20:59.0328 3468 MBR partitions:
20:20:59.0328 3468 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x254297C1
20:20:59.0328 3468 ============================================================
20:20:59.0703 3468 C: <-> \Device\Harddisk0\DR0\Partition1
20:20:59.0796 3468 D: <-> \Device\Harddisk0\DR0\Partition2
20:20:59.0828 3468 E: <-> \Device\Harddisk1\DR1\Partition1
20:20:59.0828 3468 ============================================================
20:20:59.0828 3468 Initialize success
20:20:59.0828 3468 ============================================================
20:21:02.0859 1596 ============================================================
20:21:02.0859 1596 Scan started
20:21:02.0859 1596 Mode: Manual;
20:21:02.0859 1596 ============================================================
20:21:14.0000 1596 ================ Scan system memory ========================
20:21:14.0031 1596 System memory - ok
20:21:14.0046 1596 ================ Scan services =============================
20:21:18.0015 1596 Abiosdsk - ok
20:21:18.0046 1596 abp480n5 - ok
20:21:19.0093 1596 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:21:19.0093 1596 ACPI - ok
20:21:20.0781 1596 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:21:20.0796 1596 ACPIEC - ok
20:21:23.0546 1596 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:21:23.0562 1596 AdobeFlashPlayerUpdateSvc - ok
20:21:23.0593 1596 adpu160m - ok
20:21:24.0031 1596 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:21:24.0031 1596 aec - ok
20:21:24.0218 1596 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:21:24.0234 1596 AFD - ok
20:21:24.0312 1596 Aha154x - ok
20:21:24.0359 1596 aic78u2 - ok
20:21:24.0390 1596 aic78xx - ok
20:21:24.0609 1596 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:21:24.0609 1596 Alerter - ok
20:21:24.0718 1596 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:21:24.0734 1596 ALG - ok
20:21:24.0781 1596 AliIde - ok
20:21:24.0812 1596 amsint - ok
20:21:34.0296 1596 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:21:34.0296 1596 AntiVirSchedulerService - ok
20:21:34.0546 1596 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:21:34.0546 1596 AntiVirService - ok
20:21:36.0078 1596 [ 7E94E567C1AA5ABE6174032B3DAB6C23 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:21:36.0078 1596 Apple Mobile Device - ok
20:21:37.0187 1596 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:21:37.0203 1596 AppMgmt - ok
20:21:37.0359 1596 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:21:37.0375 1596 Arp1394 - ok
20:21:37.0390 1596 asc - ok
20:21:37.0421 1596 asc3350p - ok
20:21:37.0468 1596 asc3550 - ok
20:21:39.0781 1596 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:21:39.0781 1596 aspnet_state - ok
20:21:39.0890 1596 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:21:39.0890 1596 AsyncMac - ok
20:21:39.0984 1596 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:21:39.0984 1596 atapi - ok
20:21:40.0015 1596 Atdisk - ok
20:21:40.0328 1596 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:21:40.0328 1596 atksgt - ok
20:21:40.0406 1596 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:21:40.0406 1596 Atmarpc - ok
20:21:40.0593 1596 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:21:40.0593 1596 AudioSrv - ok
20:21:40.0671 1596 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:21:40.0671 1596 audstub - ok
20:21:40.0796 1596 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:21:40.0796 1596 avgntflt - ok
20:21:41.0062 1596 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:21:41.0062 1596 avipbb - ok
20:21:41.0171 1596 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:21:41.0171 1596 avkmgr - ok
20:21:41.0265 1596 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:21:41.0265 1596 Beep - ok
20:21:41.0781 1596 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:21:41.0781 1596 BITS - ok
20:21:42.0109 1596 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
20:21:42.0109 1596 Bonjour Service - ok
20:21:42.0234 1596 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
20:21:42.0250 1596 Browser - ok
20:21:42.0343 1596 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:21:42.0343 1596 cbidf2k - ok
20:21:42.0359 1596 cd20xrnt - ok
20:21:42.0468 1596 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:21:42.0484 1596 Cdaudio - ok
20:21:42.0656 1596 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:21:42.0687 1596 Cdfs - ok
20:21:42.0812 1596 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:21:42.0812 1596 Cdrom - ok
20:21:42.0890 1596 Changer - ok
20:21:43.0031 1596 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:21:43.0031 1596 CiSvc - ok
20:21:43.0187 1596 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:21:43.0187 1596 ClipSrv - ok
20:21:43.0265 1596 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:21:43.0265 1596 clr_optimization_v2.0.50727_32 - ok
20:21:43.0296 1596 CmdIde - ok
20:21:43.0343 1596 COMSysApp - ok
20:21:43.0453 1596 Cpqarray - ok
20:21:43.0546 1596 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:21:43.0546 1596 CryptSvc - ok
20:21:43.0578 1596 dac2w2k - ok
20:21:43.0625 1596 dac960nt - ok
20:21:44.0296 1596 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:21:44.0312 1596 DcomLaunch - ok
20:21:44.0656 1596 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:21:44.0656 1596 Dhcp - ok
20:21:44.0750 1596 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:21:44.0750 1596 Disk - ok
20:21:44.0765 1596 dmadmin - ok
20:21:45.0171 1596 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:21:45.0171 1596 dmboot - ok
20:21:45.0281 1596 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:21:45.0281 1596 dmio - ok
20:21:45.0359 1596 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:21:45.0359 1596 dmload - ok
20:21:45.0453 1596 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:21:45.0453 1596 dmserver - ok
20:21:45.0562 1596 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:21:45.0562 1596 DMusic - ok
20:21:45.0703 1596 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:21:45.0703 1596 Dnscache - ok
20:21:45.0906 1596 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:21:45.0906 1596 Dot3svc - ok
20:21:45.0953 1596 dpti2o - ok
20:21:46.0015 1596 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:21:46.0015 1596 drmkaud - ok
20:21:46.0062 1596 EagleNT - ok
20:21:46.0156 1596 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:21:46.0156 1596 EapHost - ok
20:21:46.0421 1596 [ 026DA2AB097171C02EAC7AB3EE22D269 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:21:46.0437 1596 ehRecvr - ok
20:21:46.0703 1596 [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:21:46.0718 1596 ehSched - ok
20:21:46.0859 1596 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:21:46.0937 1596 ERSvc - ok
20:21:47.0046 1596 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:21:47.0046 1596 Eventlog - ok
20:21:47.0234 1596 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
20:21:47.0234 1596 EventSystem - ok
20:21:47.0390 1596 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:21:47.0390 1596 Fastfat - ok
20:21:47.0578 1596 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:21:47.0593 1596 FastUserSwitchingCompatibility - ok
20:21:47.0828 1596 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
20:21:47.0843 1596 Fax - ok
20:21:47.0906 1596 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:21:47.0906 1596 Fdc - ok
20:21:48.0093 1596 [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
20:21:48.0093 1596 FET5X86V - ok
20:21:48.0187 1596 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:21:48.0187 1596 FETNDIS - ok
20:21:48.0234 1596 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:21:48.0250 1596 Fips - ok
20:21:48.0343 1596 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:21:48.0343 1596 Flpydisk - ok
20:21:48.0500 1596 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:21:48.0515 1596 FltMgr - ok
20:21:48.0796 1596 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:21:48.0796 1596 FontCache3.0.0.0 - ok
20:21:48.0843 1596 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:21:48.0843 1596 Fs_Rec - ok
20:21:48.0921 1596 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:21:48.0921 1596 Ftdisk - ok
20:21:49.0046 1596 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:21:49.0046 1596 GEARAspiWDM - ok
20:21:49.0203 1596 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:21:49.0203 1596 Gpc - ok
20:21:49.0296 1596 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:21:49.0296 1596 hamachi - ok
20:21:49.0562 1596 [ B93F1AEDBE74C100EFD4F6B4A27907B2 ] HdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
20:21:49.0562 1596 HdAudAddService - ok
20:21:49.0765 1596 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:21:49.0906 1596 HDAudBus - ok
20:21:50.0062 1596 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:21:50.0125 1596 helpsvc - ok
20:21:50.0250 1596 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
20:21:50.0265 1596 HidServ - ok
20:21:50.0328 1596 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:21:50.0375 1596 HidUsb - ok
20:21:50.0484 1596 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:21:50.0562 1596 hkmsvc - ok
20:21:50.0578 1596 hpn - ok
20:21:50.0984 1596 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:21:51.0234 1596 HTTP - ok
20:21:51.0406 1596 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:21:51.0453 1596 HTTPFilter - ok
20:21:51.0593 1596 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:21:51.0718 1596 hwdatacard - ok
20:21:51.0765 1596 i2omgmt - ok
20:21:51.0859 1596 i2omp - ok
20:21:51.0921 1596 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:21:51.0937 1596 i8042prt - ok
20:21:52.0312 1596 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:21:52.0390 1596 IDriverT - ok
20:21:52.0921 1596 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:21:53.0359 1596 idsvc - ok
20:21:53.0453 1596 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:21:53.0484 1596 Imapi - ok
20:21:53.0765 1596 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
20:21:53.0843 1596 ImapiService - ok
20:21:53.0890 1596 ini910u - ok
20:21:53.0968 1596 IntelIde - ok
20:21:54.0062 1596 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:21:54.0078 1596 intelppm - ok
20:21:54.0140 1596 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:21:54.0156 1596 Ip6Fw - ok
20:21:54.0265 1596 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:21:54.0265 1596 IpFilterDriver - ok
20:21:54.0312 1596 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:21:54.0312 1596 IpInIp - ok
20:21:54.0531 1596 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:21:54.0718 1596 IpNat - ok
20:21:54.0875 1596 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:21:54.0984 1596 IPSec - ok
20:21:55.0046 1596 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:21:55.0078 1596 IRENUM - ok
20:21:55.0234 1596 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:21:55.0312 1596 isapnp - ok
20:21:56.0156 1596 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
20:21:56.0296 1596 JavaQuickStarterService - ok
20:21:56.0375 1596 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:21:56.0437 1596 Kbdclass - ok
20:21:56.0515 1596 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:21:56.0546 1596 kbdhid - ok
20:21:56.0781 1596 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:21:56.0781 1596 kmixer - ok
20:21:56.0921 1596 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:21:56.0984 1596 KSecDD - ok
20:21:57.0125 1596 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:21:57.0218 1596 lanmanserver - ok
20:21:57.0328 1596 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:21:57.0406 1596 lanmanworkstation - ok
20:21:57.0421 1596 lbrtfdc - ok
20:21:57.0531 1596 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:21:57.0546 1596 lirsgt - ok
20:21:57.0640 1596 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:21:57.0656 1596 LmHosts - ok
20:21:57.0750 1596 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:21:57.0781 1596 MBAMProtector - ok
20:21:58.0156 1596 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:21:58.0421 1596 MBAMScheduler - ok
20:21:58.0828 1596 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:21:59.0359 1596 MBAMService - ok
20:21:59.0437 1596 [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:21:59.0500 1596 McrdSvc - ok
20:21:59.0625 1596 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:21:59.0656 1596 Messenger - ok
20:21:59.0750 1596 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll
20:21:59.0843 1596 MHN - ok
20:21:59.0906 1596 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:21:59.0953 1596 MHNDRV - ok
20:22:00.0062 1596 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:22:00.0078 1596 mnmdd - ok
20:22:00.0234 1596 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:22:00.0281 1596 mnmsrvc - ok
20:22:00.0453 1596 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:22:00.0468 1596 Modem - ok
20:22:00.0546 1596 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:22:00.0578 1596 Mouclass - ok
20:22:00.0796 1596 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:22:00.0812 1596 mouhid - ok
20:22:00.0875 1596 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:22:00.0921 1596 MountMgr - ok
20:22:01.0062 1596 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:22:01.0125 1596 MozillaMaintenance - ok
20:22:01.0171 1596 mraid35x - ok
20:22:01.0281 1596 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:22:01.0343 1596 MRxDAV - ok
20:22:01.0640 1596 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:22:01.0796 1596 MRxSmb - ok
20:22:01.0859 1596 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:22:01.0859 1596 MSDTC - ok
20:22:01.0906 1596 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:22:01.0921 1596 Msfs - ok
20:22:01.0937 1596 MSIServer - ok
20:22:02.0000 1596 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:22:02.0015 1596 MSKSSRV - ok
20:22:02.0078 1596 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:22:02.0078 1596 MSPCLOCK - ok
20:22:02.0125 1596 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:22:02.0156 1596 MSPQM - ok
20:22:02.0312 1596 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:22:02.0328 1596 mssmbios - ok
20:22:02.0453 1596 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:22:02.0562 1596 Mup - ok
20:22:02.0703 1596 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:22:02.0812 1596 napagent - ok
20:22:03.0265 1596 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:22:03.0421 1596 NDIS - ok
20:22:03.0484 1596 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:22:03.0531 1596 NdisTapi - ok
20:22:03.0609 1596 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:22:03.0781 1596 Ndisuio - ok
20:22:03.0875 1596 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:22:03.0921 1596 NdisWan - ok
20:22:03.0953 1596 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:22:04.0015 1596 NDProxy - ok
20:22:04.0140 1596 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:22:04.0281 1596 NetBIOS - ok
20:22:04.0390 1596 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:22:04.0531 1596 NetBT - ok
20:22:04.0765 1596 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:22:04.0843 1596 NetDDE - ok
20:22:04.0921 1596 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:22:04.0921 1596 NetDDEdsdm - ok
20:22:04.0984 1596 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:22:04.0984 1596 Netlogon - ok
20:22:05.0078 1596 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:22:05.0156 1596 Netman - ok
20:22:05.0406 1596 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:22:05.0453 1596 NetTcpPortSharing - ok
20:22:05.0531 1596 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:22:05.0593 1596 NIC1394 - ok
20:22:05.0718 1596 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:22:05.0921 1596 Nla - ok
20:22:06.0031 1596 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:22:06.0046 1596 Npfs - ok
20:22:06.0062 1596 npggsvc - ok
20:22:06.0125 1596 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\WINDOWS\system32\npptNT2.sys
20:22:06.0140 1596 NPPTNT2 - ok
20:22:06.0453 1596 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:22:06.0750 1596 Ntfs - ok
20:22:06.0796 1596 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:22:06.0796 1596 NtLmSsp - ok
20:22:07.0546 1596 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:22:07.0812 1596 NtmsSvc - ok
20:22:07.0906 1596 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:22:07.0968 1596 Null - ok
20:22:31.0484 1596 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:22:40.0437 1596 nv - ok
20:22:40.0656 1596 [ 96F1A6F0A0D4F11047DF2F5C17C87E9D ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:22:40.0765 1596 NVSvc - ok
20:22:40.0875 1596 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:22:40.0906 1596 NwlnkFlt - ok
20:22:40.0984 1596 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:22:41.0000 1596 NwlnkFwd - ok
20:22:41.0093 1596 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:22:41.0125 1596 ohci1394 - ok
20:22:41.0218 1596 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:22:41.0281 1596 Parport - ok
20:22:41.0328 1596 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:22:41.0343 1596 PartMgr - ok
20:22:41.0437 1596 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:22:41.0453 1596 ParVdm - ok
20:22:41.0578 1596 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:22:41.0718 1596 PCI - ok
20:22:41.0734 1596 PCIDump - ok
20:22:41.0828 1596 [ BF300B9683C6F13F7ED1E5C7C9BF8BE6 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:22:41.0828 1596 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: BF300B9683C6F13F7ED1E5C7C9BF8BE6, Fake md5: 59BA86D9A61CBCF4DF8E598C331F5B82
20:22:41.0828 1596 PCIIde ( Rootkit.Win32.TDSS.tdl3 ) - infected
20:22:41.0828 1596 PCIIde - detected Rootkit.Win32.TDSS.tdl3 (0)
20:22:41.0968 1596 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:22:42.0046 1596 Pcmcia - ok
20:22:42.0078 1596 PDCOMP - ok
20:22:42.0703 1596 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Programme\PDF Architect\HelperService.exe
20:22:43.0515 1596 PDF Architect Helper Service - ok
20:22:44.0062 1596 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Programme\PDF Architect\ConversionService.exe
20:22:44.0718 1596 PDF Architect Service - ok
20:22:44.0812 1596 PDFRAME - ok
20:22:44.0828 1596 PDRELI - ok
20:22:44.0875 1596 PDRFRAME - ok
20:22:44.0921 1596 perc2 - ok
20:22:45.0078 1596 perc2hib - ok
20:22:45.0406 1596 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:22:45.0406 1596 PlugPlay - ok
20:22:45.0578 1596 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
20:22:45.0671 1596 PnkBstrA - ok
20:22:45.0968 1596 [ C39FD4DBF5CF5AF9E4BDAB58A1C323C9 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
20:22:46.0109 1596 PnkBstrB - ok
20:22:46.0328 1596 [ FB0C07EACB692DEAB8468FF048EC9E47 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
20:22:46.0437 1596 PnkBstrK - ok
20:22:46.0546 1596 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:22:46.0546 1596 PolicyAgent - ok
20:22:46.0718 1596 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:22:46.0796 1596 PptpMiniport - ok
20:22:46.0859 1596 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:22:46.0875 1596 ProtectedStorage - ok
20:22:47.0000 1596 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:22:47.0015 1596 Ptilink - ok
20:22:47.0125 1596 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:22:47.0156 1596 PxHelp20 - ok
20:22:47.0171 1596 ql1080 - ok
20:22:47.0203 1596 Ql10wnt - ok
20:22:47.0265 1596 ql12160 - ok
20:22:47.0281 1596 ql1240 - ok
20:22:47.0343 1596 ql1280 - ok
20:22:47.0453 1596 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:22:47.0468 1596 RasAcd - ok
20:22:47.0562 1596 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:22:47.0625 1596 RasAuto - ok
20:22:47.0718 1596 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:22:47.0750 1596 Rasl2tp - ok
20:22:47.0890 1596 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:22:47.0984 1596 RasMan - ok
20:22:48.0078 1596 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:22:48.0109 1596 RasPppoe - ok
20:22:48.0234 1596 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:22:48.0250 1596 Raspti - ok
20:22:48.0375 1596 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:22:48.0468 1596 Rdbss - ok
20:22:48.0609 1596 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:22:48.0625 1596 RDPCDD - ok
20:22:48.0812 1596 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:22:48.0953 1596 rdpdr - ok
20:22:49.0093 1596 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:22:49.0156 1596 RDPWD - ok
20:22:49.0343 1596 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:22:49.0437 1596 RDSessMgr - ok
20:22:49.0562 1596 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:22:49.0593 1596 redbook - ok
20:22:49.0718 1596 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:22:49.0734 1596 RemoteAccess - ok
20:22:49.0828 1596 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:22:49.0859 1596 RemoteRegistry - ok
20:22:49.0953 1596 Roxio UPnP Renderer 9 - ok
20:22:50.0078 1596 RoxLiveShare9 - ok
20:22:50.0140 1596 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:22:50.0187 1596 RpcLocator - ok
20:22:50.0453 1596 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:22:50.0453 1596 RpcSs - ok
20:22:50.0562 1596 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:22:50.0625 1596 RSVP - ok
20:22:50.0687 1596 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:22:50.0687 1596 SamSs - ok
20:22:50.0796 1596 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:22:50.0875 1596 SCardSvr - ok
20:22:51.0109 1596 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:22:51.0234 1596 Schedule - ok
20:22:51.0359 1596 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:22:51.0390 1596 Secdrv - ok
20:22:51.0546 1596 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:22:51.0578 1596 seclogon - ok
20:22:51.0687 1596 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:22:51.0718 1596 SENS - ok
20:22:51.0781 1596 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:22:51.0781 1596 serenum - ok
20:22:51.0828 1596 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:22:51.0843 1596 Serial - ok
20:22:52.0000 1596 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:22:52.0015 1596 Sfloppy - ok
20:22:52.0265 1596 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:22:52.0468 1596 SharedAccess - ok
20:22:52.0562 1596 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:22:52.0562 1596 ShellHWDetection - ok
20:22:52.0609 1596 Simbad - ok
20:22:52.0656 1596 Sparrow - ok
20:22:52.0765 1596 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:22:52.0796 1596 splitter - ok
20:22:52.0859 1596 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:22:52.0890 1596 Spooler - ok
20:22:53.0234 1596 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
20:22:53.0562 1596 sptd - ok
20:22:53.0640 1596 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:22:53.0687 1596 sr - ok
20:22:53.0859 1596 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
20:22:53.0984 1596 srservice - ok
20:22:54.0250 1596 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:22:54.0484 1596 Srv - ok
20:22:54.0562 1596 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:22:54.0640 1596 SSDPSRV - ok
20:22:54.0703 1596 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:22:54.0734 1596 ssmdrv - ok
20:22:54.0765 1596 StarOpen - ok
20:22:54.0875 1596 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:22:54.0890 1596 StillCam - ok
20:22:55.0203 1596 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:22:55.0515 1596 stisvc - ok
20:22:55.0593 1596 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:22:55.0609 1596 swenum - ok
20:22:55.0687 1596 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:22:55.0750 1596 swmidi - ok
20:22:55.0812 1596 SwPrv - ok
20:22:55.0875 1596 symc810 - ok
20:22:55.0921 1596 symc8xx - ok
20:22:55.0953 1596 sym_hi - ok
20:22:56.0000 1596 sym_u3 - ok
20:22:56.0062 1596 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:22:56.0093 1596 sysaudio - ok
20:22:56.0203 1596 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:22:56.0296 1596 SysmonLog - ok
20:22:56.0515 1596 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:22:56.0687 1596 TapiSrv - ok
20:22:56.0953 1596 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:22:57.0250 1596 Tcpip - ok
20:22:57.0406 1596 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:22:57.0437 1596 TDPIPE - ok
20:22:57.0531 1596 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:22:57.0546 1596 TDTCP - ok
20:22:57.0625 1596 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:22:57.0656 1596 TermDD - ok
20:22:57.0875 1596 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:22:58.0093 1596 TermService - ok
20:22:58.0218 1596 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:22:58.0234 1596 Themes - ok
20:22:58.0375 1596 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:22:58.0468 1596 TlntSvr - ok
20:22:58.0500 1596 TosIde - ok
20:22:58.0671 1596 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:22:58.0750 1596 TrkWks - ok
20:22:58.0921 1596 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
20:22:58.0953 1596 TVICHW32 - ok
20:22:59.0046 1596 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:22:59.0078 1596 uagp35 - ok
20:22:59.0203 1596 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:22:59.0265 1596 Udfs - ok
20:22:59.0296 1596 ultra - ok
20:22:59.0406 1596 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:22:59.0468 1596 UMWdf - ok
20:22:59.0875 1596 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:23:00.0156 1596 Update - ok
20:23:00.0328 1596 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:23:00.0453 1596 upnphost - ok
20:23:00.0562 1596 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:23:00.0578 1596 UPS - ok
20:23:00.0687 1596 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:00.0734 1596 usbccgp - ok
20:23:00.0859 1596 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:00.0890 1596 usbehci - ok
20:23:01.0078 1596 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:01.0140 1596 usbhub - ok
20:23:01.0250 1596 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:01.0265 1596 usbscan - ok
20:23:01.0390 1596 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:01.0421 1596 USBSTOR - ok
20:23:01.0562 1596 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:01.0578 1596 usbuhci - ok
20:23:01.0703 1596 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:23:01.0859 1596 VgaSave - ok
20:23:01.0921 1596 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:23:01.0953 1596 ViaIde - ok
20:23:02.0031 1596 [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
20:23:02.0062 1596 videX32 - ok
20:23:02.0125 1596 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:02.0140 1596 VolSnap - ok
20:23:02.0375 1596 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:23:02.0609 1596 VSS - ok
20:23:02.0796 1596 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
20:23:02.0937 1596 W32Time - ok
20:23:03.0062 1596 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:03.0093 1596 Wanarp - ok
20:23:03.0140 1596 wanatw - ok
20:23:03.0171 1596 WDICA - ok
20:23:03.0281 1596 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:03.0375 1596 wdmaud - ok
20:23:03.0500 1596 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:23:03.0609 1596 WebClient - ok
20:23:03.0921 1596 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:23:04.0031 1596 winmgmt - ok
20:23:04.0734 1596 [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS C:\Programme\Windows Media Connect 2\wmccds.exe
20:23:05.0375 1596 WMConnectCDS - ok
20:23:05.0515 1596 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:23:05.0531 1596 WmdmPmSN - ok
20:23:06.0109 1596 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:23:06.0593 1596 Wmi - ok
20:23:06.0875 1596 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:23:06.0984 1596 WmiApSrv - ok
20:23:07.0171 1596 [ BBAEACA1FFA3C86361CF0998474F6C3A ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:23:07.0203 1596 WpdUsb - ok
20:23:07.0312 1596 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:23:07.0343 1596 wscsvc - ok
20:23:07.0390 1596 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:23:07.0421 1596 wuauserv - ok
20:23:07.0906 1596 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:23:08.0265 1596 WZCSVC - ok
20:23:08.0343 1596 [ BEC604CDC548A528EBD3D7AA1DD46A89 ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys
20:23:08.0375 1596 xfilt - ok
20:23:08.0500 1596 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:23:08.0609 1596 xmlprov - ok
20:23:08.0609 1596 ================ Scan global ===============================
20:23:08.0687 1596 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:23:09.0031 1596 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:23:09.0484 1596 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:23:09.0562 1596 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:23:09.0562 1596 [Global] - ok
20:23:09.0578 1596 ================ Scan MBR ==================================
20:23:09.0625 1596 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
20:23:14.0187 1596 \Device\Harddisk0\DR0 - ok
20:23:14.0250 1596 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
20:23:14.0343 1596 \Device\Harddisk1\DR1 - ok
20:23:14.0359 1596 ================ Scan VBR ==================================
20:23:14.0453 1596 [ F27DE02AA180C24007B8ACE6E50AA3D6 ] \Device\Harddisk0\DR0\Partition1
20:23:14.0484 1596 \Device\Harddisk0\DR0\Partition1 - ok
20:23:14.0562 1596 [ 5AD5E73A57AE711187396F2A25EE9552 ] \Device\Harddisk0\DR0\Partition2
20:23:14.0593 1596 \Device\Harddisk0\DR0\Partition2 - ok
20:23:14.0609 1596 [ 20F249BF966EFBC2595D34ABF46003A9 ] \Device\Harddisk1\DR1\Partition1
20:23:14.0671 1596 \Device\Harddisk1\DR1\Partition1 - ok
20:23:14.0671 1596 ============================================================
20:23:14.0671 1596 Scan finished
20:23:14.0671 1596 ============================================================
20:23:14.0765 2548 Detected object count: 1
20:23:14.0765 2548 Actual detected object count: 1
20:23:30.0343 2548 C:\WINDOWS\system32\DRIVERS\pciide.sys - copied to quarantine
20:23:30.0593 2548 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:23:30.0656 2548 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
20:23:30.0671 2548 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
20:23:30.0671 2548 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:23:31.0078 2548 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
20:23:31.0421 2548 \Device\Harddisk0\DR0\TDLFS\nbpn.tmp - copied to quarantine
20:23:31.0421 2548 \Device\Harddisk0\DR0\TDLFS\ypuc.tmp - copied to quarantine
20:24:04.0859 2548 Backup copy found, using it..
20:24:05.0437 2548 C:\WINDOWS\system32\DRIVERS\pciide.sys - will be cured on reboot
20:24:05.0437 2548 PCIIde ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
20:24:21.0906 0632 Deinitialize success
Code:
ATTFilter 20:33:16.0671 3344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:33:16.0843 3344 ============================================================
20:33:16.0843 3344 Current date / time: 2013/04/18 20:33:16.0843
20:33:16.0843 3344 SystemInfo:
20:33:16.0843 3344
20:33:16.0843 3344 OS Version: 5.1.2600 ServicePack: 3.0
20:33:16.0843 3344 Product type: Workstation
20:33:16.0843 3344 ComputerName: OEM-37FF81E6E19
20:33:16.0859 3344 UserName: Ludi
20:33:16.0859 3344 Windows directory: C:\WINDOWS
20:33:16.0859 3344 System windows directory: C:\WINDOWS
20:33:16.0859 3344 Processor architecture: Intel x86
20:33:16.0859 3344 Number of processors: 2
20:33:16.0859 3344 Page size: 0x1000
20:33:16.0859 3344 Boot type: Normal boot
20:33:16.0859 3344 ============================================================
20:33:24.0593 3344 BG loaded
20:33:44.0250 3344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:33:44.0296 3344 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:33:44.0375 3344 ============================================================
20:33:44.0390 3344 \Device\Harddisk0\DR0:
20:33:44.0500 3344 MBR partitions:
20:33:44.0500 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22D9D6ED
20:33:44.0843 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x22D9D76B, BlocksNum 0x268FF56
20:33:44.0843 3344 \Device\Harddisk1\DR1:
20:33:44.0859 3344 MBR partitions:
20:33:44.0859 3344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x254297C1
20:33:44.0859 3344 ============================================================
20:33:45.0328 3344 C: <-> \Device\Harddisk0\DR0\Partition1
20:33:45.0875 3344 D: <-> \Device\Harddisk0\DR0\Partition2
20:33:45.0890 3344 E: <-> \Device\Harddisk1\DR1\Partition1
20:33:45.0890 3344 ============================================================
20:33:45.0890 3344 Initialize success
20:33:45.0890 3344 ============================================================
20:33:50.0437 3308 Deinitialize success
|
|
18.04.2013, 19:44
| #12 | |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Prima, machen wir weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3
Code:
ATTFilter reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
19.04.2013, 11:21
| #13 |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Ok, hab alle Anweisungen befolgt. Code:
ATTFilter # AdwCleaner v2.200 - Datei am 19/04/2013 um 11:02:32 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Ludi - OEM-37FF81E6E19
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Ludi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Mozilla\Firefox\Profiles\whzi9d1l.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\pdfforge
Ordner Gelöscht : C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\WiseConvert_1.3
Ordner Gelöscht : C:\Dokumente und Einstellungen\Tine\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\ICQ6Toolbar
Ordner Gelöscht : C:\Programme\WiseConvert_1.3
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\WiseConvert_1.3
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4194A60D-8B81-431D-AD2C-8DAF508467E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BEE2870-A7CE-484C-8954-78DFD5D783B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\mdewoh16.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Mozilla\Firefox\Profiles\whzi9d1l.default\prefs.js
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.4");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.uniqueID", "123530350312353035031235303507121");
Gelöscht : user_pref("icqtoolbar.version", "1.1.4");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
*************************
AdwCleaner[S1].txt - [5999 octets] - [19/04/2013 11:02:32]
########## EOF - C:\AdwCleaner[S1].txt - [6059 octets] ##########
Code:
ATTFilter ComboFix 13-04-18.03 - Ludi 19.04.2013 11:26:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.585 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ludi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Ludi\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\AUTORUN.INF
.
Infizierte Kopie von c:\windows\system32\mplay32.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\mplay32.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-19 bis 2013-04-19 ))))))))))))))))))))))))))))))
.
.
2013-04-18 18:23 . 2013-04-18 18:23 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-16 18:55 . 2013-04-16 18:56 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-04-16 18:55 . 2013-04-16 18:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-04-16 18:55 . 2013-04-16 18:55 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-10 18:51 . 2013-04-10 18:51 -------- d-----w- c:\programme\digital publishing
2013-04-06 11:07 . 2013-04-18 12:01 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2013-04-06 11:07 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-06 11:02 . 2013-04-06 11:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-06 09:54 . 2013-04-06 09:54 -------- d-----w- c:\dokumente und einstellungen\Ludi\Anwendungsdaten\InstallShield
2013-03-21 19:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 19:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 18:27 . 2006-03-24 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2013-04-06 11:01 . 2012-10-24 08:34 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-06 11:01 . 2012-10-24 08:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-06 11:01 . 2012-10-24 08:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-28 08:56 . 2012-10-24 10:12 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 08:56 . 2012-10-24 10:12 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 08:56 . 2012-10-24 10:12 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-14 15:02 . 2012-10-24 08:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 15:02 . 2012-10-24 08:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-24 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 00:50 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2006-03-24 12:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2006-03-24 12:00 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:53 . 2006-03-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 01:53 . 2006-03-24 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:53 . 2006-03-24 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:08 . 2006-03-24 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-09-19 10:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-12-04 15:22 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-24 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 03:03 . 2013-02-08 03:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-08 03:03 . 2006-09-19 13:51 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-02-08 03:03 . 2006-09-19 13:51 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
2013-02-08 03:02 . 2009-09-27 15:12 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-08 03:02 . 2009-09-27 15:12 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-08 03:02 . 2013-02-08 03:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-08 03:02 . 2009-12-26 15:22 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-08 03:02 . 2006-09-19 13:51 2389504 ----a-w- c:\windows\system32\nvapi.dll
2013-02-08 03:02 . 2006-09-19 13:51 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-02-08 03:02 . 2013-02-08 03:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-08 03:02 . 2009-09-27 15:12 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-26 03:55 . 2006-03-24 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 12:04 . 2013-04-12 12:04 263064 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ludi^Startmenü^Programme^Autostart^OpenOffice.org 3.4.1.lnk]
path=c:\dokumente und einstellungen\Ludi\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7776:TCP"= 7776:TCP:Borderlands
"7777:TCP"= 7777:TCP:Borderlands
"7778:TCP"= 7778:TCP:Borderlands
"29899:TCP"= 29899:TCP:Borderlands
"29900:TCP"= 29900:TCP:Borderlands
"29901:TCP"= 29901:TCP:Borderlands
"6514:TCP"= 6514:TCP:Borderlands
"6515:TCP"= 6515:TCP:Borderlands
"6516:TCP"= 6516:TCP:Borderlands
"6499:TCP"= 6499:TCP:Borderlands
"6500:TCP"= 6500:TCP:Borderlands
"6501:TCP"= 6501:TCP:Borderlands
"28909:TCP"= 28909:TCP:Borderlands
"28901:TCP"= 28901:TCP:Borderlands
"28902:TCP"= 28902:TCP:Borderlands
"28903:TCP"= 28903:TCP:Borderlands
"7776:UDP"= 7776:UDP:Borderlands
"7777:UDP"= 7777:UDP:Borderlands
"7778:UDP"= 7778:UDP:Borderlands
"29899:UDP"= 29899:UDP:Borderlands
"29900:UDP"= 29900:UDP:Borderlands
"29901:UDP"= 29901:UDP:Borderlands
"13138:UDP"= 13138:UDP:Borderlands
"13139:UDP"= 13139:UDP:Borderlands
"13140:UDP"= 13140:UDP:Borderlands
"27899:UDP"= 27899:UDP:Borderlands
"27900:UDP"= 27900:UDP:Borderlands
"28910:TCP"= 28910:TCP:Borderlands
"28902:UDP"= 28902:UDP:Borderlands
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24.10.2012 12:12 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [24.10.2012 12:12 86752]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [06.04.2013 13:07 418376]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.04.2013 13:07 701512]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\programme\PDF Architect\HelperService.exe [09.01.2013 18:34 1324104]
R2 PDF Architect Service;PDF Architect Service;c:\programme\PDF Architect\ConversionService.exe [09.01.2013 18:36 795208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.04.2013 13:07 22856]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.10.2009 18:44 691696]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 15:02]
.
2013-04-13 c:\windows\Tasks\At1.job
- c:\programme\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16 20:12]
.
2013-04-18 c:\windows\Tasks\At2.job
- c:\programme\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16 20:12]
.
2013-04-14 c:\windows\Tasks\At3.job
- c:\programme\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16 20:12]
.
2013-04-18 c:\windows\Tasks\At4.job
- c:\programme\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16 20:12]
.
2013-04-10 c:\windows\Tasks\hpwebreg_CN1C3450PC05JZ.job
- c:\programme\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe [2010-11-16 20:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Öffnen mit WordPerfect - c:\programme\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\mdewoh16.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-winuhy32 - (no file)
SafeBoot-93367731.sys
MSConfigStartUp-iTunesHelper - c:\programme\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\qttask.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-19 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1361278859-838385415-1197325983-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,9e,db,f4,12,ce,7c,5f,10,be,cc,86,07,b7,c4,a5,6c,b5,3b,ba,90,3e,52,
db,98,a4,ee,7d,3b,6a,c8,6d,ea,65,f8,5c,92,3f,36,15,5f,22,7b,5b,d9,e7,ac,c9,\
"??"=hex:00,17,40,a8,38,e2,c7,9f,f0,22,0d,f5,b5,bf,b0,e2
.
[HKEY_USERS\S-1-5-21-1361278859-838385415-1197325983-1005\Software\SecuROM\License information*]
"datasecu"=hex:e0,17,16,2a,24,78,3a,45,33,18,71,0e,58,04,f1,46,ac,04,c4,63,40,
67,a0,4a,6b,e1,43,3b,47,17,0d,6b,6d,85,97,49,2f,62,dc,30,a4,ca,ba,76,0f,34,\
"rkeysecu"=hex:bd,a6,cb,ac,4c,11,89,ba,88,6b,8c,ba,ab,da,f8,93
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
c:\programme\Avira\AntiVir Desktop\avwsc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-19 11:57:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-19 09:57
.
Vor Suchlauf: 9 Verzeichnis(se), 230.609.256.448 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 230.930.341.888 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut /usepmtimer
.
- - End Of File - - 0764FC0A2D8A00D055C7122F0E01FF86
Code:
ATTFilter OTL logfile created on: 19.04.2013 12:00:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Ludi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 410,82 Mb Available Physical Memory | 40,18% Memory free 2,40 Gb Paging File | 1,84 Gb Available in Paging File | 76,40% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 278,81 Gb Total Space | 215,10 Gb Free Space | 77,15% Space Free | Partition Type: NTFS Drive D: | 19,27 Gb Total Space | 13,72 Gb Free Space | 71,19% Space Free | Partition Type: FAT32 Drive E: | 298,08 Gb Total Space | 297,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: OEM-37FF81E6E19 | User Name: Ludi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe PRC - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 10:56:14 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.28 10:56:11 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.09.11 04:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2013.04.12 14:04:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.14 17:02:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2009.06.28 18:46:00 | 003,100,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\Ludi\LOKALE~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.07 20:09:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009.10.31 14:06:12 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.31 14:06:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.08.03 14:59:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.06.12 18:17:47 | 000,138,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2008.03.07 13:46:38 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt) DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006.09.18 19:42:48 | 000,141,824 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService) DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_deDE518 IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.23 23:39:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 14:04:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.08 20:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions [2013.04.12 14:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 14:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 14:04:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.02.28 17:20:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.28 17:20:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.02.28 17:20:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.02.28 17:20:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.28 17:20:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.28 17:20:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.19 11:45:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158754282359 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158754271218 (MUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ADB9F89-88FC-45C3-A623-F6D28716FECA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD313F6-2E3D-4D74-BB6C-1731AD27289B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.19 12:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.19 11:22:14 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.04.19 11:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.04.19 11:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.04.19 11:19:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.04.19 11:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.04.19 11:19:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.19 11:19:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Eigene Videos [2013.04.19 11:19:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.04.19 11:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.04.19 11:15:28 | 005,056,640 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Ludi\Desktop\ComboFix.exe [2013.04.18 20:23:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.04.18 17:37:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Ludi\Desktop\tdsskiller.exe [2013.04.18 17:31:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Ludi\Desktop\aswMBR.exe [2013.04.18 14:04:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe [2013.04.12 14:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.10 22:37:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2013.04.10 20:55:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Startmenü\Programme\digital publishing [2013.04.10 20:54:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2013.04.10 20:51:02 | 000,000,000 | ---D | C] -- C:\Programme\digital publishing [2013.04.06 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.06 13:07:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.06 13:07:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.06 11:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InstallShield [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.19 12:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.19 11:48:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.19 11:45:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.19 11:44:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.19 11:44:49 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys [2013.04.19 11:22:28 | 000,000,338 | RHS- | M] () -- C:\boot.ini [2013.04.19 11:15:37 | 005,056,640 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Ludi\Desktop\ComboFix.exe [2013.04.19 10:59:15 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\adwcleaner.exe [2013.04.18 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2013.04.18 17:37:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Ludi\Desktop\tdsskiller.exe [2013.04.18 17:37:15 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\MBR.dat [2013.04.18 17:32:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Ludi\Desktop\aswMBR.exe [2013.04.18 14:19:59 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\gmer_2.1.19163.exe [2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe [2013.04.18 14:01:20 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 14:00:10 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2013.04.18 13:57:31 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable [2013.04.18 13:52:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe [2013.04.16 20:56:03 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013.04.16 20:56:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.04.16 20:55:51 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013.04.16 20:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2013.04.16 14:04:46 | 000,253,912 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2013.04.14 18:12:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2013.04.13 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2013.04.12 19:21:17 | 000,194,891 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt [2013.04.12 18:49:01 | 000,156,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf [2013.04.12 07:23:13 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.11 19:58:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.10 22:29:53 | 000,004,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip [2013.04.10 22:13:10 | 000,001,364 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN1C3450PC05JZ.job [2013.04.10 20:55:52 | 000,001,754 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.31 09:43:19 | 000,453,922 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.31 09:43:19 | 000,436,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.31 09:43:19 | 000,083,096 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.31 09:43:19 | 000,069,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.29 12:29:58 | 000,034,363 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt [2013.03.29 12:14:17 | 000,032,269 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt [2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.03.24 15:47:14 | 000,160,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf [2013.03.24 15:46:57 | 000,218,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.19 11:22:28 | 000,000,222 | ---- | C] () -- C:\Boot.bak [2013.04.19 11:22:21 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.04.19 11:19:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.04.19 11:19:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.04.19 11:19:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.04.19 11:19:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.04.19 11:19:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.04.19 10:59:13 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\adwcleaner.exe [2013.04.18 17:37:15 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\MBR.dat [2013.04.18 14:19:58 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\gmer_2.1.19163.exe [2013.04.18 13:57:08 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable [2013.04.18 13:52:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe [2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013.04.16 20:55:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.04.16 20:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2013.04.12 19:21:17 | 000,194,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt [2013.04.12 18:49:00 | 000,156,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf [2013.04.10 22:29:53 | 000,004,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip [2013.04.10 20:55:52 | 000,001,754 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk [2013.04.06 13:07:55 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.29 12:14:38 | 000,034,363 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt [2013.03.29 11:54:38 | 000,032,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt [2013.03.24 15:40:10 | 000,160,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf [2013.03.24 15:36:40 | 000,218,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt [2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.11.03 20:29:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.04.11 08:59:30 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.17 16:50:27 | 000,001,056 | RHS- | C] () -- C:\Dokumente und Einstellungen\Ludi\ntuser.pol [2008.12.03 22:26:07 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.22 16:52:42 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2006.09.22 16:52:42 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2006.09.22 16:52:42 | 000,000,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak ========== ZeroAccess Check ========== [2006.09.19 12:32:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.24 15:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland [2010.05.08 19:37:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009.10.06 18:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.10.23 19:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2010.05.02 12:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs [2009.02.22 19:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2012.10.24 11:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2013.04.19 11:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.03.09 19:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU [2010.04.05 12:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground [2009.01.27 22:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.28 21:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2012.10.23 19:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.05.15 12:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2010.05.08 19:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Canneverbe Limited [2012.10.24 12:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\DAEMON Tools Lite [2009.02.22 20:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Datalayer [2010.02.13 15:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Firaxis Games [2012.10.24 10:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\FUJIFILM [2012.10.23 17:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ICQ [2010.05.06 16:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InfraRecorder [2009.10.06 20:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Leadertech [2012.10.23 19:14:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\MSNInstaller [2012.10.23 19:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\My Games [2009.02.22 20:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Nokia [2012.10.24 15:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org [2009.02.04 21:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PC Suite [2013.01.23 23:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PDF Architect [2008.12.08 17:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ScummVM [2009.12.01 15:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\temp [2009.12.28 22:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Ubisoft [2009.05.15 12:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Vodafone [2009.01.27 22:33:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Datalayer [2012.10.24 10:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\FUJIFILM [2010.05.09 13:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\ICQ [2010.05.09 12:48:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\ImgBurn [2009.01.27 22:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Nokia [2009.01.27 22:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Nokia Multimedia Player [2009.01.27 22:43:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\PC Suite ========== Purity Check ========== ========== Custom Scans ========== < reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0 DMAEnabled REG_DWORD 0x0 Driver REG_SZ atapi HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0\Scsi Bus 0 < reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318} Class REG_SZ hdc <NO NAME> REG_SZ IDE ATA/ATAPI-Controller Icon REG_SZ -9 Installer32 REG_SZ SysSetup.Dll,HdcClassInstaller TroubleShooter-0 REG_SZ hcp://help/tshoot/tsdrive.htm UpperFilters REG_MULTI_SZ xfilt\0\0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000 TransferModeTiming REG_MULTI_SZ 18\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\015\0\0 InfPath REG_SZ oem34.inf InfSection REG_SZ vide_PATA_Inst_x32 ProviderName REG_SZ VIA Technologies, Inc. DriverDateData REG_BINARY 00004B307FF1C601 DriverDate REG_SZ 10-17-2006 DriverVersion REG_SZ 6.0.5728.160 MatchingDeviceId REG_SZ pci\ven_1106&dev_0571 DriverDesc REG_SZ VIA Bus Master IDE Controller - 0571 InfSectionExt REG_SZ .NTx86 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001 InfPath REG_SZ oem34.inf InfSection REG_SZ vide_Inst_x32 ProviderName REG_SZ VIA Technologies, Inc. DriverDateData REG_BINARY 00004B307FF1C601 DriverDate REG_SZ 10-17-2006 DriverVersion REG_SZ 6.0.5728.160 MatchingDeviceId REG_SZ pci\ven_1106&dev_0591&cc_0101 DriverDesc REG_SZ VIA Serial ATA Controller - 0591 InfSectionExt REG_SZ .NTx86 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002 EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider InfPath REG_SZ mshdc.inf InfSection REG_SZ atapi_Inst_primary ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 008062C5C001C101 DriverDate REG_SZ 7-1-2001 DriverVersion REG_SZ 5.1.2600.2180 MatchingDeviceId REG_SZ primary_ide_channel DriverDesc REG_SZ Primärer IDE-Kanal MasterDeviceType REG_DWORD 0x1 SlaveDeviceType REG_DWORD 0x0 SlaveDeviceDetectionTimeout REG_DWORD 0x1 MasterDeviceTimingMode REG_DWORD 0x10 MasterDeviceTimingModeAllowed REG_DWORD 0x1f MasterIdDataCheckSum REG_DWORD 0x13787 SlaveDeviceTimingMode REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003 EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider InfPath REG_SZ mshdc.inf InfSection REG_SZ atapi_Inst_secondary ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 008062C5C001C101 DriverDate REG_SZ 7-1-2001 DriverVersion REG_SZ 5.1.2600.2180 MatchingDeviceId REG_SZ secondary_ide_channel DriverDesc REG_SZ Sekundärer IDE-Kanal MasterDeviceType REG_DWORD 0x1 SlaveDeviceType REG_DWORD 0x0 MasterDeviceTimingMode REG_DWORD 0x20010 SlaveDeviceTimingMode REG_DWORD 0x0 SlaveDeviceDetectionTimeout REG_DWORD 0x1 MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff MasterIdDataCheckSum REG_DWORD 0x13f93 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004 EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider InfPath REG_SZ mshdc.inf InfSection REG_SZ atapi_Inst_primary ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 008062C5C001C101 DriverDate REG_SZ 7-1-2001 DriverVersion REG_SZ 5.1.2600.2180 MatchingDeviceId REG_SZ primary_ide_channel DriverDesc REG_SZ Primärer IDE-Kanal MasterDeviceType REG_DWORD 0x2 SlaveDeviceType REG_DWORD 0x2 MasterDeviceTimingMode REG_DWORD 0x10 MasterDeviceTimingModeAllowed REG_DWORD 0x1f MasterIdDataCheckSum REG_DWORD 0x14006 SlaveDeviceTimingMode REG_DWORD 0x2010 SlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff SlaveIdDataCheckSum REG_DWORD 0x1d0a7 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005 EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider InfPath REG_SZ mshdc.inf InfSection REG_SZ atapi_Inst_secondary ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 008062C5C001C101 DriverDate REG_SZ 7-1-2001 DriverVersion REG_SZ 5.1.2600.2180 MatchingDeviceId REG_SZ secondary_ide_channel DriverDesc REG_SZ Sekundärer IDE-Kanal MasterDeviceType REG_DWORD 0x0 SlaveDeviceType REG_DWORD 0x0 MasterDeviceTimingMode REG_DWORD 0x0 SlaveDeviceTimingMode REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties < > [2006.09.19 12:33:41 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2006.09.19 12:39:37 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.10.24 10:29:32 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012.11.02 19:12:47 | 000,000,456 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job [2012.11.02 19:12:48 | 000,000,456 | ---- | C] () -- C:\WINDOWS\Tasks\At2.job [2012.11.02 19:12:49 | 000,000,456 | ---- | C] () -- C:\WINDOWS\Tasks\At3.job [2012.11.02 19:12:50 | 000,000,456 | ---- | C] () -- C:\WINDOWS\Tasks\At4.job [2012.11.02 19:22:40 | 000,001,364 | ---- | C] () -- C:\WINDOWS\Tasks\hpwebreg_CN1C3450PC05JZ.job ========== Alternate Data Streams ========== @Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Manufacturer < End of report > |
|
19.04.2013, 11:55
| #14 |
| /// TB-Ausbilder | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hallo, gut gemacht. Dann weiter: Schritt 1
Code:
ATTFilter :OTL
O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites)
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002]
"MasterDeviceTimingMode"=dword:ffffffff
"MasterDeviceTimingModeAllowed"=dword:ffffffff
"MasterIdDataCheckSum"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004]
"MasterDeviceTimingMode"=dword:ffffffff
"MasterDeviceTimingModeAllowed"=dword:ffffffff
"MasterIdDataCheckSum"=-
"SlaveDeviceTimingMode"=dword:ffffffff
"SlaveDeviceTimingModeAllowed"=dword:ffffffff
"SlaveIdDataCheckSum"=-
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Schritt 3
Code:
ATTFilter reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
19.04.2013, 13:13
| #15 |
| | Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer Hallo aharonov, OTL läuft nun schon über eine Stunde, doch es hat sich noch nichts getan. Zudem meldet es "Keine Rückmeldung" mehr. Ist das normal ? Ich befinde mich bei Schritt 1. Geändert von Nürnberger (19.04.2013 um 13:13 Uhr) Grund: Edit |
|
| Themen zu Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer |
| administrator, anti-malware, antivirus, autostart, avira, dateien, explorer, firefox, folge, free, gelöscht, internet, internet explorer, internetseite, log-datei, malwarebytes, microsoft, mozilla, problem, programm, rechner, seite, service pack 3, software, öffnet |
Textbox.
Linear-Darstellung
