| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet selbstständig Game Seiten im TabWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2013, 20:25
| #1 |
 |  Firefox öffnet selbstständig Game Seiten im Tab Hallo zusammen, ich habe nun seit einigen Tagen das Problem das mein Firefox selbstständig während ich im Internet surfe seltsame Spiele seiten im Tab öffnet, bisher öffnen sich "nur" die Seite von goodgame empire oder ähnlichem und star wars the old republic...! Da ich nie eines der beiden Spiele gespielt oder installiert habe, habe ich keine Ahnung woran es liegt. Ich habe schon Antivir,Eset Online Scanner und Malwarebytes anit malware durchlaufen lassen, doch bisher wurde nichts gefunden. Ich hoffe mir kann hier jemand behilflich sein denn das nervt ganz schön. |
|
15.04.2013, 12:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet selbstständig Game Seiten im Tab Hallo,
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
15.04.2013, 15:35
| #3 |
| | Firefox öffnet selbstständig Game Seiten im Tab Danke für deine Antwort, anbei ist schonmal der OTL Log:
__________________Code:
ATTFilter OTL logfile created on: 15.04.2013 16:19:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,34% Memory free 4,84 Gb Paging File | 4,11 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 86,16 Gb Total Space | 35,99 Gb Free Space | 41,77% Space Free | Partition Type: NTFS Drive D: | 146,67 Gb Total Space | 16,75 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Computer Name: ****** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\NVIDIA Corporation\nview\nvShell.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PS3 Media Server) -- C:\Programme\PS3 Media Server\win32\service\wrapper.exe (Tanuki Software, Ltd.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MSICDSetup) -- F:\CDriver.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found DRV - (Changer) -- File not found DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-606747145-2139871995-839522115-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-606747145-2139871995-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-606747145-2139871995-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-606747145-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.16 14:00:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.13 15:12:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.16 14:00:56 | 000,000,000 | ---D | M] [2012.06.25 14:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2013.02.08 18:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\ix7lptr1.default\extensions [2013.04.13 22:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\yq25kl2u.default\extensions [2013.04.12 20:12:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\yq25kl2u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.25 14:43:31 | 000,634,964 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\ix7lptr1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.04 19:18:31 | 000,164,308 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\yq25kl2u.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2013.04.13 22:30:11 | 000,531,916 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\yq25kl2u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.15 04:17:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\yq25kl2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.13 15:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-606747145-2139871995-839522115-1004..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-2139871995-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340623789031 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340624476968 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61A1643C-6E5B-4126-8BDE-DC02303E36E9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.25 13:08:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.15 16:17:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2013.04.13 22:02:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent [2013.04.13 21:48:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.04.13 21:48:17 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.04.13 15:29:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.04.13 15:29:38 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.04.13 15:29:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.04.13 15:29:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.04.13 15:29:35 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.04.12 20:15:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Neuer Ordner [2013.04.12 20:13:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\dwhelper [2013.04.12 12:45:51 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.04 22:07:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype [2013.04.04 22:06:52 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2013.04.04 22:06:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2013.04.04 22:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2013.04.04 22:06:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2013.03.23 21:02:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Curse [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.15 16:17:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2013.04.15 16:13:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.15 06:47:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.15 05:40:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.13 22:18:28 | 000,000,441 | ---- | M] () -- C:\WINDOWS\wininit.ini [2013.04.13 15:29:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.04.13 15:29:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.04.13 15:29:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.04.13 15:29:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.04.13 15:29:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.04.13 15:29:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.04.13 15:29:22 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.04.13 15:10:17 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.04.13 15:10:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.04.12 18:17:12 | 001,095,988 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\babydeckemuetze(1).pdf [2013.04.10 14:18:14 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.31 04:44:17 | 000,452,662 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.31 04:44:17 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.31 04:44:17 | 000,081,744 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.31 04:44:17 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.30 11:42:46 | 001,082,725 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Ultraschall.rar [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.13 22:06:42 | 000,000,441 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013.04.12 18:17:41 | 001,095,988 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\babydeckemuetze(1).pdf [2013.03.30 11:42:46 | 001,082,725 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Ultraschall.rar [2013.01.09 12:26:07 | 000,174,760 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2012.07.16 13:58:48 | 000,197,027 | ---- | C] () -- C:\WINDOWS\hpwins27.dat [2012.07.16 13:58:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat [2012.07.16 13:39:45 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat.temp [2012.06.25 16:24:49 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012.06.25 14:15:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.25 14:14:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.25 14:10:48 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2012.06.25 13:59:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.06.25 13:55:51 | 000,196,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.25 13:23:30 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.06.25 13:23:30 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.06.25 13:23:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.06.25 13:23:22 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.06.25 13:14:20 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.25 13:09:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.06.25 13:06:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.06.25 15:46:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 21:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.04.2013 16:19:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,34% Memory free
4,84 Gb Paging File | 4,11 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 86,16 Gb Total Space | 35,99 Gb Free Space | 41,77% Space Free | Partition Type: NTFS
Drive D: | 146,67 Gb Total Space | 16,75 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
Computer Name: ****** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-606747145-2139871995-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.954\Agent.exe:*:Enabled:Blizzard Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Games\Diablo III\Diablo III.exe" = D:\Games\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
"D:\Games\World of Warcraft\Launcher.patch.exe" = D:\Games\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\Games\World of Warcraft\Launcher.exe" = D:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe" = D:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1544\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1544\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\PlayPark\RO2\SHIPPING\Rag2.exe" = C:\PlayPark\RO2\SHIPPING\Rag2.exe:*:Enabled:Ragnarok Online2 - Legend of The Second -- (Gravity)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe" = C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe:*:Enabled:FINAL FANTASY XIV - A Realm Reborn (Beta Version) BOOT -- (SQUARE ENIX CO., LTD.)
"C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe" = C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe:*:Enabled:FINAL FANTASY XIV - A Realm Reborn (Beta Version) LAUNCHER -- (SQUARE ENIX CO., LTD.)
"C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\game\ffxiv.exe" = C:\Programme\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\game\ffxiv.exe:*:Enabled:FINAL FANTASY XIV - A Realm Reborn (Beta Version) -- (SQUARE ENIX Co., Ltd.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1675\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1675\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Apps\2.0\E4XV3AZN.QD3\PV0ERNCH.3P9\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Apps\2.0\E4XV3AZN.QD3\PV0ERNCH.3P9\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C6A9286-2A4B-43DF-A322-01ABFFDCD248}" = Ragnarok Online2
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PS3 Media Server" = PS3 Media Server
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-606747145-2139871995-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.07.2012 06:09:18 | Computer Name = ******| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 14.0.1.4577, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.08.2012 12:38:25 | Computer Name = ******| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ragnarok.exe, Version 2.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 11.10.2012 17:35:03 | Computer Name = ******| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 15.0.1.4631, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.01.2013 20:47:56 | Computer Name = ******| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Kies.exe, Version 1.0.0.1077, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.01.2013 16:47:36 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msnmsgr.exe, Version 14.0.8117.416, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.01.2013 17:53:17 | Computer Name = ******| Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
-- A later version of Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
is already installed.
Error - 08.01.2013 19:05:57 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 17.0.1.4715, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.01.2013 16:36:59 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 17.0.1.4715, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.01.2013 18:42:09 | Computer Name = ******| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 18.0.0.4752, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.03.2013 19:27:24 | Computer Name = ****** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 12.04.2013 11:31:01 | Computer Name = ****** | Source = Service Control Manager | ID = 7034
Description = Dienst "PS3 Media Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.04.2013 08:08:00 | Computer Name = ****** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PS3 Media Server" wurde nicht ordnungsgemäß gestartet.
Error - 13.04.2013 08:08:00 | Computer Name = ****** | Source = Service Control Manager | ID = 7034
Description = Dienst "PS3 Media Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.04.2013 09:22:33 | Computer Name = ******| Source = Service Control Manager | ID = 7022
Description = Der Dienst "PS3 Media Server" wurde nicht ordnungsgemäß gestartet.
Error - 13.04.2013 09:22:33 | Computer Name = ****** | Source = Service Control Manager | ID = 7034
Description = Dienst "PS3 Media Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.04.2013 14:56:13 | Computer Name = ****** | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.
Error - 13.04.2013 15:48:31 | Computer Name = ******| Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 13.04.2013 15:48:31 | Computer Name = ****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.04.2013 16:20:14 | Computer Name = ******| Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 13.04.2013 16:20:14 | Computer Name = ****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
15.04.2013, 20:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet selbstständig Game Seiten im Tab Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.04.2013, 12:37
| #5 |
| | Firefox öffnet selbstständig Game Seiten im Tab So hier sind die neuen Logs von GMER und Mbam: GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-16 12:25:49
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-12 WDC_WD2500AAJS-75M0A0 rev.02.03E02 232,83GB
Running: jv3wt1gb.exe; Driver: C:\DOKUME~1\****\LOKALE~1\Temp\awtdypog.sys
---- System - GMER 2.1 ----
SSDT B8752EA4 ZwClose
SSDT B8752E5E ZwCreateKey
SSDT B8752EAE ZwCreateSection
SSDT B8752E54 ZwCreateThread
SSDT B8752E63 ZwDeleteKey
SSDT B8752E6D ZwDeleteValueKey
SSDT B8752E9F ZwDuplicateObject
SSDT B8752E72 ZwLoadKey
SSDT B8752E40 ZwOpenProcess
SSDT B8752E45 ZwOpenThread
SSDT B8752EC7 ZwQueryValueKey
SSDT B8752E7C ZwReplaceKey
SSDT B8752EB8 ZwRequestWaitReplyPort
SSDT B8752E77 ZwRestoreKey
SSDT B8752EB3 ZwSetContextThread
SSDT B8752EBD ZwSetSecurityObject
SSDT B8752E68 ZwSetValueKey
SSDT B8752EC2 ZwSystemDebugControl
SSDT B8752E4F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB732F3C0, 0x72B99A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2020] ntdll.dll!DbgBreakPoint 7C91120E 1 Byte [C3]
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2020] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 5 Bytes JMP 7C9325C8 C:\WINDOWS\system32\ntdll.dll
---- EOF - GMER 2.1 ----
und mbam: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.16.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
**** :: ****** [administrator]
16.04.2013 12:33:23
mbar-log-2013-04-16 (12-33-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25739
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
16.04.2013, 12:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet selbstständig Game Seiten im Tab aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Firefox öffnet selbstständig Game Seiten im Tab |
|
18.04.2013, 19:15
| #7 |
| | Firefox öffnet selbstständig Game Seiten im Tab So hier schonmal der aswMBR Log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-18 19:42:46
-----------------------------
19:42:46.531 OS Version: Windows 5.1.2600 Service Pack 3
19:42:46.531 Number of processors: 2 586 0x170A
19:42:46.531 ComputerName: ***** UserName: ****
19:42:47.156 Initialize success
19:43:38.250 AVAST engine defs: 13041800
19:43:44.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-12
19:43:44.109 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 3
19:43:44.203 Disk 0 MBR read successfully
19:43:44.203 Disk 0 MBR scan
19:43:44.203 Disk 0 Windows XP default MBR code
19:43:44.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 88224 MB offset 63
19:43:44.203 Disk 0 Partition - 00 0F Extended LBA 150193 MB offset 180683055
19:43:44.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150193 MB offset 180683118
19:43:44.218 Disk 0 scanning sectors +488279610
19:43:44.296 Disk 0 scanning C:\WINDOWS\system32\drivers
19:43:49.281 Service scanning
19:43:53.390 Service MSICDSetup F:\CDriver.sys **LOCKED** 21
19:43:58.265 Modules scanning
19:44:01.812 Disk 0 trace - called modules:
19:44:01.828
19:44:02.296 AVAST engine scan C:\WINDOWS
19:44:05.671 AVAST engine scan C:\WINDOWS\system32
19:45:29.546 AVAST engine scan C:\WINDOWS\system32\drivers
19:45:36.500 AVAST engine scan C:\Dokumente und Einstellungen\Mone
19:54:30.031 AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:55:36.593 Scan finished successfully
20:13:46.206 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\MBR.dat"
20:13:46.206 The log file has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\aswMBR.txt"
und TDSKILLER: Code:
ATTFilter 20:15:45.0440 2064 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:15:45.0659 2064 ============================================================
20:15:45.0659 2064 Current date / time: 2013/04/18 20:15:45.0659
20:15:45.0659 2064 SystemInfo:
20:15:45.0659 2064
20:15:45.0659 2064 OS Version: 5.1.2600 ServicePack: 3.0
20:15:45.0659 2064 Product type: Workstation
20:15:45.0659 2064 ComputerName: *****
20:15:45.0659 2064 UserName: ****
20:15:45.0659 2064 Windows directory: C:\WINDOWS
20:15:45.0659 2064 System windows directory: C:\WINDOWS
20:15:45.0659 2064 Processor architecture: Intel x86
20:15:45.0659 2064 Number of processors: 2
20:15:45.0659 2064 Page size: 0x1000
20:15:45.0659 2064 Boot type: Normal boot
20:15:45.0659 2064 ============================================================
20:15:46.0534 2064 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:15:46.0534 2064 ============================================================
20:15:46.0534 2064 \Device\Harddisk0\DR0:
20:15:46.0534 2064 MBR partitions:
20:15:46.0534 2064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAC500F0
20:15:46.0549 2064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAC5016E, BlocksNum 0x12558CCC
20:15:46.0549 2064 ============================================================
20:15:46.0612 2064 C: <-> \Device\Harddisk0\DR0\Partition1
20:15:46.0659 2064 D: <-> \Device\Harddisk0\DR0\Partition2
20:15:46.0659 2064 ============================================================
20:15:46.0659 2064 Initialize success
20:15:46.0659 2064 ============================================================
20:16:13.0362 4028 ============================================================
20:16:13.0362 4028 Scan started
20:16:13.0362 4028 Mode: Manual; SigCheck; TDLFS;
20:16:13.0362 4028 ============================================================
20:16:13.0799 4028 ================ Scan system memory ========================
20:16:13.0799 4028 System memory - ok
20:16:13.0799 4028 ================ Scan services =============================
20:16:13.0924 4028 Abiosdsk - ok
20:16:13.0924 4028 abp480n5 - ok
20:16:13.0956 4028 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:16:14.0143 4028 ACPI - ok
20:16:14.0174 4028 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:16:14.0253 4028 ACPIEC - ok
20:16:14.0299 4028 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:14.0315 4028 AdobeFlashPlayerUpdateSvc - ok
20:16:14.0315 4028 adpu160m - ok
20:16:14.0331 4028 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:16:14.0393 4028 aec - ok
20:16:14.0424 4028 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:16:14.0456 4028 AFD - ok
20:16:14.0456 4028 Aha154x - ok
20:16:14.0456 4028 aic78u2 - ok
20:16:14.0456 4028 aic78xx - ok
20:16:14.0487 4028 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:16:14.0549 4028 Alerter - ok
20:16:14.0565 4028 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:16:14.0628 4028 ALG - ok
20:16:14.0628 4028 AliIde - ok
20:16:14.0690 4028 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:16:14.0784 4028 Ambfilt - ok
20:16:14.0784 4028 amsint - ok
20:16:14.0846 4028 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:16:14.0862 4028 AntiVirSchedulerService - ok
20:16:14.0862 4028 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:16:14.0878 4028 AntiVirService - ok
20:16:14.0878 4028 AppMgmt - ok
20:16:14.0878 4028 asc - ok
20:16:14.0878 4028 asc3350p - ok
20:16:14.0878 4028 asc3550 - ok
20:16:14.0940 4028 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:16:14.0940 4028 aspnet_state - ok
20:16:14.0956 4028 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:16:15.0018 4028 AsyncMac - ok
20:16:15.0018 4028 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:16:15.0096 4028 atapi - ok
20:16:15.0096 4028 Atdisk - ok
20:16:15.0112 4028 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:16:15.0190 4028 Atmarpc - ok
20:16:15.0206 4028 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:16:15.0284 4028 AudioSrv - ok
20:16:15.0299 4028 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:16:15.0378 4028 audstub - ok
20:16:15.0378 4028 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:16:15.0393 4028 avgntflt - ok
20:16:15.0409 4028 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:16:15.0424 4028 avipbb - ok
20:16:15.0424 4028 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:16:15.0440 4028 avkmgr - ok
20:16:15.0471 4028 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:16:15.0534 4028 Beep - ok
20:16:15.0549 4028 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:16:15.0612 4028 BITS - ok
20:16:15.0643 4028 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
20:16:15.0706 4028 Browser - ok
20:16:15.0721 4028 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:16:15.0799 4028 cbidf2k - ok
20:16:15.0799 4028 cd20xrnt - ok
20:16:15.0831 4028 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:16:15.0909 4028 Cdaudio - ok
20:16:15.0909 4028 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:16:15.0971 4028 Cdfs - ok
20:16:15.0987 4028 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:16:16.0065 4028 Cdrom - ok
20:16:16.0065 4028 Changer - ok
20:16:16.0081 4028 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:16:16.0143 4028 CiSvc - ok
20:16:16.0159 4028 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:16:16.0221 4028 ClipSrv - ok
20:16:16.0253 4028 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:16.0284 4028 clr_optimization_v2.0.50727_32 - ok
20:16:16.0284 4028 CmdIde - ok
20:16:16.0284 4028 COMSysApp - ok
20:16:16.0284 4028 Cpqarray - ok
20:16:16.0315 4028 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:16:16.0378 4028 CryptSvc - ok
20:16:16.0393 4028 dac2w2k - ok
20:16:16.0393 4028 dac960nt - ok
20:16:16.0409 4028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:16:16.0456 4028 DcomLaunch - ok
20:16:16.0503 4028 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:16:16.0503 4028 dg_ssudbus - ok
20:16:16.0549 4028 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:16:16.0612 4028 Dhcp - ok
20:16:16.0643 4028 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:16:16.0706 4028 Disk - ok
20:16:16.0706 4028 dmadmin - ok
20:16:16.0737 4028 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:16:16.0846 4028 dmboot - ok
20:16:16.0846 4028 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:16:16.0909 4028 dmio - ok
20:16:16.0924 4028 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:16:16.0987 4028 dmload - ok
20:16:17.0018 4028 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:16:17.0081 4028 dmserver - ok
20:16:17.0112 4028 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:16:17.0174 4028 DMusic - ok
20:16:17.0190 4028 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:16:17.0221 4028 Dnscache - ok
20:16:17.0237 4028 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:16:17.0299 4028 Dot3svc - ok
20:16:17.0299 4028 dpti2o - ok
20:16:17.0315 4028 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:16:17.0378 4028 drmkaud - ok
20:16:17.0378 4028 EagleXNt - ok
20:16:17.0393 4028 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:16:17.0456 4028 EapHost - ok
20:16:17.0471 4028 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:16:17.0549 4028 ERSvc - ok
20:16:17.0565 4028 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:16:17.0596 4028 Eventlog - ok
20:16:17.0628 4028 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
20:16:17.0674 4028 EventSystem - ok
20:16:17.0690 4028 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:16:17.0768 4028 Fastfat - ok
20:16:17.0799 4028 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:16:17.0846 4028 FastUserSwitchingCompatibility - ok
20:16:17.0862 4028 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:16:17.0909 4028 Fdc - ok
20:16:17.0924 4028 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:16:17.0987 4028 Fips - ok
20:16:17.0987 4028 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:16:18.0049 4028 Flpydisk - ok
20:16:18.0081 4028 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:16:18.0143 4028 FltMgr - ok
20:16:18.0190 4028 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:16:18.0190 4028 FontCache3.0.0.0 - ok
20:16:18.0190 4028 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:16:18.0268 4028 Fs_Rec - ok
20:16:18.0268 4028 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:16:18.0331 4028 Ftdisk - ok
20:16:18.0346 4028 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:16:18.0424 4028 Gpc - ok
20:16:18.0440 4028 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:16:18.0456 4028 hamachi - ok
20:16:18.0487 4028 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:16:18.0549 4028 HDAudBus - ok
20:16:18.0596 4028 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:16:18.0659 4028 helpsvc - ok
20:16:18.0674 4028 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
20:16:18.0737 4028 HidServ - ok
20:16:18.0753 4028 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:16:18.0815 4028 hidusb - ok
20:16:18.0846 4028 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:16:18.0893 4028 hkmsvc - ok
20:16:18.0909 4028 hpn - ok
20:16:18.0987 4028 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
20:16:19.0018 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:16:19.0018 4028 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:16:19.0034 4028 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
20:16:19.0049 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:16:19.0049 4028 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:16:19.0065 4028 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:16:19.0143 4028 HPZid412 - ok
20:16:19.0159 4028 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:16:19.0174 4028 HPZipr12 - ok
20:16:19.0190 4028 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:16:19.0221 4028 HPZius12 - ok
20:16:19.0237 4028 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:16:19.0284 4028 HTTP - ok
20:16:19.0299 4028 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:16:19.0362 4028 HTTPFilter - ok
20:16:19.0362 4028 i2omgmt - ok
20:16:19.0378 4028 i2omp - ok
20:16:19.0393 4028 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
20:16:19.0456 4028 i8042prt - ok
20:16:19.0518 4028 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:16:19.0581 4028 idsvc - ok
20:16:19.0596 4028 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:16:19.0659 4028 Imapi - ok
20:16:19.0674 4028 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
20:16:19.0753 4028 ImapiService - ok
20:16:19.0753 4028 ini910u - ok
20:16:19.0878 4028 [ 063DD51CBDC37B8668E09148E0A118BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:16:20.0081 4028 IntcAzAudAddService - ok
20:16:20.0081 4028 IntelIde - ok
20:16:20.0112 4028 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:16:20.0174 4028 intelppm - ok
20:16:20.0190 4028 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:16:20.0268 4028 Ip6Fw - ok
20:16:20.0284 4028 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:16:20.0346 4028 IpFilterDriver - ok
20:16:20.0346 4028 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:16:20.0409 4028 IpInIp - ok
20:16:20.0424 4028 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:16:20.0503 4028 IpNat - ok
20:16:20.0518 4028 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:16:20.0581 4028 IPSec - ok
20:16:20.0596 4028 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:16:20.0659 4028 IRENUM - ok
20:16:20.0674 4028 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:16:20.0737 4028 isapnp - ok
20:16:20.0815 4028 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
20:16:20.0831 4028 JavaQuickStarterService - ok
20:16:20.0831 4028 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:16:20.0909 4028 Kbdclass - ok
20:16:20.0924 4028 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:16:20.0987 4028 kbdhid - ok
20:16:21.0018 4028 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:16:21.0096 4028 kmixer - ok
20:16:21.0112 4028 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:16:21.0174 4028 KSecDD - ok
20:16:21.0206 4028 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:16:21.0221 4028 lanmanserver - ok
20:16:21.0253 4028 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:16:21.0284 4028 lanmanworkstation - ok
20:16:21.0284 4028 lbrtfdc - ok
20:16:21.0315 4028 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:16:21.0362 4028 LmHosts - ok
20:16:21.0393 4028 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:16:21.0456 4028 Messenger - ok
20:16:21.0487 4028 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:16:21.0549 4028 mnmdd - ok
20:16:21.0565 4028 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:16:21.0628 4028 mnmsrvc - ok
20:16:21.0643 4028 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:16:21.0721 4028 Modem - ok
20:16:21.0753 4028 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:16:21.0815 4028 Monfilt - ok
20:16:21.0831 4028 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:16:21.0909 4028 Mouclass - ok
20:16:21.0924 4028 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:16:22.0003 4028 mouhid - ok
20:16:22.0018 4028 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:16:22.0065 4028 MountMgr - ok
20:16:22.0112 4028 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:16:22.0143 4028 MozillaMaintenance - ok
20:16:22.0143 4028 mraid35x - ok
20:16:22.0143 4028 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:16:22.0206 4028 MRxDAV - ok
20:16:22.0237 4028 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:16:22.0268 4028 MRxSmb - ok
20:16:22.0284 4028 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:16:22.0346 4028 MSDTC - ok
20:16:22.0362 4028 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:16:22.0424 4028 Msfs - ok
20:16:22.0424 4028 MSICDSetup - ok
20:16:22.0424 4028 MSIServer - ok
20:16:22.0456 4028 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:16:22.0503 4028 MSKSSRV - ok
20:16:22.0518 4028 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:16:22.0596 4028 MSPCLOCK - ok
20:16:22.0596 4028 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:16:22.0643 4028 MSPQM - ok
20:16:22.0659 4028 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:16:22.0721 4028 mssmbios - ok
20:16:22.0737 4028 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:16:22.0753 4028 Mup - ok
20:16:22.0784 4028 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:16:22.0862 4028 napagent - ok
20:16:22.0878 4028 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:16:22.0956 4028 NDIS - ok
20:16:22.0987 4028 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:16:22.0987 4028 NdisTapi - ok
20:16:23.0018 4028 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:16:23.0081 4028 Ndisuio - ok
20:16:23.0081 4028 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:16:23.0143 4028 NdisWan - ok
20:16:23.0174 4028 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:16:23.0190 4028 NDProxy - ok
20:16:23.0221 4028 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:16:23.0237 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:16:23.0237 4028 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:16:23.0253 4028 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:16:23.0315 4028 NetBIOS - ok
20:16:23.0331 4028 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:16:23.0393 4028 NetBT - ok
20:16:23.0409 4028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:16:23.0487 4028 NetDDE - ok
20:16:23.0487 4028 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:16:23.0534 4028 NetDDEdsdm - ok
20:16:23.0565 4028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:16:23.0628 4028 Netlogon - ok
20:16:23.0643 4028 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:16:23.0721 4028 Netman - ok
20:16:23.0737 4028 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:16:23.0753 4028 NetTcpPortSharing - ok
20:16:23.0768 4028 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:16:23.0784 4028 Nla - ok
20:16:23.0799 4028 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:16:23.0862 4028 Npfs - ok
20:16:23.0878 4028 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:16:23.0956 4028 Ntfs - ok
20:16:23.0956 4028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:16:24.0003 4028 NtLmSsp - ok
20:16:24.0034 4028 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:16:24.0112 4028 NtmsSvc - ok
20:16:24.0128 4028 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:16:24.0190 4028 Null - ok
20:16:24.0393 4028 [ A0A12B3824889E07CB5D19C30F058E68 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:16:24.0753 4028 nv - ok
20:16:24.0784 4028 [ 36E24031C29E6BB6F905CCB41FC987C0 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:16:24.0799 4028 NVSvc - ok
20:16:24.0862 4028 [ EF14502139880F7C3DDCF0D7CA12F370 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:16:24.0924 4028 nvUpdatusService - ok
20:16:24.0956 4028 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:16:25.0018 4028 NwlnkFlt - ok
20:16:25.0034 4028 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:16:25.0096 4028 NwlnkFwd - ok
20:16:25.0143 4028 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:16:25.0143 4028 ose - ok
20:16:25.0190 4028 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:16:25.0253 4028 Parport - ok
20:16:25.0268 4028 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:16:25.0331 4028 PartMgr - ok
20:16:25.0362 4028 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:16:25.0424 4028 ParVdm - ok
20:16:25.0424 4028 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:16:25.0503 4028 PCI - ok
20:16:25.0503 4028 PCIDump - ok
20:16:25.0503 4028 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:16:25.0581 4028 PCIIde - ok
20:16:25.0596 4028 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:16:25.0659 4028 Pcmcia - ok
20:16:25.0659 4028 PDCOMP - ok
20:16:25.0659 4028 PDFRAME - ok
20:16:25.0659 4028 PDRELI - ok
20:16:25.0659 4028 PDRFRAME - ok
20:16:25.0659 4028 perc2 - ok
20:16:25.0659 4028 perc2hib - ok
20:16:25.0674 4028 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:16:25.0690 4028 PlugPlay - ok
20:16:25.0690 4028 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:16:25.0706 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:16:25.0706 4028 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:16:25.0706 4028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:16:25.0768 4028 PolicyAgent - ok
20:16:25.0784 4028 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:16:25.0846 4028 PptpMiniport - ok
20:16:25.0846 4028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:16:25.0909 4028 ProtectedStorage - ok
20:16:25.0956 4028 [ E2E47486F9D39145DAEA03D007587A02 ] PS3 Media Server C:\Programme\PS3 Media Server\win32\service\wrapper.exe
20:16:25.0971 4028 PS3 Media Server - ok
20:16:25.0971 4028 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:16:26.0034 4028 PSched - ok
20:16:26.0034 4028 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:16:26.0112 4028 Ptilink - ok
20:16:26.0112 4028 ql1080 - ok
20:16:26.0112 4028 Ql10wnt - ok
20:16:26.0112 4028 ql12160 - ok
20:16:26.0128 4028 ql1240 - ok
20:16:26.0128 4028 ql1280 - ok
20:16:26.0143 4028 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:16:26.0206 4028 RasAcd - ok
20:16:26.0237 4028 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:16:26.0299 4028 RasAuto - ok
20:16:26.0315 4028 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:16:26.0378 4028 Rasl2tp - ok
20:16:26.0409 4028 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:16:26.0487 4028 RasMan - ok
20:16:26.0487 4028 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:16:26.0565 4028 RasPppoe - ok
20:16:26.0565 4028 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:16:26.0628 4028 Raspti - ok
20:16:26.0643 4028 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:16:26.0706 4028 Rdbss - ok
20:16:26.0721 4028 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:16:26.0784 4028 RDPCDD - ok
20:16:26.0815 4028 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:16:26.0846 4028 RDPWD - ok
20:16:26.0878 4028 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:16:26.0940 4028 RDSessMgr - ok
20:16:26.0971 4028 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:16:27.0018 4028 redbook - ok
20:16:27.0049 4028 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:16:27.0112 4028 RemoteAccess - ok
20:16:27.0112 4028 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:16:27.0190 4028 RpcLocator - ok
20:16:27.0206 4028 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:16:27.0221 4028 RpcSs - ok
20:16:27.0253 4028 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:16:27.0299 4028 RSVP - ok
20:16:27.0331 4028 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:16:27.0362 4028 RTLE8023xp - ok
20:16:27.0378 4028 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:16:27.0424 4028 SamSs - ok
20:16:27.0424 4028 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:16:27.0503 4028 SCardSvr - ok
20:16:27.0518 4028 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:16:27.0596 4028 Schedule - ok
20:16:27.0612 4028 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:16:27.0674 4028 Secdrv - ok
20:16:27.0706 4028 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:16:27.0768 4028 seclogon - ok
20:16:27.0784 4028 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:16:27.0846 4028 SENS - ok
20:16:27.0862 4028 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:16:27.0924 4028 serenum - ok
20:16:27.0956 4028 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:16:28.0003 4028 Serial - ok
20:16:28.0034 4028 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:16:28.0096 4028 Sfloppy - ok
20:16:28.0128 4028 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:16:28.0206 4028 SharedAccess - ok
20:16:28.0221 4028 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:16:28.0237 4028 ShellHWDetection - ok
20:16:28.0237 4028 Simbad - ok
20:16:28.0284 4028 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
20:16:28.0299 4028 SkypeUpdate - ok
20:16:28.0299 4028 Sparrow - ok
20:16:28.0299 4028 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:16:28.0362 4028 splitter - ok
20:16:28.0393 4028 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:16:28.0424 4028 Spooler - ok
20:16:28.0440 4028 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:16:28.0503 4028 sr - ok
20:16:28.0534 4028 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
20:16:28.0596 4028 srservice - ok
20:16:28.0628 4028 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:16:28.0659 4028 Srv - ok
20:16:28.0674 4028 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:16:28.0737 4028 SSDPSRV - ok
20:16:28.0768 4028 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:16:28.0768 4028 ssmdrv - ok
20:16:28.0799 4028 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:16:28.0815 4028 ssudmdm - ok
20:16:28.0831 4028 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:16:28.0924 4028 stisvc - ok
20:16:28.0924 4028 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:16:29.0003 4028 swenum - ok
20:16:29.0018 4028 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:16:29.0081 4028 swmidi - ok
20:16:29.0096 4028 SwPrv - ok
20:16:29.0096 4028 symc810 - ok
20:16:29.0096 4028 symc8xx - ok
20:16:29.0096 4028 sym_hi - ok
20:16:29.0096 4028 sym_u3 - ok
20:16:29.0112 4028 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:16:29.0174 4028 sysaudio - ok
20:16:29.0190 4028 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:16:29.0253 4028 SysmonLog - ok
20:16:29.0268 4028 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:16:29.0346 4028 TapiSrv - ok
20:16:29.0378 4028 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:16:29.0378 4028 Tcpip - ok
20:16:29.0409 4028 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:16:29.0487 4028 TDPIPE - ok
20:16:29.0487 4028 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:16:29.0549 4028 TDTCP - ok
20:16:29.0565 4028 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:16:29.0612 4028 TermDD - ok
20:16:29.0628 4028 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:16:29.0690 4028 TermService - ok
20:16:29.0706 4028 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:16:29.0706 4028 Themes - ok
20:16:29.0721 4028 TosIde - ok
20:16:29.0721 4028 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:16:29.0784 4028 TrkWks - ok
20:16:29.0815 4028 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:16:29.0878 4028 Udfs - ok
20:16:29.0878 4028 ultra - ok
20:16:29.0893 4028 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:16:29.0971 4028 Update - ok
20:16:29.0987 4028 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:16:30.0049 4028 upnphost - ok
20:16:30.0065 4028 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:16:30.0128 4028 UPS - ok
20:16:30.0143 4028 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:16:30.0206 4028 usbccgp - ok
20:16:30.0221 4028 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:16:30.0299 4028 usbehci - ok
20:16:30.0315 4028 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:16:30.0378 4028 usbhub - ok
20:16:30.0393 4028 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:16:30.0440 4028 usbprint - ok
20:16:30.0471 4028 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:16:30.0534 4028 usbscan - ok
20:16:30.0565 4028 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:16:30.0612 4028 USBSTOR - ok
20:16:30.0643 4028 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:16:30.0706 4028 usbuhci - ok
20:16:30.0721 4028 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:16:30.0784 4028 VgaSave - ok
20:16:30.0784 4028 ViaIde - ok
20:16:30.0815 4028 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:16:30.0878 4028 VolSnap - ok
20:16:30.0893 4028 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:16:30.0956 4028 VSS - ok
20:16:30.0987 4028 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
20:16:31.0065 4028 W32Time - ok
20:16:31.0081 4028 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:16:31.0128 4028 Wanarp - ok
20:16:31.0128 4028 WDICA - ok
20:16:31.0143 4028 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:16:31.0206 4028 wdmaud - ok
20:16:31.0237 4028 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:16:31.0299 4028 WebClient - ok
20:16:31.0346 4028 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:16:31.0409 4028 winmgmt - ok
20:16:31.0424 4028 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:16:31.0456 4028 WmdmPmSN - ok
20:16:31.0487 4028 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:16:31.0549 4028 WmiApSrv - ok
20:16:31.0565 4028 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:16:31.0581 4028 WpdUsb - ok
20:16:31.0596 4028 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:16:31.0674 4028 wscsvc - ok
20:16:31.0690 4028 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:16:31.0753 4028 wuauserv - ok
20:16:31.0784 4028 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:16:31.0799 4028 WudfPf - ok
20:16:31.0815 4028 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:16:31.0831 4028 WudfRd - ok
20:16:31.0862 4028 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:16:31.0878 4028 WudfSvc - ok
20:16:31.0909 4028 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:16:31.0971 4028 WZCSVC - ok
20:16:32.0018 4028 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:16:32.0081 4028 xmlprov - ok
20:16:32.0081 4028 ================ Scan global ===============================
20:16:32.0096 4028 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:16:32.0128 4028 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:16:32.0143 4028 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
20:16:32.0159 4028 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:16:32.0159 4028 [Global] - ok
20:16:32.0159 4028 ================ Scan MBR ==================================
20:16:32.0159 4028 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:16:32.0440 4028 \Device\Harddisk0\DR0 - ok
20:16:32.0440 4028 ================ Scan VBR ==================================
20:16:32.0440 4028 [ D381C67F9958974FECDE8D099BA8C634 ] \Device\Harddisk0\DR0\Partition1
20:16:32.0440 4028 \Device\Harddisk0\DR0\Partition1 - ok
20:16:32.0440 4028 [ 2960E2264BFA83736EF7B6F33A22356F ] \Device\Harddisk0\DR0\Partition2
20:16:32.0440 4028 \Device\Harddisk0\DR0\Partition2 - ok
20:16:32.0440 4028 ============================================================
20:16:32.0440 4028 Scan finished
20:16:32.0440 4028 ============================================================
20:16:32.0549 3052 Detected object count: 4
20:16:32.0549 3052 Actual detected object count: 4
20:16:48.0799 3052 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:48.0799 3052 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:48.0799 3052 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:48.0799 3052 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:48.0799 3052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:48.0799 3052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:48.0799 3052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:48.0799 3052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:25.0128 2876 Deinitialize success
|
|
19.04.2013, 00:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet selbstständig Game Seiten im Tab Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
