| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Systemcare antivirus "Antivirenprogramm! legt Notebook lahmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2013, 16:39
| #1 |
 |  Systemcare antivirus "Antivirenprogramm! legt Notebook lahm Hallo liebe Experten, ich bin schon lange Fan eueres Boards und oft nur stiller Mitleser, doch diesmal hat es mich hart erwischt: Auf meinem Notebook Acer Extensa 5235 mit Windows XP hat sich o.g. backdoor trojaner eingeschlichen. Problem: Ich komme nicht mal in den Task-Manager(wird blockiert) und auch ausführen jeglicher .exe wird unterdrückt. Somit kann ich auch kein Malawarebytes Anti-Malware und auch nicht ADWCleaner in Gang setzen. Im Ordner C/: Dokumente und Einstellungen/all users/anwendungsdaten befindet sich eine fiese .exe mit dem Namen E8E15F526DE3BF9E0000E8E07677C56C.exe Eine Anwendung mit 455KB, welche sich heute dort eingenistet hat. Leider lässt sie sich nicht löschen und prozesse beenden kann ich nicht, da der TaskManager auch gesperrt ist. Ich bitte hier mal freundlich um Hilfe und Support. Herzlichen Dank, Magixx PS Ich bin nur normaler 08/15 Computer-User aber mit "Hilfe-Anleitung" sollte alles klappen. Avira Free Antivir mit Luke Filewalker mit heutigem update findet leider nichts. |
|
15.05.2013, 16:42
| #2 |
| /// Malware-holic   | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.05.2013, 16:53
| #3 |
| | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm EDIT
__________________So, ich habe dieses Desktopsymbol (gelb-schwarze Raute Verkehrssymbol-optik) auf den Rechner bekommen (ich tippe von sauberem Rechner, neben dem anderen Notebook) Problem: Wie oben im Startbeitrag bereits beschrieben ist der Rechner gesperrt gegen jeder Art von .exe ausführen. Also auch OTL.exe kann ich nicht starten, der Virus unterbindet jede Exe ausführung. Ich habe sogar bereits versucht Malawarebytes Anti-Malware und auch nicht ADWCleaner in den Autostart zu setzen. Auch dort wird der Start sofort unterbunden. Was sollte ich tun? "im abgesicherten Modus", oder "letzte als funktionierende bekannte Konfiguration" Geändert von Magixx (15.05.2013 um 17:09 Uhr) |
|
15.05.2013, 17:26
| #4 |
| /// Malware-holic | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm hi sorry vergessen dazuzuschreiben, otl im abges modus ausführen, das müsste gehen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 18:12
| #5 |
| | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2013 19:03:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 74,32% Memory free 3,18 Gb Paging File | 2,92 Gb Available in Paging File | 92,01% Paging File free Paging file location(s): C:\pagefile.sys 1428 2856 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 107,18 Gb Free Space | 71,91% Space Free | Partition Type: NTFS Computer Name: USER-D59CA52A63 | User Name: user | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.15 17:57:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe PRC - [2013.04.04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2013.04.30 15:21:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.19 13:57:21 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.19 13:56:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.16 11:24:26 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.11.12 14:13:11 | 000,069,120 | ---- | M] (Autodata Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.05.15 18:44:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.04.19 13:57:28 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.19 13:57:28 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.19 13:57:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.03 10:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2011.08.17 00:08:36 | 000,062,920 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT-USB.SYS -- (RT-USB) DRV - [2009.04.08 05:04:00 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009.04.08 04:43:00 | 000,164,864 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.03.26 11:35:00 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009.03.09 14:32:00 | 000,805,888 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.10.18 15:02:20 | 000,041,472 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgiVecp.sys -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{68CBEA40-74E1-4AEB-8D4C-63E513357CC3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = {68CBEA40-74E1-4AEB-8D4C-63E513357CC3} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{17D1AF63-E4DA-4505-9E88-689C3E1795C4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 IE - HKCU\..\SearchScopes\{68CBEA40-74E1-4AEB-8D4C-63E513357CC3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE460 IE - HKCU\..\SearchScopes\{6E9E45D5-36A3-4018-8CFD-FFFA766ED031}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{9D784106-6E99-41DF-96FB-E639A64E6D36}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.30 15:21:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.29 08:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2012.06.30 08:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\0i46vr43.default\extensions [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.30 15:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.02 18:09:54 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAMME\GEMEINSAME DATEIEN\DVDVIDEOSOFT\PLUGINS\FF [2013.04.30 15:21:41 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.04.02 14:21:19 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.02 14:21:19 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.04.02 14:21:19 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.04.02 14:21:19 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.02 14:21:19 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.02 14:21:19 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [E8E15F526DE3BF9E0000E8E07677C56C] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E8E15F526DE3BF9E0000E8E07677C56C\E8E15F526DE3BF9E0000E8E07677C56C.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe (Malwarebytes Corporation ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\Samsung\Samsung CLX-3170 Series\WebCapture.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58001A5-589A-4FE2-9088-803CE2970C07}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.17 16:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell - "" = AutoRun O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 18:43:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.05.15 17:57:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2013.05.15 17:00:46 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe [2013.05.15 13:23:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\System Care Antivirus [2013.05.14 08:10:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software [2013.05.14 08:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader [2013.05.13 19:16:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.05.13 19:16:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.05.09 10:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.05.09 10:06:14 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.05.09 10:05:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.04.30 15:21:25 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.15 18:44:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013.05.15 18:43:39 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.15 18:43:20 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 18:43:19 | 000,517,136 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 18:43:19 | 000,101,422 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 18:43:19 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 18:39:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.15 18:38:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.15 17:57:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2013.05.15 15:09:34 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe [2013.05.09 12:43:14 | 028,885,025 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\SDLWMF13.7z [2013.05.09 11:21:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.05.09 10:07:56 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.04.22 10:06:52 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe [2013.04.19 13:57:28 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.04.19 13:57:28 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.04.19 13:57:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.15 18:43:39 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.15 17:00:38 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe [2013.05.09 12:43:10 | 028,885,025 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\SDLWMF13.7z [2013.05.09 10:07:56 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.03.24 11:18:13 | 001,206,272 | ---- | C] () -- C:\WINDOWS\System32\Engine3D.dll [2013.02.02 17:09:30 | 000,311,322 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.12.16 14:00:35 | 000,055,564 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012.10.07 21:41:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2012.03.20 08:58:46 | 000,000,189 | ---- | C] () -- C:\WINDOWS\ETKINST.INI [2012.02.15 10:02:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.05 16:42:55 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.01.22 14:04:19 | 000,000,145 | ---- | C] () -- C:\WINDOWS\ETOSP.INI [2011.10.09 17:59:34 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.10.09 17:59:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe [2011.10.09 17:59:34 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.10.09 17:55:53 | 000,305,847 | ---- | C] () -- C:\WINDOWS\ETOSU.EXE [2010.06.04 22:58:05 | 000,011,619 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SmarThruOptions.xml [2010.06.04 18:41:33 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.12.18 19:17:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.03.10 06:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < OTL logfile created on: 15.05.2013 18:39:46 - Run 1 > < OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Desktop > < Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.6001.18702) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 1,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 87,23% Memory free > < 3,18 Gb Paging File | 3,11 Gb Available in Paging File | 98,04% Paging File free > < Paging file location(s): C:\pagefile.sys 1428 2856 [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme > < Drive C: | 149,05 Gb Total Space | 107,13 Gb Free Space | 71,88% Space Free | Partition Type: NTFS > < > < Computer Name: USER-D59CA52A63 | User Name: user | Logged in as Administrator. > < Boot Mode: SafeMode | Scan Mode: Current user > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - [2013.05.15 17:57:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe > < PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU > < > < > < ========== Services (SafeList) ========== > Invalid Switch: color] < > < SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) > < SRV - [2013.04.30 15:21:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) > < SRV - [2013.04.19 13:57:21 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) > < SRV - [2013.04.19 13:56:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) > < SRV - [2013.03.16 11:24:26 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) > < SRV - [2012.12.21 16:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) > < SRV - [2011.11.12 14:13:11 | 000,069,120 | ---- | M] (Autodata Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service) > < SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) > < SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) > < SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) > < DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) > < DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) > < DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) > < DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) > < DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) > < DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) > < DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) > < DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) > < DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) > < DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) > < DRV - File not found [Kernel | System | Stopped] -- -- (Changer) > < DRV - [2013.04.19 13:57:28 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) > < DRV - [2013.04.19 13:57:28 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) > < DRV - [2013.04.19 13:57:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) > < DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) > < DRV - [2012.06.03 10:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) > < DRV - [2011.08.17 00:08:36 | 000,062,920 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT-USB.SYS -- (RT-USB) > < DRV - [2009.04.08 05:04:00 | 000,039,424 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) > < DRV - [2009.04.08 04:43:00 | 000,164,864 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) > < DRV - [2009.03.26 11:35:00 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) > < DRV - [2009.03.09 14:32:00 | 000,805,888 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) > < DRV - [2008.11.23 09:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE) > < DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) > < DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) > < DRV - [2004.10.18 15:02:20 | 000,041,472 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgiVecp.sys -- (DgiVecp) > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = > < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = > < IE - HKLM\..\SearchScopes,DefaultScope = > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} > < IE - HKLM\..\SearchScopes\{68CBEA40-74E1-4AEB-8D4C-63E513357CC3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 > < > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie8 > Invalid Switch: ?fr=fp-yie8 < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ > Invalid Switch: < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = > < IE - HKCU\..\SearchScopes,DefaultScope = {68CBEA40-74E1-4AEB-8D4C-63E513357CC3} > < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC > < IE - HKCU\..\SearchScopes\{17D1AF63-E4DA-4505-9E88-689C3E1795C4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 > < IE - HKCU\..\SearchScopes\{68CBEA40-74E1-4AEB-8D4C-63E513357CC3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE460 > < IE - HKCU\..\SearchScopes\{6E9E45D5-36A3-4018-8CFD-FFFA766ED031}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} > < IE - HKCU\..\SearchScopes\{9D784106-6E99-41DF-96FB-E639A64E6D36}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local > < > < ========== FireFox ========== > Invalid Switch: color] < > < FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7 > < FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 > < FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 > < FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 > < FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 > < FF - prefs.js..network.proxy.no_proxies_on: "*.local" > < FF - prefs.js..network.proxy.type: 0 > < FF - user.js - File not found > < > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () > Invalid Switch: FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found > Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () > Invalid Switch: iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () < FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) > Invalid Switch: pdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) < FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) > Invalid Switch: vnd.fdf: C:\PROGRAMME\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) < FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) > Invalid Switch: DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) > Invalid Switch: JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) < FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) > Invalid Switch: NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) > Invalid Switch: OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) > Invalid Switch: WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) > Invalid Switch: vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) < FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) > < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.30 15:21:41 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins > < > < [2012.06.29 08:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions > < [2012.06.30 08:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\0i46vr43.default\extensions > < [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions > < [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} > < [2013.04.30 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} > < [2013.04.30 15:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} > < [2012.12.02 18:09:54 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAMME\GEMEINSAME DATEIEN\DVDVIDEOSOFT\PLUGINS\FF > < [2013.04.30 15:21:41 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll > < [2013.04.02 14:21:19 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2013.04.02 14:21:19 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml > < [2013.04.02 14:21:19 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml > < [2013.04.02 14:21:19 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml > < [2013.04.02 14:21:19 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml > < [2013.04.02 14:21:19 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml > < > < O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts > < O1 - Hosts: 127.0.0.1 localhost > < O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) > < O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) > < O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) > < O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) > < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. > < O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe () > < O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) > < O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) > < O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) > < O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () > < O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) > < O4 - HKCU..\RunOnce: [E8E15F526DE3BF9E0000E8E07677C56C] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E8E15F526DE3BF9E0000E8E07677C56C\E8E15F526DE3BF9E0000E8E07677C56C.exe () > < O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe () > < O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe (Malwarebytes Corporation ) > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 > < O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\user\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found > < O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found > Invalid Switch: cmsidewiki.html File not found < O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\Samsung\Samsung CLX-3170 Series\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\Samsung\Samsung CLX-3170 Series\WebCapture.dll () > < O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) > < O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab (PrinterHelpEtcActiveX Control) > Invalid Switch: DrPrinter.cab (PrinterHelpEtcActiveX Control) < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) > Invalid Switch: jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) < O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) > Invalid Switch: jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) > Invalid Switch: jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) < O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) > Invalid Switch: swflash.cab (Shockwave Flash Object) < O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58001A5-589A-4FE2-9088-803CE2970C07}: DhcpNameServer = 192.168.1.1 > < O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) > < O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) > Invalid Switch: xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) < O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) > < O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home > < O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp > < O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2010.01.17 16:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] > < O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell - "" = AutoRun > < O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\{5f4785cd-ca73-11e0-a5f7-00269eea8a60}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true > < O34 - HKLM BootExecute: (autocheck autochk *) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) > < O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2013.05.15 17:57:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe > < [2013.05.15 17:00:46 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe > < [2013.05.15 13:23:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\System Care Antivirus > < [2013.05.14 08:10:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software > < [2013.05.14 08:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader > < [2013.05.13 19:16:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys > < [2013.05.13 19:16:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware > < [2013.05.09 10:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes > < [2013.05.09 10:06:14 | 000,000,000 | ---D | C] -- C:\Programme\iPod > < [2013.05.09 10:05:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes > < [2013.04.30 15:21:25 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox > < [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] > < [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2013.05.15 18:43:39 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk > < [2013.05.15 18:43:20 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat > < [2013.05.15 18:43:19 | 000,517,136 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat > < [2013.05.15 18:43:19 | 000,101,422 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat > < [2013.05.15 18:43:19 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat > < [2013.05.15 18:39:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl > < [2013.05.15 18:38:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat > < [2013.05.15 17:57:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe > < [2013.05.15 15:09:34 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe > < [2013.05.09 12:43:14 | 028,885,025 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\SDLWMF13.7z > < [2013.05.09 11:21:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job > < [2013.05.09 10:07:56 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk > < [2013.04.22 10:06:52 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\mbam-setup-1.75.0.1300.exe > < [2013.04.19 13:57:28 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys > < [2013.04.19 13:57:28 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys > < [2013.04.19 13:57:28 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys > < [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] > < [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2013.05.15 17:00:38 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\adwcleaner.exe > < [2013.05.09 12:43:10 | 028,885,025 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\SDLWMF13.7z > < [2013.05.09 10:07:56 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk > < [2013.03.24 11:18:13 | 001,206,272 | ---- | C] () -- C:\WINDOWS\System32\Engine3D.dll > < [2013.02.02 17:09:30 | 000,311,322 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat > < [2012.12.16 14:00:35 | 000,055,564 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat > < [2012.10.07 21:41:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI > < [2012.03.20 08:58:46 | 000,000,189 | ---- | C] () -- C:\WINDOWS\ETKINST.INI > < [2012.02.15 10:02:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll > < [2012.02.05 16:42:55 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys > < [2012.01.22 14:04:19 | 000,000,145 | ---- | C] () -- C:\WINDOWS\ETOSP.INI > < [2011.10.09 17:59:34 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE > < [2011.10.09 17:59:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe > < [2011.10.09 17:59:34 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI > < [2011.10.09 17:55:53 | 000,305,847 | ---- | C] () -- C:\WINDOWS\ETOSU.EXE > < [2010.06.04 22:58:05 | 000,011,619 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SmarThruOptions.xml > < [2010.06.04 18:41:33 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < > < ========== ZeroAccess Check ========== > Invalid Switch: color] < > < [2011.12.18 19:17:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < "" = %SystemRoot%\system32\shdocvw.dll -- [2010.03.10 06:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Apartment > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] > < "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Free > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] > < "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Both > < > < < End of report > --- --- --- --- --- --- > < End of report > _________________________________________________________________________OTL Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 18:39:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 87,23% Memory free
3,18 Gb Paging File | 3,11 Gb Available in Paging File | 98,04% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 107,13 Gb Free Space | 71,88% Space Free | Partition Type: NTFS
Computer Name: USER-D59CA52A63 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe" = D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant
"C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe" = C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe:*:Enabled:MyPhoneExplorer
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.1.0.1454
"C79A3D5A32F77A371781A114DED85F082849F61E" = Windows-Treiberpaket - Ross-Tech USB Driver Package (08/16/2011 2.08.14)
"CloneCD" = CloneCD
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ETKA7.3_Germany_2012" = ETKA 7.3 Germany 2012
"FGS Kassenbuch5.1.3" = FGS Kassenbuch
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1130
"GPL Ghostscript 9.06" = GPL Ghostscript
"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)
"Hardlock Device Driver" = Hardlock Device Driver
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3Find" = MP3Find
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VCDS Release 11.11" = VCDS Release 11.11.0
"VLC media player" = VLC media player 2.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.05.2013 12:52:22 | Computer Name = USER-D59CA52A63 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x0000f06b.
Error - 14.05.2013 15:39:14 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 15:39:14 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2859
Error - 14.05.2013 15:39:14 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2859
Error - 15.05.2013 01:42:23 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.05.2013 01:42:23 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 36191672
Error - 15.05.2013 01:42:23 | Computer Name = USER-D59CA52A63 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 36191672
Error - 15.05.2013 07:24:01 | Computer Name = USER-D59CA52A63 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 15.05.2013 10:51:22 | Computer Name = USER-D59CA52A63 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 15.05.2013 11:02:49 | Computer Name = USER-D59CA52A63 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
[ System Events ]
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 15.05.2013 12:39:56 | Computer Name = USER-D59CA52A63 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 15.05.2013 12:41:33 | Computer Name = USER-D59CA52A63 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15.05.2013 12:42:19 | Computer Name = USER-D59CA52A63 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15.05.2013 12:42:53 | Computer Name = USER-D59CA52A63 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 15.05.2013 12:43:45 | Computer Name = USER-D59CA52A63 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
< End of report >
--- --- --- update: Ich habe im abgesicherten Modus Malawarebytes Anti-Malware und ADWCleaner laufen lassen und außerdem im Ordner C/: Dokumente und Einstellungen/all users/anwendungsdaten die Datei mit dem Namen E8E15F526DE3BF9E0000E8E07677C56C.exe mit 455KB entfernt. Nach dem Neustart ist nun "Systemcare antivirus" nicht mehr aufgepopt. Ich kann auch wieder in den Taskmanager(vorher blockiert). Möchte mich schon jetzt bei markusg in aller schärfster Form bedanken! Klasse! |
|
15.05.2013, 21:14
| #6 |
| /// Malware-holic | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.15 13:23:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Startmenü\Programme\System Care Antivirus
:files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E8E15F526DE3BF9E0000E8E07677C56C
:Commands
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ --> Systemcare antivirus "Antivirenprogramm! legt Notebook lahm |
|
20.05.2013, 08:27
| #7 |
| | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm Uff. Hi Markus. Ich bemühe mich alles korrekt nach deiner Info step by step zu machen. Also erstmal hier die OTL-Textbox ========== OTL ========== Folder C:\Dokumente und Einstellungen\user\Startmenü\Programme\System Care Antivirus\ not found. ========== FILES ========== File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E8E15F526DE3BF9E0000E8E07677C56C not found. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 05202013_091517 Der Upload hat offensichtlich funktioniert "Datei: MovedFiles.zip_1 empfangen Vorgang erfolgreich abgeschlossen." So nun aber zu einem von Kaspersky (online Scanner) als "schädliche Programme" eingestuften Problem: Ich habe im Ordner C:\System Volume Information\_restore{228D16BC-D0C5-4ACD-BC8D-B58DC13A4AE3}\RP842 offesichtlich das Multi.Generic Programm A0078420.exe Ist dies bedrohlich? Selbst im abgesicherten Modus wird mir der Zugriff zum Löschen verweigert. Was sollte ich tun? |
|
20.05.2013, 11:38
| #8 |
| /// Malware-holic | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm Hi wer hat was von nem kaspersky scan gesagt. mache das, was hier steht, nichts anderes, danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 12:05
| #9 |
| | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm ok. Danke Markus,was du geschrieben hast wird erledigt. (sorry wegen dem Kasperdings, wollte nicht deine Hilfe unterlaufen oder in Frage stellen, dachte nur das sei "hilfreich". Bin halt Vollamateur. -> So, deine Vorgehensweise hab ich so durch, hier der Report. 4 Objekte hat er ausgespuckt. 12:59:04.0811 1600 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 12:59:04.0982 1600 ============================================================ 12:59:04.0982 1600 Current date / time: 2013/05/20 12:59:04.0982 12:59:04.0982 1600 SystemInfo: 12:59:04.0982 1600 12:59:04.0982 1600 OS Version: 5.1.2600 ServicePack: 3.0 12:59:04.0982 1600 Product type: Workstation 12:59:04.0982 1600 ComputerName: USER-D59CA52A63 12:59:04.0982 1600 UserName: user 12:59:04.0982 1600 Windows directory: C:\WINDOWS 12:59:04.0982 1600 System windows directory: C:\WINDOWS 12:59:04.0982 1600 Processor architecture: Intel x86 12:59:04.0982 1600 Number of processors: 1 12:59:04.0982 1600 Page size: 0x1000 12:59:04.0982 1600 Boot type: Normal boot 12:59:04.0982 1600 ============================================================ 12:59:06.0889 1600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 12:59:06.0889 1600 ============================================================ 12:59:06.0889 1600 \Device\Harddisk0\DR0: 12:59:06.0889 1600 MBR partitions: 12:59:06.0889 1600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82 12:59:06.0889 1600 ============================================================ 12:59:06.0936 1600 C: <-> \Device\Harddisk0\DR0\Partition1 12:59:06.0936 1600 ============================================================ 12:59:06.0936 1600 Initialize success 12:59:06.0936 1600 ============================================================ 12:59:25.0107 3272 ============================================================ 12:59:25.0107 3272 Scan started 12:59:25.0107 3272 Mode: Manual; SigCheck; TDLFS; 12:59:25.0107 3272 ============================================================ 12:59:25.0654 3272 ================ Scan system memory ======================== 12:59:25.0654 3272 System memory - ok 12:59:25.0654 3272 ================ Scan services ============================= 12:59:25.0764 3272 Abiosdsk - ok 12:59:25.0779 3272 abp480n5 - ok 12:59:25.0842 3272 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:59:27.0201 3272 ACPI - ok 12:59:27.0248 3272 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 12:59:27.0436 3272 ACPIEC - ok 12:59:27.0436 3272 adpu160m - ok 12:59:27.0498 3272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 12:59:27.0607 3272 aec - ok 12:59:27.0670 3272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 12:59:27.0795 3272 AFD - ok 12:59:27.0795 3272 Aha154x - ok 12:59:27.0811 3272 aic78u2 - ok 12:59:27.0811 3272 aic78xx - ok 12:59:27.0857 3272 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 12:59:27.0982 3272 Alerter - ok 12:59:27.0998 3272 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 12:59:28.0092 3272 ALG - ok 12:59:28.0107 3272 AliIde - ok 12:59:28.0107 3272 amsint - ok 12:59:28.0264 3272 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 12:59:28.0279 3272 AntiVirSchedulerService - ok 12:59:28.0357 3272 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 12:59:28.0373 3272 AntiVirService - ok 12:59:28.0404 3272 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:59:28.0420 3272 Apple Mobile Device - ok 12:59:28.0482 3272 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 12:59:28.0592 3272 AppMgmt - ok 12:59:28.0701 3272 [ 864160F5F4FBDD97B6A686854BFEBD86 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 12:59:28.0857 3272 AR5416 - ok 12:59:28.0857 3272 asc - ok 12:59:28.0857 3272 asc3350p - ok 12:59:28.0857 3272 asc3550 - ok 12:59:29.0014 3272 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:59:29.0029 3272 aspnet_state - ok 12:59:29.0076 3272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:59:29.0201 3272 AsyncMac - ok 12:59:29.0248 3272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 12:59:29.0357 3272 atapi - ok 12:59:29.0357 3272 Atdisk - ok 12:59:29.0373 3272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:59:29.0482 3272 Atmarpc - ok 12:59:29.0545 3272 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 12:59:29.0686 3272 AudioSrv - ok 12:59:29.0748 3272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 12:59:29.0842 3272 audstub - ok 12:59:29.0889 3272 [ 81EAB933DFA6077D4C5379BA0C95D4D7 ] Autodata Limited License Service C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe 12:59:29.0904 3272 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - warning 12:59:29.0904 3272 Autodata Limited License Service - detected UnsignedFile.Multi.Generic (1) 12:59:29.0920 3272 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 12:59:29.0998 3272 avgntflt - ok 12:59:30.0014 3272 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 12:59:30.0045 3272 avipbb - ok 12:59:30.0061 3272 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 12:59:30.0076 3272 avkmgr - ok 12:59:30.0139 3272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 12:59:30.0248 3272 Beep - ok 12:59:30.0326 3272 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 12:59:30.0482 3272 BITS - ok 12:59:30.0576 3272 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 12:59:30.0607 3272 Bonjour Service - ok 12:59:30.0654 3272 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 12:59:30.0732 3272 Browser - ok 12:59:30.0779 3272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 12:59:30.0904 3272 cbidf2k - ok 12:59:30.0904 3272 cd20xrnt - ok 12:59:30.0936 3272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 12:59:31.0061 3272 Cdaudio - ok 12:59:31.0107 3272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 12:59:31.0201 3272 Cdfs - ok 12:59:31.0232 3272 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:59:31.0342 3272 Cdrom - ok 12:59:31.0342 3272 Changer - ok 12:59:31.0373 3272 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 12:59:31.0498 3272 CiSvc - ok 12:59:31.0529 3272 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 12:59:31.0654 3272 ClipSrv - ok 12:59:31.0748 3272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:59:31.0795 3272 clr_optimization_v2.0.50727_32 - ok 12:59:31.0842 3272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:59:31.0857 3272 clr_optimization_v4.0.30319_32 - ok 12:59:31.0920 3272 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 12:59:32.0029 3272 CmBatt - ok 12:59:32.0045 3272 CmdIde - ok 12:59:32.0123 3272 [ 61175C2375A19725FC1B7EA38F9F5BB2 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys 12:59:32.0545 3272 CnxtHdAudService - ok 12:59:32.0561 3272 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 12:59:32.0639 3272 Compbatt - ok 12:59:32.0654 3272 COMSysApp - ok 12:59:32.0654 3272 Cpqarray - ok 12:59:32.0670 3272 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 12:59:32.0764 3272 CryptSvc - ok 12:59:32.0779 3272 dac2w2k - ok 12:59:32.0779 3272 dac960nt - ok 12:59:32.0857 3272 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 12:59:32.0920 3272 DcomLaunch - ok 12:59:32.0920 3272 [ D3E4E082F6C67313C3BD213219CEE123 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys 12:59:32.0967 3272 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 12:59:32.0967 3272 DgiVecp - detected UnsignedFile.Multi.Generic (1) 12:59:33.0014 3272 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 12:59:33.0107 3272 Dhcp - ok 12:59:33.0123 3272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 12:59:33.0232 3272 Disk - ok 12:59:33.0232 3272 dmadmin - ok 12:59:33.0295 3272 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 12:59:33.0482 3272 dmboot - ok 12:59:33.0514 3272 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 12:59:33.0623 3272 dmio - ok 12:59:33.0639 3272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 12:59:33.0748 3272 dmload - ok 12:59:33.0795 3272 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 12:59:33.0889 3272 dmserver - ok 12:59:33.0936 3272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 12:59:34.0045 3272 DMusic - ok 12:59:34.0092 3272 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 12:59:34.0154 3272 Dnscache - ok 12:59:34.0232 3272 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 12:59:34.0342 3272 Dot3svc - ok 12:59:34.0357 3272 dpti2o - ok 12:59:34.0373 3272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 12:59:34.0467 3272 drmkaud - ok 12:59:34.0514 3272 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 12:59:34.0607 3272 EapHost - ok 12:59:34.0654 3272 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 12:59:34.0670 3272 ElbyCDFL - ok 12:59:34.0686 3272 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 12:59:34.0701 3272 ElbyCDIO - ok 12:59:34.0717 3272 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 12:59:34.0826 3272 ERSvc - ok 12:59:34.0889 3272 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 12:59:34.0904 3272 Eventlog - ok 12:59:34.0982 3272 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 12:59:35.0014 3272 EventSystem - ok 12:59:35.0061 3272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 12:59:35.0139 3272 Fastfat - ok 12:59:35.0201 3272 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 12:59:35.0264 3272 FastUserSwitchingCompatibility - ok 12:59:35.0279 3272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 12:59:35.0373 3272 Fdc - ok 12:59:35.0404 3272 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 12:59:35.0498 3272 Fips - ok 12:59:35.0514 3272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 12:59:35.0592 3272 Flpydisk - ok 12:59:35.0654 3272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 12:59:35.0748 3272 FltMgr - ok 12:59:35.0811 3272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 12:59:35.0842 3272 FontCache3.0.0.0 - ok 12:59:35.0842 3272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:59:35.0982 3272 Fs_Rec - ok 12:59:35.0998 3272 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:59:36.0092 3272 Ftdisk - ok 12:59:36.0139 3272 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12:59:36.0154 3272 GEARAspiWDM - ok 12:59:36.0186 3272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:59:36.0295 3272 Gpc - ok 12:59:36.0373 3272 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys 12:59:36.0545 3272 Hardlock - ok 12:59:36.0592 3272 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:59:36.0670 3272 HDAudBus - ok 12:59:36.0764 3272 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 12:59:36.0842 3272 helpsvc - ok 12:59:36.0904 3272 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 12:59:36.0998 3272 HidServ - ok 12:59:37.0029 3272 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:59:37.0154 3272 hidusb - ok 12:59:37.0201 3272 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 12:59:37.0279 3272 hkmsvc - ok 12:59:37.0279 3272 hpn - ok 12:59:37.0357 3272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 12:59:37.0404 3272 HTTP - ok 12:59:37.0451 3272 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 12:59:37.0545 3272 HTTPFilter - ok 12:59:37.0545 3272 i2omgmt - ok 12:59:37.0545 3272 i2omp - ok 12:59:37.0607 3272 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:59:37.0748 3272 i8042prt - ok 12:59:38.0014 3272 [ F339B2E3A3F63CC14077D614A56A967B ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 12:59:38.0498 3272 ialm - ok 12:59:38.0607 3272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:59:38.0717 3272 idsvc - ok 12:59:38.0764 3272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 12:59:38.0904 3272 Imapi - ok 12:59:38.0951 3272 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 12:59:39.0045 3272 ImapiService - ok 12:59:39.0061 3272 ini910u - ok 12:59:39.0061 3272 IntelIde - ok 12:59:39.0123 3272 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:59:39.0217 3272 intelppm - ok 12:59:39.0248 3272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 12:59:39.0357 3272 Ip6Fw - ok 12:59:39.0404 3272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:59:39.0482 3272 IpFilterDriver - ok 12:59:39.0498 3272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:59:39.0607 3272 IpInIp - ok 12:59:39.0623 3272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:59:39.0717 3272 IpNat - ok 12:59:39.0795 3272 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Programme\iPod\bin\iPodService.exe 12:59:39.0811 3272 iPod Service - ok 12:59:39.0889 3272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:59:39.0967 3272 IPSec - ok 12:59:39.0998 3272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 12:59:40.0107 3272 IRENUM - ok 12:59:40.0170 3272 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:59:40.0248 3272 isapnp - ok 12:59:40.0451 3272 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 12:59:40.0467 3272 JavaQuickStarterService - ok 12:59:40.0482 3272 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:59:40.0592 3272 Kbdclass - ok 12:59:40.0654 3272 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:59:40.0732 3272 kbdhid - ok 12:59:40.0764 3272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 12:59:40.0857 3272 kmixer - ok 12:59:40.0889 3272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 12:59:40.0967 3272 KSecDD - ok 12:59:41.0186 3272 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe 12:59:41.0186 3272 KSS - ok 12:59:41.0232 3272 [ 140F9B777FA84E2F5EEEA5CADC112E53 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 12:59:41.0295 3272 L1c - ok 12:59:41.0326 3272 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 12:59:41.0357 3272 lanmanserver - ok 12:59:41.0420 3272 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 12:59:41.0467 3272 lanmanworkstation - ok 12:59:41.0482 3272 lbrtfdc - ok 12:59:41.0529 3272 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 12:59:41.0607 3272 LmHosts - ok 12:59:41.0670 3272 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 12:59:41.0686 3272 MBAMProtector - ok 12:59:41.0764 3272 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe 12:59:41.0779 3272 MBAMScheduler - ok 12:59:41.0842 3272 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 12:59:41.0873 3272 MBAMService - ok 12:59:41.0982 3272 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys 12:59:41.0998 3272 MBAMSwissArmy - ok 12:59:42.0076 3272 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE 12:59:42.0092 3272 MDM - ok 12:59:42.0123 3272 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 12:59:42.0217 3272 Messenger - ok 12:59:42.0264 3272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 12:59:42.0373 3272 mnmdd - ok 12:59:42.0389 3272 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 12:59:42.0498 3272 mnmsrvc - ok 12:59:42.0514 3272 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 12:59:42.0623 3272 Modem - ok 12:59:42.0639 3272 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:59:42.0748 3272 Mouclass - ok 12:59:42.0795 3272 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:59:42.0889 3272 mouhid - ok 12:59:42.0904 3272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 12:59:43.0014 3272 MountMgr - ok 12:59:43.0092 3272 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 12:59:43.0107 3272 MozillaMaintenance - ok 12:59:43.0107 3272 mraid35x - ok 12:59:43.0170 3272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:59:43.0248 3272 MRxDAV - ok 12:59:43.0326 3272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:59:43.0389 3272 MRxSmb - ok 12:59:43.0451 3272 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 12:59:43.0561 3272 MSDTC - ok 12:59:43.0561 3272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 12:59:43.0670 3272 Msfs - ok 12:59:43.0670 3272 MSIServer - ok 12:59:43.0717 3272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:59:43.0826 3272 MSKSSRV - ok 12:59:43.0873 3272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:59:43.0951 3272 MSPCLOCK - ok 12:59:43.0967 3272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 12:59:44.0076 3272 MSPQM - ok 12:59:44.0123 3272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:59:44.0201 3272 mssmbios - ok 12:59:44.0217 3272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 12:59:44.0264 3272 Mup - ok 12:59:44.0311 3272 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 12:59:44.0420 3272 napagent - ok 12:59:44.0467 3272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 12:59:44.0561 3272 NDIS - ok 12:59:44.0592 3272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:59:44.0654 3272 NdisTapi - ok 12:59:44.0717 3272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:59:44.0842 3272 Ndisuio - ok 12:59:44.0857 3272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:59:44.0951 3272 NdisWan - ok 12:59:44.0998 3272 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 12:59:45.0061 3272 NDProxy - ok 12:59:45.0107 3272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 12:59:45.0186 3272 NetBIOS - ok 12:59:45.0201 3272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 12:59:45.0357 3272 NetBT - ok 12:59:45.0389 3272 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 12:59:45.0498 3272 NetDDE - ok 12:59:45.0498 3272 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 12:59:45.0592 3272 NetDDEdsdm - ok 12:59:45.0623 3272 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 12:59:45.0701 3272 Netlogon - ok 12:59:45.0732 3272 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 12:59:45.0811 3272 Netman - ok 12:59:45.0889 3272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:59:45.0920 3272 NetTcpPortSharing - ok 12:59:45.0967 3272 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 12:59:45.0998 3272 Nla - ok 12:59:45.0998 3272 nosGetPlusHelper - ok 12:59:46.0045 3272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 12:59:46.0123 3272 Npfs - ok 12:59:46.0186 3272 [ F8E396F5E703D7A8F37D90F59C776268 ] NSHE C:\WINDOWS\system32\Drivers\NSHE.SYS 12:59:46.0264 3272 NSHE ( UnsignedFile.Multi.Generic ) - warning 12:59:46.0264 3272 NSHE - detected UnsignedFile.Multi.Generic (1) 12:59:46.0279 3272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 12:59:46.0373 3272 Ntfs - ok 12:59:46.0404 3272 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 12:59:46.0482 3272 NtLmSsp - ok 12:59:46.0498 3272 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 12:59:46.0639 3272 NtmsSvc - ok 12:59:46.0670 3272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 12:59:46.0779 3272 Null - ok 12:59:46.0826 3272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:59:46.0936 3272 NwlnkFlt - ok 12:59:46.0967 3272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:59:47.0076 3272 NwlnkFwd - ok 12:59:47.0139 3272 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 12:59:47.0186 3272 ose - ok 12:59:47.0217 3272 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 12:59:47.0342 3272 Parport - ok 12:59:47.0373 3272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 12:59:47.0451 3272 PartMgr - ok 12:59:47.0482 3272 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 12:59:47.0607 3272 ParVdm - ok 12:59:47.0639 3272 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 12:59:47.0732 3272 PCI - ok 12:59:47.0748 3272 PCIDump - ok 12:59:47.0748 3272 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 12:59:47.0842 3272 PCIIde - ok 12:59:47.0873 3272 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 12:59:47.0967 3272 Pcmcia - ok 12:59:47.0967 3272 PDCOMP - ok 12:59:47.0967 3272 PDFRAME - ok 12:59:47.0982 3272 PDRELI - ok 12:59:47.0982 3272 PDRFRAME - ok 12:59:47.0982 3272 perc2 - ok 12:59:47.0998 3272 perc2hib - ok 12:59:48.0029 3272 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 12:59:48.0045 3272 PlugPlay - ok 12:59:48.0045 3272 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 12:59:48.0139 3272 PolicyAgent - ok 12:59:48.0186 3272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:59:48.0326 3272 PptpMiniport - ok 12:59:48.0326 3272 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 12:59:48.0404 3272 ProtectedStorage - ok 12:59:48.0420 3272 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 12:59:48.0514 3272 PSched - ok 12:59:48.0545 3272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:59:48.0654 3272 Ptilink - ok 12:59:48.0670 3272 ql1080 - ok 12:59:48.0670 3272 Ql10wnt - ok 12:59:48.0670 3272 ql12160 - ok 12:59:48.0686 3272 ql1240 - ok 12:59:48.0686 3272 ql1280 - ok 12:59:48.0701 3272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:59:48.0811 3272 RasAcd - ok 12:59:48.0857 3272 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 12:59:48.0967 3272 RasAuto - ok 12:59:48.0982 3272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:59:49.0139 3272 Rasl2tp - ok 12:59:49.0248 3272 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 12:59:49.0357 3272 RasMan - ok 12:59:49.0420 3272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:59:49.0498 3272 RasPppoe - ok 12:59:49.0498 3272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 12:59:49.0607 3272 Raspti - ok 12:59:49.0686 3272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:59:49.0795 3272 Rdbss - ok 12:59:49.0826 3272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:59:49.0951 3272 RDPCDD - ok 12:59:50.0014 3272 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:59:50.0123 3272 rdpdr - ok 12:59:50.0264 3272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 12:59:50.0467 3272 RDPWD - ok 12:59:50.0639 3272 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 12:59:50.0732 3272 RDSessMgr - ok 12:59:50.0811 3272 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 12:59:50.0920 3272 redbook - ok 12:59:50.0982 3272 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 12:59:51.0123 3272 RemoteAccess - ok 12:59:51.0201 3272 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 12:59:51.0311 3272 RemoteRegistry - ok 12:59:51.0357 3272 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 12:59:51.0451 3272 RpcLocator - ok 12:59:51.0686 3272 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 12:59:51.0842 3272 RpcSs - ok 12:59:52.0014 3272 [ 2AB66B8CCD92D4D8E33C98FEA874325B ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys 12:59:52.0154 3272 RSUSBSTOR - ok 12:59:52.0279 3272 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 12:59:52.0436 3272 RSVP - ok 12:59:52.0561 3272 [ 20538E147B590409B1949215A5F91BD1 ] RT-USB C:\WINDOWS\system32\drivers\RT-USB.SYS 12:59:52.0576 3272 RT-USB - ok 12:59:52.0576 3272 RtsUIR - ok 12:59:52.0623 3272 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 12:59:52.0701 3272 SamSs - ok 12:59:52.0811 3272 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 12:59:52.0951 3272 SCardSvr - ok 12:59:53.0076 3272 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 12:59:53.0201 3272 Schedule - ok 12:59:53.0279 3272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:59:53.0357 3272 Secdrv - ok 12:59:53.0404 3272 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 12:59:53.0529 3272 seclogon - ok 12:59:53.0561 3272 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 12:59:53.0654 3272 SENS - ok 12:59:53.0701 3272 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 12:59:53.0842 3272 Serial - ok 12:59:53.0951 3272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 12:59:54.0076 3272 Sfloppy - ok 12:59:54.0295 3272 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 12:59:54.0467 3272 SharedAccess - ok 12:59:54.0514 3272 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 12:59:54.0545 3272 ShellHWDetection - ok 12:59:54.0545 3272 Simbad - ok 12:59:54.0561 3272 Sparrow - ok 12:59:54.0607 3272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 12:59:54.0701 3272 splitter - ok 12:59:54.0748 3272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 12:59:54.0779 3272 Spooler - ok 12:59:54.0795 3272 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 12:59:54.0889 3272 sr - ok 12:59:54.0936 3272 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 12:59:55.0014 3272 srservice - ok 12:59:55.0076 3272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 12:59:55.0107 3272 Srv - ok 12:59:55.0170 3272 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 12:59:55.0248 3272 SSDPSRV - ok 12:59:55.0311 3272 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 12:59:55.0342 3272 ssmdrv - ok 12:59:55.0342 3272 SSPORT - ok 12:59:55.0373 3272 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 12:59:55.0404 3272 StarOpen ( UnsignedFile.Multi.Generic ) - warning 12:59:55.0404 3272 StarOpen - detected UnsignedFile.Multi.Generic (1) 12:59:55.0436 3272 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 12:59:55.0545 3272 stisvc - ok 12:59:55.0592 3272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 12:59:55.0717 3272 swenum - ok 12:59:55.0748 3272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 12:59:55.0842 3272 swmidi - ok 12:59:55.0842 3272 SwPrv - ok 12:59:55.0857 3272 symc810 - ok 12:59:55.0857 3272 symc8xx - ok 12:59:55.0857 3272 sym_hi - ok 12:59:55.0873 3272 sym_u3 - ok 12:59:55.0920 3272 [ 60CD166AE4261920B4008A1A114AE97C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 12:59:55.0967 3272 SynTP - ok 12:59:55.0998 3272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 12:59:56.0123 3272 sysaudio - ok 12:59:56.0154 3272 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 12:59:56.0264 3272 SysmonLog - ok 12:59:56.0326 3272 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 12:59:56.0420 3272 TapiSrv - ok 12:59:56.0482 3272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:59:56.0514 3272 Tcpip - ok 12:59:56.0561 3272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 12:59:56.0639 3272 TDPIPE - ok 12:59:56.0670 3272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 12:59:56.0779 3272 TDTCP - ok 12:59:56.0826 3272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 12:59:56.0951 3272 TermDD - ok 12:59:56.0982 3272 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 12:59:57.0061 3272 TermService - ok 12:59:57.0092 3272 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 12:59:57.0092 3272 Themes - ok 12:59:57.0154 3272 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 12:59:57.0279 3272 TlntSvr - ok 12:59:57.0279 3272 TosIde - ok 12:59:57.0342 3272 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 12:59:57.0420 3272 TrkWks - ok 12:59:57.0451 3272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 12:59:57.0545 3272 Udfs - ok 12:59:57.0561 3272 ultra - ok 12:59:57.0623 3272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 12:59:57.0717 3272 Update - ok 12:59:57.0748 3272 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 12:59:57.0857 3272 upnphost - ok 12:59:57.0857 3272 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 12:59:57.0967 3272 UPS - ok 12:59:57.0998 3272 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 12:59:58.0076 3272 USBAAPL - ok 12:59:58.0107 3272 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:59:58.0217 3272 usbccgp - ok 12:59:58.0217 3272 USBCCID - ok 12:59:58.0279 3272 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:59:58.0404 3272 usbehci - ok 12:59:58.0436 3272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:59:58.0529 3272 usbhub - ok 12:59:58.0592 3272 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:59:58.0670 3272 usbscan - ok 12:59:58.0717 3272 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:59:58.0826 3272 USBSTOR - ok 12:59:58.0873 3272 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:59:58.0967 3272 usbuhci - ok 12:59:59.0014 3272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 12:59:59.0107 3272 VgaSave - ok 12:59:59.0123 3272 ViaIde - ok 12:59:59.0186 3272 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 12:59:59.0264 3272 VolSnap - ok 12:59:59.0342 3272 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 12:59:59.0436 3272 VSS - ok 12:59:59.0498 3272 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 12:59:59.0592 3272 W32Time - ok 12:59:59.0623 3272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:59:59.0764 3272 Wanarp - ok 12:59:59.0842 3272 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 12:59:59.0873 3272 Wdf01000 - ok 12:59:59.0873 3272 WDICA - ok 12:59:59.0904 3272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 12:59:59.0998 3272 wdmaud - ok 13:00:00.0061 3272 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 13:00:00.0139 3272 WebClient - ok 13:00:00.0264 3272 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 13:00:00.0342 3272 winmgmt - ok 13:00:00.0389 3272 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 13:00:00.0498 3272 WmdmPmSN - ok 13:00:00.0561 3272 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 13:00:00.0592 3272 Wmi - ok 13:00:00.0607 3272 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 13:00:00.0686 3272 WmiAcpi - ok 13:00:00.0748 3272 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 13:00:00.0842 3272 WmiApSrv - ok 13:00:00.0951 3272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:00:01.0014 3272 WPFFontCache_v0400 - ok 13:00:01.0092 3272 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 13:00:01.0186 3272 wscsvc - ok 13:00:01.0248 3272 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 13:00:01.0342 3272 wuauserv - ok 13:00:01.0389 3272 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 13:00:01.0482 3272 WZCSVC - ok 13:00:01.0514 3272 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 13:00:01.0639 3272 xmlprov - ok 13:00:01.0717 3272 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe 13:00:01.0748 3272 YahooAUService - ok 13:00:01.0748 3272 ================ Scan global =============================== 13:00:01.0811 3272 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 13:00:01.0873 3272 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 13:00:01.0889 3272 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 13:00:01.0904 3272 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 13:00:01.0904 3272 [Global] - ok 13:00:01.0904 3272 ================ Scan MBR ================================== 13:00:01.0936 3272 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 13:00:02.0279 3272 \Device\Harddisk0\DR0 - ok 13:00:02.0279 3272 ================ Scan VBR ================================== 13:00:02.0279 3272 [ CC840F544F2FF2A4D7900B68EBE56766 ] \Device\Harddisk0\DR0\Partition1 13:00:02.0279 3272 \Device\Harddisk0\DR0\Partition1 - ok 13:00:02.0279 3272 ============================================================ 13:00:02.0279 3272 Scan finished 13:00:02.0279 3272 ============================================================ 13:00:02.0389 3792 Detected object count: 4 13:00:02.0389 3792 Actual detected object count: 4 13:00:18.0779 3792 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:00:18.0779 3792 Autodata Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:00:18.0779 3792 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 13:00:18.0779 3792 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:00:18.0779 3792 NSHE ( UnsignedFile.Multi.Generic ) - skipped by user 13:00:18.0779 3792 NSHE ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:00:18.0779 3792 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 13:00:18.0779 3792 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
20.05.2013, 12:20
| #10 |
| /// Malware-holic | Systemcare antivirus "Antivirenprogramm! legt Notebook lahm Hi, fo tr Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
WARNUNG an die MITLESER: 
Linear-Darstellung
