![]() |
|
Log-Analyse und Auswertung: Netbook ist mit IHAVENET infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Netbook ist mit IHAVENET infiziert Hallo Leute, ist ja sehr toll das ihr hier "ehrenamtlich" eure Hilfe anbietet ![]() Ich habe das Problem das ich das Notebook eines Freundes vom IHAVENET bereinigen soll. Ihavenet leitet zb. beim Klick auf Google- Einträge auf eine andere Adresse um. Nach der Infektion wurde auf dem Computer noch " Malwarebytes Anti-Malware " installiert. Dieses Programm habe ich jedoch vor den Scans immer beendet. Es war auch Avira installiert, dies habe ich vor den Scans deinstalliert. Auf dem Computer war eine Virtuelles Laufwerk von Clonecd installiert, das habe ich vor den Scans deinstalliert. Ich habe versucht so gut es geht nach der Anleitung für Hilfesuchende vorzugehen. Ich habe den Username in den Logs nicht editiert da es ok ist wenn ihn jeder ließt. Hoffe das ist ok, oder trotzdem verboten? Hier nun die Logfiles, ich hoffe damit kann man was anfangen!? Vielen Dank schonmal für die Hilfe! Inhalt otl.txt: Code:
ATTFilter OTL logfile created on: 08.06.2013 04:39:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop\virus Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 64,86% Memory free 3,46 Gb Paging File | 2,77 Gb Available in Paging File | 80,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,79 Gb Total Space | 165,73 Gb Free Space | 75,75% Space Free | Partition Type: NTFS Drive D: | 496,72 Mb Total Space | 496,35 Mb Free Space | 99,93% Space Free | Partition Type: FAT Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.08 03:53:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\virus\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.07.04 13:37:58 | 000,081,920 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\VSGate.exe PRC - [2011.07.04 13:35:22 | 000,240,640 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe PRC - [2011.07.04 13:32:18 | 000,335,360 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe PRC - [2011.07.04 13:30:24 | 000,373,248 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrSaz.exe PRC - [2011.07.04 13:28:22 | 001,321,984 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe PRC - [2011.07.04 13:25:16 | 000,477,696 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe PRC - [2011.07.04 13:23:56 | 000,392,704 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe PRC - [2011.05.25 00:03:56 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.05.25 00:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.17 08:17:54 | 000,190,592 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\CxAudMsg32.exe PRC - [2010.11.25 21:28:50 | 000,486,560 | ---- | M] (Atheros Communications) -- C:\Programme\Bluetooth Suite\BtvStack.exe PRC - [2010.11.25 21:28:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AthBtTray.exe PRC - [2010.11.25 21:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (No Company Name) ========== MOD - [2013.05.30 16:08:36 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll MOD - [2013.05.30 16:08:34 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll MOD - [2013.05.30 16:08:32 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll MOD - [2013.05.30 16:08:30 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll MOD - [2013.05.30 16:08:26 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll MOD - [2013.05.30 16:08:24 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll MOD - [2013.05.30 16:08:21 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll MOD - [2013.05.30 16:08:19 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll MOD - [2013.05.30 16:08:15 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll MOD - [2013.05.30 16:08:10 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll MOD - [2013.05.30 16:08:00 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll MOD - [2013.05.30 16:07:58 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll MOD - [2013.05.30 16:07:53 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll MOD - [2013.05.30 16:07:50 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll MOD - [2013.05.30 16:07:49 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll MOD - [2013.05.30 16:07:45 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll MOD - [2013.05.30 16:07:44 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll MOD - [2013.05.30 16:07:41 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll MOD - [2013.05.30 16:07:40 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll MOD - [2013.05.30 16:07:34 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.30 16:07:32 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.30 16:07:30 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.30 16:07:29 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.30 16:07:26 | 001,204,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f564ae0bcec147d5902965cf0f4367d1\Kies.Common.DeviceService.ni.dll MOD - [2013.05.30 16:07:20 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll MOD - [2013.05.30 16:07:15 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.30 16:07:11 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll MOD - [2013.05.30 16:06:49 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.30 16:06:48 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.30 16:06:42 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.30 16:06:41 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll MOD - [2013.05.30 16:06:30 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.30 16:06:29 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.30 16:06:09 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\8f217eeaa66560ba63ae69c4be00ff95\DeviceHost.ni.dll MOD - [2013.05.30 14:59:57 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll MOD - [2013.05.30 14:59:53 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll MOD - [2013.05.30 14:59:49 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll MOD - [2013.05.30 14:59:47 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll MOD - [2013.05.30 14:59:32 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll MOD - [2013.05.30 14:59:20 | 002,176,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\12c6291066c5db8821df6c56c8254037\Kies.ni.exe MOD - [2013.05.17 01:12:31 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.16 02:53:16 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.16 02:52:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.16 02:52:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.16 02:52:13 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.16 02:52:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.02.13 21:56:23 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.09 19:20:44 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll MOD - [2013.01.09 19:20:00 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.01.09 19:19:59 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.01.09 19:19:58 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.01.09 19:19:03 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.09 19:18:57 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.09 19:16:35 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 19:15:54 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 18:54:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 18:53:38 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 18:52:59 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2013.05.24 12:37:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.14 23:12:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2011.07.04 13:37:58 | 000,081,920 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\VSGate.exe -- (VSGate) SRV - [2011.07.04 13:35:22 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm) SRV - [2011.07.04 13:32:18 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis) SRV - [2011.07.04 13:30:24 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz) SRV - [2011.07.04 13:28:22 | 001,321,984 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf) SRV - [2011.07.04 13:25:16 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS) SRV - [2011.07.04 13:23:56 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba) SRV - [2011.05.25 00:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.12.17 08:17:54 | 000,190,592 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\System32\CxAudMsg32.exe -- (CxAudMsg) SRV - [2010.11.25 21:28:42 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2011.10.19 14:01:06 | 000,061,744 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ai-usb.sys -- (FTDIBUS) DRV - [2011.05.25 01:25:50 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.05.24 23:25:22 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.04.21 21:14:40 | 002,171,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011.03.30 15:46:38 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.03.17 16:11:40 | 001,284,224 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2011.01.25 12:47:44 | 000,068,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.12.01 17:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.11.29 05:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010.11.25 21:29:00 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2010.11.25 21:28:58 | 000,258,720 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2010.11.25 21:28:58 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2010.11.25 21:28:58 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2010.11.25 21:28:58 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2010.11.25 21:28:58 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.16 18:01:30 | 000,059,464 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT-USB.SYS -- (RT-USB) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008.11.23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE) DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\thdudf.sys -- (thdudf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/german?a=1eynX8MsEWa IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 8C C0 2D CE D3 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.18 20:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2013.06.04 23:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\tbs52j6a.default\extensions [2013.05.30 08:47:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\tbs52j6a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.06.04 22:06:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\tbs52j6a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 12:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.24 12:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.05.24 12:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.24 12:37:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.05.24 12:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.24 12:37:32 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\Ross-Tech\VCDS-DRV\VCDS.exe (Ross-Tech, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CBA6B9-27BF-477F-A026-15BA60A5734D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66E9278-7A07-420D-9661-255CADC1320F}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.08 03:55:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\virus [2013.06.07 17:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.06.05 14:02:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2013.06.05 02:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.04 23:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.06.04 23:14:57 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.04 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2013.06.04 21:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.04 21:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.04 21:53:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.04 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.04 03:45:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Anti-Malware [2013.06.04 03:45:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Programs [2013.05.30 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.30 13:09:04 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.05.30 13:09:04 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2013.05.24 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.06.08 04:44:16 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 04:44:16 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 04:37:49 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.06.08 04:37:07 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Rbub.job [2013.06.08 04:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.08 04:36:53 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys [2013.06.08 03:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2013.06.08 03:56:00 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.08 03:56:00 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.08 03:56:00 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.08 03:56:00 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.08 03:53:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.07 17:44:52 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.06.07 17:44:52 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.06.05 03:13:44 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini [2013.06.04 21:53:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 16:34:24 | 000,172,032 | RHS- | M] () -- C:\Windows\System32\userenvv.dll [2013.05.30 13:10:45 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.05.16 22:53:22 | 000,268,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.08 03:59:28 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2013.06.07 17:44:52 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.06.07 17:44:52 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.06.05 03:13:28 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini [2013.06.04 21:53:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 16:34:24 | 000,172,032 | RHS- | C] () -- C:\Windows\System32\userenvv.dll [2013.06.03 16:34:24 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Rbub.job [2013.05.30 13:10:45 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.03.12 00:08:25 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.03.12 00:08:25 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012.04.03 23:58:54 | 000,000,060 | ---- | C] () -- C:\Windows\ETKINST.INI [2012.01.16 21:16:59 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.16 00:43:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe [2012.01.16 00:43:56 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2012.01.16 00:43:56 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2012.01.15 22:37:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.01.15 22:36:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.01.15 19:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.15 18:52:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012.01.15 18:52:45 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.01.15 18:27:45 | 000,030,895 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2012.01.17 11:03:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3986196179-2135364849-1605121122-1000\$RPJ836A\hs2\N [2012.01.17 14:38:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3986196179-2135364849-1605121122-1000\$RPJ836A\www\N [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.10 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft [2013.04.05 21:09:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVSE GmbH [2012.07.12 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\IrfanView [2013.03.11 23:56:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C68DE4A3 < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.06.2013 04:39:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop\virus Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 64,86% Memory free 3,46 Gb Paging File | 2,77 Gb Available in Paging File | 80,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,79 Gb Total Space | 165,73 Gb Free Space | 75,75% Space Free | Partition Type: NTFS Drive D: | 496,72 Mb Total Space | 496,35 Mb Free Space | 99,93% Space Free | Partition Type: FAT Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{057D486E-D7ED-4BD1-B728-1B3D8138A863}" = rport=10243 | protocol=6 | dir=out | app=system | "{0775341C-0AB3-43CA-92BA-61EC9C2B4F21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0A3EB29D-FD57-43F0-AEA5-CC58B8D883DC}" = rport=445 | protocol=6 | dir=out | app=system | "{0F1541D4-EB7F-4EB9-A80F-CED3CA03EFF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{207B280D-1AAF-4E07-ACD4-545FEDFC47B1}" = lport=10243 | protocol=6 | dir=in | app=system | "{2943E932-CA9C-4307-A24A-A71E258FDBD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{305B3718-5267-4FCC-BF0B-FEE17BC392DA}" = rport=138 | protocol=17 | dir=out | app=system | "{306D14E1-7D63-461C-B150-4DED95E07ED2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33A27432-7DCD-4663-B9C5-9F18EF785071}" = lport=138 | protocol=17 | dir=in | app=system | "{4283F507-B800-46DE-9223-FE80765AB9E8}" = lport=137 | protocol=17 | dir=in | app=system | "{45E12DAE-DBB0-4952-990A-A85FF89CE3C3}" = lport=445 | protocol=6 | dir=in | app=system | "{4AD58A8D-FEA6-46CD-8C3E-924E603448FA}" = rport=139 | protocol=6 | dir=out | app=system | "{53F6114A-5BA1-45B6-AF2E-E51CF709E2D7}" = lport=139 | protocol=6 | dir=in | app=system | "{887AE358-921E-4493-866D-87D9DFBAD9FB}" = lport=2869 | protocol=6 | dir=in | app=system | "{8A0A7019-BB76-4E02-8396-7CFE5188265A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9531CA4C-BD9A-48BE-A4AD-386B19B14A78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{99BE4CB9-63AB-457F-A666-51767EE61856}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9B2A27EF-E9D2-4E6A-835E-C95D7D2A03C2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{A375A9BA-BCD6-4A14-B025-4316A5F265C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BA422052-0F7D-4F47-9915-2D33E4634728}" = rport=137 | protocol=17 | dir=out | app=system | "{C15DBC97-3DE7-405B-B3D5-4C5B9538BDB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C585D4CF-A874-4726-AFF5-C10F2D04E2BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EA4FBECD-760A-44E0-87A3-A1DA37582474}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E123EFE-C32E-4864-B120-6A5DBFBE96E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{152D9115-55C0-4B0B-8F18-A02E563DACDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{158219A0-C0DA-4329-AFEC-269F5749B53F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{16A8578A-4C68-460F-B366-A3FFB1D099D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1ACF7CFA-445B-42AB-A929-F4E9CC164CCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{330BA3F6-0231-405D-9692-E079507DB2CF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | "{37B0E303-3777-45FB-BC04-345757B87705}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{38ECE08B-40DC-47C4-BC78-66A6B38D329F}" = protocol=6 | dir=out | app=system | "{46E80CF7-EDF2-4D07-AF4D-7BF5ACF3B377}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{88D3BEB8-9C0C-4A91-8A3B-1F2164F67CAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9557849A-047C-48DB-959C-D1450FDECECF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{A6A81DAE-D463-4162-861A-8C3CB1F102FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A6AAF8DC-D1EE-4ABA-9DD9-EF50081597E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC6892EB-A6C3-4657-91CC-8924558B3C86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B05CA6E8-B5C9-4F93-A5DF-C93F5064659A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C7EED29D-750A-44E5-86B8-353061B4568F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C96F323B-971E-49B3-BBB2-FFF510E58EBF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{CE5D49D6-E771-400B-A1FC-485867529E00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E08ABABD-E32E-468D-943C-91B30F4F488D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | "{E8C50F60-AF66-4966-804D-470A4493D33C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{F99C4B3D-D3ED-4784-B58D-A69680DEE0F5}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "UDP Query User{49821714-F4BD-4992-A5D4-99F593A350D3}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{11C8528F-630F-1BDF-5208-0E1E665EAEC7}" = Catalyst Control Center InstallProxy "{122B1825-3F1E-F7AA-157C-033A5286339B}" = Catalyst Control Center Localization All "{1398F892-730D-C334-E7F1-5584F73F3D9F}" = CCC Help Hungarian "{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2312197F-544A-0DE9-7E78-2D7BD9C755DE}" = CCC Help Chinese Traditional "{24B8FFCE-EECA-FF6B-5958-AC3913C5DC7D}" = ATI Catalyst Install Manager "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{386AEEC9-0994-0491-E3A8-ECCEB98B693C}" = CCC Help Czech "{3A961DEF-D492-D159-05E7-AFEBD23B1443}" = CCC Help Thai "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{4686B678-6E39-CBB0-D2AD-753768D9482C}" = Catalyst Control Center Graphics Previews Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FEB120F-8FAE-C079-F90E-69DDDFE5F24A}" = CCC Help Portuguese "{52167B0C-FB5D-43E7-BEC5-24EE6BEE2BA0}" = DVSE Updater "{5327C3B7-A2BD-DFF9-9AAA-6B25C205A11B}" = CCC Help Finnish "{56757C8E-7CD5-70F7-7F70-DED7C0290F17}" = CCC Help Russian "{62056544-7C76-36A4-72A2-EE64F1C659E6}" = CCC Help French "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{7893F1F4-1A7A-7761-A15B-16248A91F14A}" = CCC Help Polish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.5.1 "{8356465E-39A3-B863-E66D-79BC03B37879}" = CCC Help Swedish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85905B8F-7C26-A6E2-6FE4-AA891ADF474A}" = CCC Help Danish "{87CEDA87-B520-0F6C-0435-186697E523AB}" = ccc-utility "{89EA0D8A-5115-CB48-4B5A-91F8A2A07CB4}" = CCC Help English "{8A2BDD89-D2A9-70F1-0F9F-5511B4035F4E}" = CCC Help Italian "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{987FD645-B12E-BCE0-723F-D99EAB70EE0B}" = AMD VISION Engine Control Center "{9D67169F-A1FD-18D3-C503-69E0B6E7BD09}" = CCC Help Spanish "{A54C3171-046D-9C8F-EEBA-D78A5927156A}" = CCC Help Korean "{AA1958B6-C964-BAE1-259C-DB4239BCEEFC}" = CCC Help German "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B51B7CE6-1BFF-1E08-FAE3-75AD36B9A399}" = CCC Help Japanese "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0B83E1B-9DDD-B169-BFA9-DF46CAB9D528}" = CCC Help Chinese Standard "{D20EB399-E879-EB25-F5B2-1CBCBE8B27AB}" = CCC Help Turkish "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe "{EA188C57-85BA-0AB4-D11B-2892B79EDF4D}" = CCC Help Dutch "{EDCF6C26-F42B-EEE7-C42F-C5DD7509C1EA}" = CCC Help Norwegian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2207310-FE8E-CB9D-C44C-3042F966CDAD}" = CCC Help Greek "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) "88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) "CB1867DF5BC3B742EB67B8BEA95EB3EBBF693D95" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/18/2011 2.08.14) "CNXT_AUDIO_HDA" = Conexant HD Audio "COPARTS Online" = COPARTS Online "ElsaWin" = ElsaWin "ETKA7.3_Germany_2011" = ETKA 7.3 Germany 2011 "Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228 "Hardlock Gerätetreiber" = Hardlock Gerätetreiber "IncrediMail" = IncrediMail 2.0 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "SynTPDeinstKey" = Synaptics Pointing Device Driver "VCDS DRV" = VCDS DRV 11.11 "VLC media player" = VLC media player 1.1.11 "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.06.2013 22:30:20 | Computer Name = Christian-PC | Source = IServOle | ID = 17 Description = IServOle(.\IServOle.cpp, 1504): Connection to aktive partner server failed. Fehler beim Laden der Typbibliothek/DLL. Error - 07.06.2013 22:30:21 | Computer Name = Christian-PC | Source = VSGATE | ID = 1 Description = Error - 07.06.2013 22:30:21 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1 Description = Error - 07.06.2013 22:37:10 | Computer Name = Christian-PC | Source = LCSVRHIS | ID = 1 Description = Error - 07.06.2013 22:37:11 | Computer Name = Christian-PC | Source = VSGATE | ID = 1 Description = Error - 07.06.2013 22:37:15 | Computer Name = Christian-PC | Source = VSGATE | ID = 1 Description = Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1 Description = Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = IServOle | ID = 17 Description = IServOle(.\IServOle.cpp, 1504): Connection to aktive partner server failed. Fehler beim Laden der Typbibliothek/DLL. Error - 07.06.2013 22:37:22 | Computer Name = Christian-PC | Source = VSGATE | ID = 1 Description = Error - 08.06.2013 04:21:11 | Computer Name = Christian-PC | Source = LCSVRADM | ID = 1 Description = [ System Events ] Error - 07.06.2013 22:10:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 07.06.2013 22:13:21 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = DCOM | ID = 10005 Description = Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 07.06.2013 22:14:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.06.2013 22:24:49 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 07.06.2013 22:30:00 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 07.06.2013 22:36:06 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 07.06.2013 22:37:12 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 08.06.2013 04:19:08 | Computer Name = Christian-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-08 15:59:20 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BPVT-22JJ5T0 rev.01.01A01 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C56A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C901F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E438000, 0x38E905, 0xE8000020] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x97E35400, 0x87EE2, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x97ED9620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x97ED9620] .protectÿÿÿÿhardlockunknown last code section [0x97ED9400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x97ED9400, 0x5126, 0xE0000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158335ba64 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158335ba64@00195d259800 0xF0 0xDF 0x00 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d81926106d Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158335ba64 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158335ba64@00195d259800 0xF0 0xDF 0x00 0xA5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d81926106d (not active ControlSet) ---- EOF - GMER 2.1 ---- |
Themen zu Netbook ist mit IHAVENET infiziert |
adobe reader xi, autorun, avira, bho, computer, converter, desktop, error, excel, fehler, firefox, flash player, format, gerätetreiber, gmer.log, install.exe, installation, mozilla, plug-in, port, problem, programm, realtek, recycle.bin, registry, rundll, samsung kies, security, software, svchost.exe, windows |