Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Https Tidserv Request

Https Tidserv Request


Plagegeister aller Art und deren Bekämpfung: Https Tidserv Request

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.04.2010, 23:42   #1
DevilGB
 
Https Tidserv Request - Standard

Https Tidserv Request


Seit dem ich auf dem Urlaub zurück bin habe ich leider ein großes Problem.

Norton 360 meldet abwechselt Https Tidserv Request und dann auch mal Request 2. Meistens wenn ich über Google etwas suche. Wenn der tidserv request nicht geblockt wird kommt einfach ne neue Webseite auf einmal.

Ich habe schon alle möglichen Programme laufen lassen. Malwarebytes hat nichts gefunden. Norton selber hat auch nichts gefunden. TDSSKiller hat was im Atapi.dll gefunden aber nach dem neustart war es immer noch da.

Dann hab ich noch Combifix laufen lassen.. Hier das Ergebnis. Vielleicht kann mir ja jemand helfen?


ComboFix 10-04-05.06 - Devilgb 06.04.2010 23:34:17.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2767 [GMT 2:00]
Running from: c:\documents and settings\Devilgb\My Documents\Downloads\ComboFix.exe
AV: Norton 360 Online *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Devilgb\Application Data\EurekaLog
c:\documents and settings\Devilgb\Application Data\inst.exe
c:\windows\system32\_005085_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005105_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005191_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005194_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005199_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005202_.tmp.dll
c:\windows\system32\_005203_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005210_.tmp.dll
c:\windows\system32\tmp.reg
c:\windows\system32\zip32.dll

c:\windows\system32\drivers\tsk4.tmp . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 20:29 . 2010-04-06 20:29 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-06 20:29 . 2010-04-06 20:29 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-06 20:29 . 2010-04-06 20:29 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-06 17:39 . 2010-04-06 17:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-06 12:05 . 2010-04-06 12:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-06 12:05 . 2010-04-06 12:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-30 11:10 . 2010-03-30 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\hps
2010-03-30 11:06 . 2010-03-30 11:06 -------- d-----w- c:\program files\CeWe Color
2010-03-22 17:07 . 2010-03-22 17:07 -------- d-----w- c:\documents and settings\All Users\Startmenü
2010-03-21 21:37 . 2010-03-27 14:23 -------- d-----w- c:\documents and settings\Devilgb\.jordan
2010-03-16 15:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-09 20:58 . 2010-03-09 20:58 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-09 20:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 17:56 . 2010-03-08 17:56 378 ----a-w- c:\windows\system32\Pen_Tablet.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 21:58 . 2009-12-14 15:00 -------- d-----w- c:\program files\PeerBlock
2010-04-06 21:57 . 2010-04-06 21:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 21:50 . 2010-04-05 20:14 52224 ----a-w- c:\documents and settings\Devilgb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 21:50 . 2009-03-23 13:25 117760 ----a-w- c:\documents and settings\Devilgb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 21:32 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-06 21:30 . 2010-04-06 21:30 96512 ----a-w- c:\windows\system32\drivers\tsk4.tmp
2010-04-06 12:53 . 2009-01-05 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-06 12:16 . 2008-12-19 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 12:16 . 2009-12-16 12:52 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 10:13 . 2008-12-19 00:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-06 10:10 . 2009-12-15 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-05 20:11 . 2008-12-18 22:22 -------- d-----w- c:\documents and settings\Devilgb\Application Data\uTorrent
2010-03-29 22:46 . 2008-12-19 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-12-19 01:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 11:05 . 2008-12-18 23:56 -------- d-----w- c:\documents and settings\Devilgb\Application Data\Creative
2010-03-27 10:49 . 2008-12-18 22:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 10:46 . 2009-06-30 15:06 -------- d-----w- c:\documents and settings\Devilgb\Application Data\MakeUpPilot
2010-03-22 19:12 . 2010-03-22 19:12 5896 ----a-w- c:\documents and settings\All Users\Application Data\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.08.bat
2010-03-22 19:12 . 2010-03-22 19:12 20776 ----a-w- c:\documents and settings\All Users\Application Data\AAV\SSE\15\UpdateFiles\ApplyMsp.exe
2010-03-22 19:12 . 2010-03-22 19:12 18728 ----a-w- c:\documents and settings\All Users\Application Data\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe
2010-03-22 17:05 . 2009-03-08 15:45 -------- d-----w- c:\program files\Akademische Arbeitsgemeinschaft
2010-03-22 13:04 . 2010-03-22 13:04 53248 ----a-r- c:\documents and settings\Devilgb\Application Data\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
2010-03-22 12:18 . 2010-03-22 12:18 1821192 ----a-w- c:\documents and settings\All Users\Application Data\AAV\SSE\14\UpdateFiles\vcredist_x86.exe
2010-03-22 12:18 . 2010-03-22 12:18 6358 ----a-w- c:\documents and settings\All Users\Application Data\AAV\SSE\14\UpdateFiles\SSE_Patch_14.16.bat
2010-03-21 21:09 . 2008-12-21 17:04 -------- d-----w- c:\documents and settings\Devilgb\Application Data\Vso
2010-02-26 23:08 . 2010-02-15 11:06 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-26 23:08 . 2010-02-15 11:06 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-25 13:49 . 2010-02-14 17:09 -------- d-----w- c:\documents and settings\Devilgb\Application Data\Ubisoft
2010-02-25 13:48 . 2010-02-25 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-15 14:08 . 2009-06-23 10:54 -------- d-----w- c:\program files\ICQ6.5
2010-02-14 17:01 . 2009-03-30 20:38 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-14 17:01 . 2009-03-30 20:38 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-12 16:41 . 2010-04-06 21:51 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-03 09:00 . 2010-04-06 17:05 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100406.003\NAVENG.SYS
2010-02-03 09:00 . 2010-04-06 17:05 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100406.003\NAVEX15.SYS
2010-02-03 08:05 . 2010-02-03 08:05 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-02-03 08:05 . 2010-02-03 08:05 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-02-03 08:05 . 2010-02-03 08:05 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-02-03 08:05 . 2010-02-03 08:05 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-02-03 08:05 . 2010-02-03 08:05 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-02-03 08:05 . 2010-02-03 08:05 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-02-03 08:02 . 2010-02-03 08:04 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller.exe
2010-02-03 04:52 . 2008-12-01 22:13 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2009-05-16 01:33 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 04:07 . 2008-12-01 20:19 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2008-12-01 20:46 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2008-12-01 20:27 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2008-12-01 20:52 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2008-12-01 20:51 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2008-12-01 20:11 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2008-12-01 20:11 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2008-12-01 20:11 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2008-12-01 19:50 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2008-12-01 20:38 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-02-18 11:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2008-12-01 19:53 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2008-12-01 19:52 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2008-12-01 19:45 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-01 18:20 . 2010-04-06 21:51 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-16 11:07 . 2009-12-14 19:43 7829 ----a-w- c:\documents and settings\All Users\Application Data\xmlF1.tmp
2010-01-16 11:07 . 2009-12-14 19:43 1629 ----a-w- c:\documents and settings\All Users\Application Data\xmlF3.tmp
2010-01-16 11:07 . 2009-12-14 19:43 13739 ----a-w- c:\documents and settings\All Users\Application Data\xmlF2.tmp
2010-01-13 20:48 . 2008-12-18 22:23 54376 ----a-w- c:\documents and settings\Devilgb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 12:24 . 2010-01-10 12:23 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-03-31 20:47 . 2008-12-18 23:23 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
Code:
ATTFilter
<pre>
c:\program files\VirtualDJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
c:\program files\VirtualDJ\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\eraser.exe" [2009-06-10 334224]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-23 1809648]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 12:58 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-r- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-29 23:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2009-06-23 10:48 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2009-12-10 14:05 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
c:\program files\PeerGuardian2\pg2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-11-04 08:52 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 13:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwiftToDoListLite]
2009-07-09 16:01 761856 ----a-w- c:\program files\Swift To-Do List\Swift To-Do List Lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 15:00 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VF0060 STISvc]
2004-11-01 08:00 36864 ----a-w- c:\windows\system32\V0060Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon]
c:\documents and settings\Devilgb\Application Data\Microsoft\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XM2002]
c:\program files\IPPS\XM2002®\XM2002.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"TVersityMediaServer"=3 (0x3)
"idsvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"gusvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Adobe Version Cue CS4"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\ar3\\Data\\ra3_1.4.game"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"j:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=
"j:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"k:\\BFME2\\game.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"k:\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.07.mui"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"i:\\steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"d:\\Sacred 2\\system\\s2gs.exe"=
"d:\\Sacred 2\\system\\sacred2.exe"=
"j:\\Anno1404\\Anno4.exe"=
"j:\\Anno1404\\tools\\Anno4Web.exe"=
"i:\\steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"i:\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"j:\\Anno1404\\Addon.exe"=
"j:\\Anno1404\\tools\\AddonWeb.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-18 685816]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-21 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-07 57344]
R4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100402.001\IDSxpx86.sys [2009-10-28 329592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2002-12-30 12160]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-12-16 102448]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 14424]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\DRIVERS\V0060Vid.sys [2005-02-02 196409]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\IPPS\XM2002®\XM2002.exe
FF - ProfilePath - c:\documents and settings\Devilgb\Application Data\Mozilla\Firefox\Profiles\0vh5bdno.default\
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Devilgb\Application Data\Mozilla\Firefox\Profiles\0vh5bdno.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Devilgb\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Web ImageGrabber 2 - c:\windows\cadkasdeinst01e.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-06 23:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll tsk4.tmp pciide.sys >>UNKNOWN [0x8ADC08B4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> tsk4.tmp @ 0xb9e0f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9cb9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cc6a21
SendHandler -> NDIS.sys @ 0xb9ca487b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\drivers\tsk4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1450960922-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:69,73,59,4e,25,67,75,48,54,ec,22,5b,27,40,b5,59,da,5f,a6,70,7b,16,cf,
42,27,7f,87,55,9b,10,f1,82,04,fc,ee,f5,27,d9,ab,28,0b,da,68,c1,3b,59,a6,11,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1547161642-1450960922-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:b9,b6,2a,33,ff,7f,0f,d3,bb,8a,1d,53,0f,2b,fc,af,cf,ab,74,ea,1d,
a4,0b,7f,a5,ee,08,0c,b3,88,19,96,99,ba,f5,4a,45,8e,6a,09,22,54,c7,7d,46,4e,\
"rkeysecu"=hex:6f,4c,84,de,7c,8f,c7,3d,2c,57,24,45,f8,8b,f9,ac
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Devilgb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Devilgb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1596)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-04-07 00:04:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 22:03

Pre-Run: 30.928.560.128 bytes free
Post-Run: 30.939.951.104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 8370D55AB9BF45E8F244774AF3A4F761

 

Themen zu Https Tidserv Request
41700, addon.exe, administrator, classpnp.sys, components, controlset002, eraser, explorer, firefox, ftp, google, hal.dll, helper, helper.exe, heuristics, hängen, installation, monitor, mozilla, neustart, pdf-datei, photoshop, picasa, popup, realtek, registry, rundll, scan, security, software, sptd.sys, svchost, system, tcp, tdsskiller, tidserv, vcredist, windows, windows recovery, windows xp, winlogon.exe


« WORM/Palevo.aaqo | Kein Internet mehr - virus, trojaner? »


Ähnliche Themen: Https Tidserv Request


  1. HTTPS: Darstellungs- und Ajax-Probleme bei HTTPS-Seiten - Chrome und Firefox
    Plagegeister aller Art und deren Bekämpfung - 16.08.2015 (11)
  2. Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website
    Log-Analyse und Auswertung - 31.05.2015 (3)
  3. Google sagt: Sorry,but your computer or network may be sending automated queries.To protect our users, we can't process your request right..
    Log-Analyse und Auswertung - 24.12.2013 (5)
  4. HTTP und TCP Request zur IP 174.35.7.4
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (17)
  5. Boot.tidserv entfernen
    Log-Analyse und Auswertung - 09.02.2012 (16)
  6. https everywhere
    Diskussionsforum - 31.01.2012 (3)
  7. Backdoor.Tidserv auf dem Rechner - vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (17)
  8. Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (61)
  9. Bad request 400 - Firefox und IE Probleme - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (1)
  10. Https tidserv request
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (10)
  11. Brauche Anleitung bei Entfernung von HTTPS TIDSERV REQUEST 2
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (7)
  12. Tidserv Request
    Plagegeister aller Art und deren Bekämpfung - 02.11.2010 (30)
  13. Backdoor.Tidserv in ftdisk.sik
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (21)
  14. Tidserv Request 2 > svchost.exe, firefox.exe
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (16)
  15. Schutz vor Attacken durch Cross-Site-Request-Forgery ausgehebelt
    Nachrichten - 21.07.2009 (0)
  16. Backdoor.Tidserv!inf
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (5)
  17. TR/Crypt.ULPM.Gen logfile analysis request, please...
    Log-Analyse und Auswertung - 31.03.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Https Tidserv Request - Seit dem ich auf dem Urlaub zurück bin habe ich leider ein großes Problem. Norton 360 meldet abwechselt Https Tidserv Request und dann auch mal Request 2. Meistens wenn ich - Https Tidserv Request...
Archiv
Du betrachtest: Https Tidserv Request auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131