| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich Rocketnews TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2012, 11:24
| #1 |
| |  Wahrscheinlich Rocketnews Trojaner Hallöchen seit einigen Tagen werde ich von den Google-Suchergebnissen auf falsche Seiten verlinkt. Häufig taucht dabei die Seite "Rocketnews" auf. Nach googlen habe ich den Hinweis gefunden, dass es eventuell Rocketnews sein könnte. Hier mal die Scans von Malwarebyte und OTL: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.19.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 zick :: ZICK1 [Administrator] Schutz: Aktiviert 19.06.2012 08:05:02 mbam-log-2012-06-19 (08-05-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 347756 Laufzeit: 3 Stunde(n), 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 19.06.2012 11:21:09 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Rocketnews Virus Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,49% Memory free 3,60 Gb Paging File | 2,72 Gb Available in Paging File | 75,66% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 30,00 Gb Total Space | 7,03 Gb Free Space | 23,42% Space Free | Partition Type: NTFS Drive D: | 202,89 Gb Total Space | 187,50 Gb Free Space | 92,42% Space Free | Partition Type: NTFS Computer Name: ZICK1 | User Name: zick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.19 11:18:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Rocketnews Virus\OTL.exe PRC - [2012.05.09 08:09:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 08:09:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 08:09:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 08:09:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.28 06:24:50 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.03.28 06:24:46 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012.03.28 06:24:34 | 002,786,480 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe PRC - [2006.02.24 11:58:14 | 000,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2005.11.11 18:30:22 | 000,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\ControlCenter2\brctrcen.exe PRC - [2005.10.26 16:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2005.08.10 07:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2005.06.08 16:45:04 | 000,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 08:09:18 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.04.24 08:20:49 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.04.24 08:20:49 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2008.09.18 00:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfdialogs100.bpl MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\expertpdf4core.bpl MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfcore100.bpl MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vsvector100.bpl MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfeditor100.bpl MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\TMSlite100.bpl MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\te100.bpl MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\VirtualTree100.bpl MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\uoolep100.bpl MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\VSDesktop100.bpl MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\visage100.bpl MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vsmisc100.bpl MOD - [2006.02.24 11:57:52 | 000,065,536 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\PKIECtrl100.bpl MOD - [2005.10.07 09:22:50 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll MOD - [2005.06.02 12:40:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\vsmon1.dll MOD - [2005.05.11 13:23:42 | 000,073,728 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\sqlite.dll MOD - [2002.11.26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.18 12:47:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.13 07:52:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.09 08:09:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 08:09:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.28 06:24:50 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2008.01.22 11:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.05.11 09:48:23 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm) DRV - [2012.05.11 09:48:23 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) DRV - [2012.05.11 09:48:23 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex) DRV - [2012.05.11 09:48:23 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM) DRV - [2012.05.11 09:48:23 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl) DRV - [2012.05.09 08:09:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 08:09:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.11.20 18:07:34 | 004,627,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.30 11:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.07.30 11:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.07.01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fujitsu-siemens.de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fujitsu-siemens.de IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fujitsu-siemens.de IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fujitsu-siemens.de IE - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 12:47:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.31 11:00:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.19 07:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.20 17:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Extensions [2010.01.20 17:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.04 18:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions [2011.03.10 15:17:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.21 09:01:07 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\searchplugins\conduit.xml [2012.04.27 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.18 12:47:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 08:03:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 08:03:04 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 08:03:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 08:03:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 08:03:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 08:03:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found. O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Rocketnews Virus\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\zick\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3038180217-2471142311-2891851402-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83D246A0-9F1E-44B4-95CB-5F44594EDAA7}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.20 21:33:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.19 08:02:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Spyware Terminator [2012.06.19 08:02:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2012.06.19 08:02:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012 [2012.06.19 08:01:41 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2012.06.19 07:59:15 | 000,000,000 | ---D | C] -- C:\Rocketnews Virus [2012.06.18 15:30:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\zick\Recent [2012.06.11 09:03:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Malwarebytes [2012.06.11 09:03:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.11 09:03:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.11 09:03:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.11 09:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.31 15:51:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy [2012.05.31 15:51:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2012.05.31 15:51:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2012.05.31 11:21:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Lokale Einstellungen\Anwendungsdaten\Sun [2012.05.31 11:20:20 | 000,000,000 | ---D | C] -- C:\Programme\Oracle [2012.05.31 11:20:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Oracle [2012.05.31 10:59:46 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2012.05.22 14:59:21 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\kom_friesengeist.php-Dateien [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.19 10:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.19 08:02:49 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2012.06.19 07:59:56 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 07:52:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.19 07:51:25 | 000,193,212 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.06.19 07:51:17 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\jbwxwehx.job [2012.06.19 07:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.19 07:51:11 | 1877,917,696 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 08:35:10 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.14 08:15:26 | 000,484,412 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.14 08:15:26 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.14 08:15:26 | 000,094,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.14 08:15:26 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.04 17:09:19 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.06.04 17:09:19 | 000,000,614 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Avira DE-Cleaner.lnk [2012.05.31 15:51:52 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Spybot - Search & Destroy.lnk [2012.05.31 11:00:22 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.29 16:02:13 | 000,200,704 | RHS- | M] () -- C:\WINDOWS\System32\dgrpsetuj.dll [2012.05.22 14:59:21 | 000,016,682 | ---- | M] () -- D:\Eigene Dateien\kom_friesengeist.php.htm [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.19 08:02:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012.06.19 08:02:49 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2012.06.11 09:03:29 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.04 17:09:19 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.06.04 17:09:19 | 000,000,614 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Avira DE-Cleaner.lnk [2012.05.31 15:51:52 | 000,000,911 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Spybot - Search & Destroy.lnk [2012.05.31 11:00:22 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.05.31 11:00:22 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.05.29 16:02:13 | 000,200,704 | RHS- | C] () -- C:\WINDOWS\System32\dgrpsetuj.dll [2012.05.29 16:02:13 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\jbwxwehx.job [2012.05.22 14:59:21 | 000,016,682 | ---- | C] () -- D:\Eigene Dateien\kom_friesengeist.php.htm [2012.02.16 15:31:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.02.18 09:34:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2010.08.19 08:01:09 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll ========== LOP Check ========== [2010.08.19 08:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF [2010.08.19 08:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4 [2010.08.19 08:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs [2012.06.19 08:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2008.08.09 12:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync App Settings [2012.05.11 09:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.08.19 08:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\eXPert PDF Editor [2010.12.14 09:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\GetRightToGo [2009.01.05 08:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\OpenOffice.org [2012.05.31 11:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Oracle [2012.06.04 18:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\PriceGong [2012.06.19 08:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Spyware Terminator [2009.09.22 08:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Sync App Settings [2012.05.11 09:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Teleca [2010.01.20 17:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Thunderbird [2008.08.08 19:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Windows Desktop Search [2008.08.09 10:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Windows Search [2012.06.19 07:51:17 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\jbwxwehx.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.31 13:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Adobe [2008.08.27 07:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Ahead [2012.04.11 08:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Avira [2009.08.28 17:36:29 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Brother [2010.08.19 08:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\eXPert PDF Editor [2010.12.14 09:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\GetRightToGo [2009.07.03 10:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Help [2007.07.19 00:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Identities [2008.08.07 21:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\InstallShield [2008.08.09 09:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Macromedia [2012.06.11 09:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Malwarebytes [2011.05.06 15:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Media Player Classic [2012.05.31 13:18:47 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Microsoft [2008.08.18 15:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla [2009.01.05 08:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\OpenOffice.org [2009.01.02 15:30:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\OpenOffice.org2 [2012.05.31 11:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Oracle [2012.06.04 18:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\PriceGong [2012.06.19 08:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Spyware Terminator [2008.08.09 09:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Sun [2009.09.22 08:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Sync App Settings [2008.08.18 15:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Talkback [2012.05.11 09:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Teleca [2010.01.20 17:40:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Thunderbird [2008.08.08 19:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Windows Desktop Search [2008.08.09 10:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Windows Search < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.08.07 21:55:57 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008.08.07 21:55:57 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.08.07 21:55:57 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008.08.07 21:55:57 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\OEMDRV\52\iastor.sys [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Rocketnews Virus\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.08.20 23:20:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004.08.20 23:20:24 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.08.20 23:20:24 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.05.29 16:02:13 | 000,200,704 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dgrpsetuj.dll [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Vielen Dank im Vorraus, Gruß, Zick |
|
21.06.2012, 15:17
| #2 |
| /// Malwareteam    | Wahrscheinlich Rocketnews Trojaner Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: Gmer Bitte
__________________ |
|
26.06.2012, 09:00
| #3 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
__________________ |
|
27.06.2012, 19:45
| #4 |
| | Wahrscheinlich Rocketnews Trojaner Hallo, entschuldige die späte Meldung, aber es geht gerade einiges drunter und drüber, weshalb sich die Antworten immer etwas verzögern können. Hier die logs: TDSS: Code:
ATTFilter 08:18:17.0328 1900 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
08:18:17.0515 1900 ============================================================
08:18:17.0515 1900 Current date / time: 2012/06/27 08:18:17.0515
08:18:17.0515 1900 SystemInfo:
08:18:17.0515 1900
08:18:17.0515 1900 OS Version: 5.1.2600 ServicePack: 3.0
08:18:17.0515 1900 Product type: Workstation
08:18:17.0515 1900 ComputerName: ZICKPC
08:18:17.0515 1900 UserName: zick
08:18:17.0515 1900 Windows directory: C:\WINDOWS
08:18:17.0515 1900 System windows directory: C:\WINDOWS
08:18:17.0515 1900 Processor architecture: Intel x86
08:18:17.0515 1900 Number of processors: 2
08:18:17.0515 1900 Page size: 0x1000
08:18:17.0515 1900 Boot type: Normal boot
08:18:17.0515 1900 ============================================================
08:18:19.0453 1900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:18:19.0453 1900 ============================================================
08:18:19.0453 1900 \Device\Harddisk0\DR0:
08:18:19.0453 1900 MBR partitions:
08:18:19.0453 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFF00D
08:18:19.0453 1900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3BFF04C, BlocksNum 0x195C5535
08:18:19.0453 1900 ============================================================
08:18:19.0468 1900 C: <-> \Device\Harddisk0\DR0\Partition0
08:18:19.0734 1900 D: <-> \Device\Harddisk0\DR0\Partition1
08:18:19.0734 1900 ============================================================
08:18:19.0734 1900 Initialize success
08:18:19.0734 1900 ============================================================
08:18:42.0515 0496 ============================================================
08:18:42.0515 0496 Scan started
08:18:42.0515 0496 Mode: Manual; TDLFS;
08:18:42.0515 0496 ============================================================
08:18:42.0781 0496 Abiosdsk - ok
08:18:42.0781 0496 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:18:42.0781 0496 abp480n5 - ok
08:18:42.0812 0496 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:18:42.0828 0496 ACPI - ok
08:18:42.0843 0496 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:18:42.0843 0496 ACPIEC - ok
08:18:42.0875 0496 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:18:42.0906 0496 AdobeFlashPlayerUpdateSvc - ok
08:18:42.0937 0496 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:18:42.0984 0496 adpu160m - ok
08:18:43.0015 0496 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\DRIVERS\adpu320.sys
08:18:43.0031 0496 adpu320 - ok
08:18:43.0046 0496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:18:43.0062 0496 aec - ok
08:18:43.0093 0496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:18:43.0093 0496 AFD - ok
08:18:43.0109 0496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:18:43.0125 0496 agp440 - ok
08:18:43.0125 0496 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:18:43.0140 0496 agpCPQ - ok
08:18:43.0171 0496 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:18:43.0171 0496 Aha154x - ok
08:18:43.0187 0496 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:18:43.0187 0496 aic78u2 - ok
08:18:43.0203 0496 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:18:43.0203 0496 aic78xx - ok
08:18:43.0234 0496 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
08:18:43.0234 0496 Alerter - ok
08:18:43.0250 0496 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
08:18:43.0250 0496 ALG - ok
08:18:43.0250 0496 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:18:43.0250 0496 AliIde - ok
08:18:43.0265 0496 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:18:43.0281 0496 alim1541 - ok
08:18:43.0296 0496 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:18:43.0296 0496 amdagp - ok
08:18:43.0328 0496 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:18:43.0328 0496 AmdK8 - ok
08:18:43.0343 0496 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:18:43.0343 0496 AmdPPM - ok
08:18:43.0359 0496 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
08:18:43.0375 0496 amsint - ok
08:18:43.0437 0496 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
08:18:43.0437 0496 AntiVirSchedulerService - ok
08:18:43.0453 0496 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
08:18:43.0453 0496 AntiVirService - ok
08:18:43.0484 0496 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
08:18:43.0500 0496 AppMgmt - ok
08:18:43.0515 0496 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
08:18:43.0515 0496 asc - ok
08:18:43.0515 0496 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:18:43.0531 0496 asc3350p - ok
08:18:43.0531 0496 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:18:43.0546 0496 asc3550 - ok
08:18:43.0609 0496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:18:43.0625 0496 aspnet_state - ok
08:18:43.0671 0496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:18:43.0671 0496 AsyncMac - ok
08:18:43.0687 0496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:18:43.0687 0496 atapi - ok
08:18:43.0703 0496 Atdisk - ok
08:18:43.0718 0496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:18:43.0734 0496 Atmarpc - ok
08:18:43.0750 0496 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
08:18:43.0750 0496 AudioSrv - ok
08:18:43.0765 0496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:18:43.0781 0496 audstub - ok
08:18:43.0812 0496 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:18:43.0812 0496 avgntflt - ok
08:18:43.0843 0496 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:18:43.0843 0496 avipbb - ok
08:18:43.0859 0496 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
08:18:43.0859 0496 avkmgr - ok
08:18:43.0890 0496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:18:43.0890 0496 Beep - ok
08:18:43.0921 0496 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
08:18:43.0953 0496 BITS - ok
08:18:43.0984 0496 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
08:18:43.0984 0496 Browser - ok
08:18:43.0984 0496 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:18:44.0000 0496 cbidf - ok
08:18:44.0000 0496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:18:44.0000 0496 cbidf2k - ok
08:18:44.0000 0496 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:18:44.0015 0496 cd20xrnt - ok
08:18:44.0031 0496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:18:44.0046 0496 Cdaudio - ok
08:18:44.0062 0496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:18:44.0062 0496 Cdfs - ok
08:18:44.0078 0496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:18:44.0093 0496 Cdrom - ok
08:18:44.0093 0496 Changer - ok
08:18:44.0109 0496 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
08:18:44.0125 0496 CiSvc - ok
08:18:44.0140 0496 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
08:18:44.0140 0496 ClipSrv - ok
08:18:44.0203 0496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:18:44.0250 0496 clr_optimization_v2.0.50727_32 - ok
08:18:44.0265 0496 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:18:44.0265 0496 CmdIde - ok
08:18:44.0265 0496 COMSysApp - ok
08:18:44.0281 0496 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:18:44.0281 0496 Cpqarray - ok
08:18:44.0312 0496 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
08:18:44.0312 0496 CryptSvc - ok
08:18:44.0328 0496 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:18:44.0328 0496 dac2w2k - ok
08:18:44.0328 0496 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:18:44.0343 0496 dac960nt - ok
08:18:44.0375 0496 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:18:44.0375 0496 DcomLaunch - ok
08:18:44.0406 0496 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
08:18:44.0406 0496 Dhcp - ok
08:18:44.0421 0496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:18:44.0437 0496 Disk - ok
08:18:44.0437 0496 dmadmin - ok
08:18:44.0468 0496 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
08:18:44.0515 0496 dmboot - ok
08:18:44.0531 0496 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
08:18:44.0546 0496 dmio - ok
08:18:44.0578 0496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:18:44.0578 0496 dmload - ok
08:18:44.0609 0496 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
08:18:44.0609 0496 dmserver - ok
08:18:44.0625 0496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:18:44.0625 0496 DMusic - ok
08:18:44.0671 0496 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
08:18:44.0671 0496 Dnscache - ok
08:18:44.0703 0496 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
08:18:44.0718 0496 Dot3svc - ok
08:18:44.0734 0496 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:18:44.0734 0496 dpti2o - ok
08:18:44.0765 0496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:18:44.0765 0496 drmkaud - ok
08:18:44.0796 0496 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
08:18:44.0796 0496 EapHost - ok
08:18:44.0828 0496 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
08:18:44.0828 0496 ERSvc - ok
08:18:44.0859 0496 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:18:44.0859 0496 Eventlog - ok
08:18:44.0890 0496 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
08:18:44.0890 0496 EventSystem - ok
08:18:44.0921 0496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:18:44.0937 0496 Fastfat - ok
08:18:44.0968 0496 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:18:44.0968 0496 FastUserSwitchingCompatibility - ok
08:18:44.0984 0496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:18:44.0984 0496 Fdc - ok
08:18:45.0015 0496 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
08:18:45.0015 0496 Fips - ok
08:18:45.0031 0496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:18:45.0046 0496 Flpydisk - ok
08:18:45.0062 0496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:18:45.0078 0496 FltMgr - ok
08:18:45.0156 0496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:18:45.0156 0496 FontCache3.0.0.0 - ok
08:18:45.0171 0496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:18:45.0187 0496 Fs_Rec - ok
08:18:45.0187 0496 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:18:45.0203 0496 Ftdisk - ok
08:18:45.0234 0496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:18:45.0250 0496 Gpc - ok
08:18:45.0265 0496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:18:45.0281 0496 HDAudBus - ok
08:18:45.0312 0496 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:18:45.0312 0496 helpsvc - ok
08:18:45.0343 0496 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
08:18:45.0343 0496 HidServ - ok
08:18:45.0343 0496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:18:45.0359 0496 HidUsb - ok
08:18:45.0390 0496 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
08:18:45.0390 0496 hkmsvc - ok
08:18:45.0406 0496 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
08:18:45.0421 0496 hpn - ok
08:18:45.0453 0496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:18:45.0453 0496 HTTP - ok
08:18:45.0468 0496 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
08:18:45.0468 0496 HTTPFilter - ok
08:18:45.0484 0496 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:18:45.0484 0496 i2omgmt - ok
08:18:45.0500 0496 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:18:45.0500 0496 i2omp - ok
08:18:45.0515 0496 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:18:45.0515 0496 i8042prt - ok
08:18:45.0562 0496 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:18:45.0578 0496 iaStor - ok
08:18:45.0703 0496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:18:45.0781 0496 idsvc - ok
08:18:45.0812 0496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:18:45.0812 0496 Imapi - ok
08:18:45.0843 0496 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
08:18:45.0859 0496 ImapiService - ok
08:18:45.0890 0496 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:18:45.0890 0496 ini910u - ok
08:18:46.0046 0496 IntcAzAudAddService (e3fec5a562d1c5e1e1177d20a4e5beba) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:18:46.0140 0496 IntcAzAudAddService - ok
08:18:46.0218 0496 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:18:46.0218 0496 IntelIde - ok
08:18:46.0234 0496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:18:46.0250 0496 Ip6Fw - ok
08:18:46.0265 0496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:18:46.0265 0496 IpFilterDriver - ok
08:18:46.0281 0496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:18:46.0281 0496 IpInIp - ok
08:18:46.0312 0496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:18:46.0312 0496 IpNat - ok
08:18:46.0328 0496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:18:46.0343 0496 IPSec - ok
08:18:46.0359 0496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:18:46.0359 0496 IRENUM - ok
08:18:46.0375 0496 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:18:46.0375 0496 isapnp - ok
08:18:46.0453 0496 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:18:46.0453 0496 JavaQuickStarterService - ok
08:18:46.0468 0496 k510bus (b1fe6feac5a501c89057a69c9f5e9d1f) C:\WINDOWS\system32\DRIVERS\k510bus.sys
08:18:46.0484 0496 k510bus - ok
08:18:46.0500 0496 k510mdfl (7a4ecca08560e8ff330acaa4128af7b0) C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
08:18:46.0515 0496 k510mdfl - ok
08:18:46.0515 0496 k510mdm (094d532b727030c3b8b6bd3b743d9526) C:\WINDOWS\system32\DRIVERS\k510mdm.sys
08:18:46.0531 0496 k510mdm - ok
08:18:46.0546 0496 k510mgmt (ad67bfa00ba39c65551338ee001cdddd) C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
08:18:46.0562 0496 k510mgmt - ok
08:18:46.0593 0496 k510obex (7d5094b00a47d871a48d035beb3a0922) C:\WINDOWS\system32\DRIVERS\k510obex.sys
08:18:46.0609 0496 k510obex - ok
08:18:46.0625 0496 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:18:46.0625 0496 Kbdclass - ok
08:18:46.0656 0496 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:18:46.0656 0496 kbdhid - ok
08:18:46.0687 0496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:18:46.0687 0496 kmixer - ok
08:18:46.0703 0496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:18:46.0718 0496 KSecDD - ok
08:18:46.0734 0496 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
08:18:46.0734 0496 lanmanserver - ok
08:18:46.0765 0496 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
08:18:46.0765 0496 lanmanworkstation - ok
08:18:46.0765 0496 lbrtfdc - ok
08:18:46.0796 0496 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
08:18:46.0796 0496 LmHosts - ok
08:18:46.0828 0496 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
08:18:46.0828 0496 MBAMProtector - ok
08:18:46.0890 0496 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
08:18:46.0906 0496 MBAMService - ok
08:18:46.0921 0496 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
08:18:46.0937 0496 Messenger - ok
08:18:46.0968 0496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:18:46.0968 0496 mnmdd - ok
08:18:46.0984 0496 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
08:18:47.0000 0496 mnmsrvc - ok
08:18:47.0015 0496 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
08:18:47.0015 0496 Modem - ok
08:18:47.0031 0496 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:18:47.0046 0496 Mouclass - ok
08:18:47.0062 0496 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:18:47.0062 0496 mouhid - ok
08:18:47.0062 0496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:18:47.0078 0496 MountMgr - ok
08:18:47.0125 0496 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
08:18:47.0140 0496 MozillaMaintenance - ok
08:18:47.0156 0496 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:18:47.0156 0496 mraid35x - ok
08:18:47.0171 0496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:18:47.0203 0496 MRxDAV - ok
08:18:47.0234 0496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:18:47.0250 0496 MRxSmb - ok
08:18:47.0281 0496 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
08:18:47.0281 0496 MSDTC - ok
08:18:47.0296 0496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:18:47.0296 0496 Msfs - ok
08:18:47.0312 0496 MSIServer - ok
08:18:47.0328 0496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:18:47.0328 0496 MSKSSRV - ok
08:18:47.0343 0496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:18:47.0343 0496 MSPCLOCK - ok
08:18:47.0359 0496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:18:47.0359 0496 MSPQM - ok
08:18:47.0390 0496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:18:47.0390 0496 mssmbios - ok
08:18:47.0406 0496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:18:47.0406 0496 Mup - ok
08:18:47.0437 0496 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
08:18:47.0468 0496 napagent - ok
08:18:47.0562 0496 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
08:18:47.0625 0496 NBService - ok
08:18:47.0656 0496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:18:47.0671 0496 NDIS - ok
08:18:47.0703 0496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:18:47.0703 0496 NdisTapi - ok
08:18:47.0718 0496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:18:47.0718 0496 Ndisuio - ok
08:18:47.0750 0496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:18:47.0765 0496 NdisWan - ok
08:18:47.0781 0496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:18:47.0781 0496 NDProxy - ok
08:18:47.0796 0496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:18:47.0796 0496 NetBIOS - ok
08:18:47.0812 0496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:18:47.0828 0496 NetBT - ok
08:18:47.0859 0496 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:18:47.0875 0496 NetDDE - ok
08:18:47.0890 0496 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:18:47.0890 0496 NetDDEdsdm - ok
08:18:47.0906 0496 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:18:47.0906 0496 Netlogon - ok
08:18:47.0937 0496 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
08:18:47.0937 0496 Netman - ok
08:18:48.0000 0496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:18:48.0015 0496 NetTcpPortSharing - ok
08:18:48.0046 0496 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
08:18:48.0046 0496 Nla - ok
08:18:48.0125 0496 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
08:18:48.0156 0496 NMIndexingService - ok
08:18:48.0171 0496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:18:48.0187 0496 Npfs - ok
08:18:48.0218 0496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:18:48.0265 0496 Ntfs - ok
08:18:48.0281 0496 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:18:48.0281 0496 NtLmSsp - ok
08:18:48.0312 0496 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
08:18:48.0343 0496 NtmsSvc - ok
08:18:48.0359 0496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:18:48.0359 0496 Null - ok
08:18:48.0546 0496 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:18:48.0781 0496 nv - ok
08:18:48.0875 0496 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:18:48.0875 0496 NVENETFD - ok
08:18:48.0890 0496 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:18:48.0890 0496 nvnetbus - ok
08:18:48.0921 0496 NVSvc (f96df45cfbdc670584293e03c2ab602a) C:\WINDOWS\system32\nvsvc32.exe
08:18:48.0937 0496 NVSvc - ok
08:18:48.0953 0496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:18:48.0953 0496 NwlnkFlt - ok
08:18:48.0968 0496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:18:48.0984 0496 NwlnkFwd - ok
08:18:49.0000 0496 P3 (a7af0c0860f1c43fc6581ba8a99eabef) C:\WINDOWS\system32\DRIVERS\p3.sys
08:18:49.0015 0496 P3 - ok
08:18:49.0031 0496 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
08:18:49.0031 0496 Parport - ok
08:18:49.0046 0496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:18:49.0062 0496 PartMgr - ok
08:18:49.0078 0496 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
08:18:49.0078 0496 ParVdm - ok
08:18:49.0093 0496 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
08:18:49.0093 0496 PCI - ok
08:18:49.0109 0496 PCIDump - ok
08:18:49.0125 0496 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:18:49.0125 0496 PCIIde - ok
08:18:49.0156 0496 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:18:49.0171 0496 Pcmcia - ok
08:18:49.0171 0496 PDCOMP - ok
08:18:49.0171 0496 PDFRAME - ok
08:18:49.0187 0496 PDRELI - ok
08:18:49.0187 0496 PDRFRAME - ok
08:18:49.0203 0496 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
08:18:49.0218 0496 perc2 - ok
08:18:49.0234 0496 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:18:49.0234 0496 perc2hib - ok
08:18:49.0250 0496 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
08:18:49.0250 0496 PLFlash DeviceIoControl Service - ok
08:18:49.0281 0496 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:18:49.0281 0496 PlugPlay - ok
08:18:49.0312 0496 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:18:49.0312 0496 PolicyAgent - ok
08:18:49.0328 0496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:18:49.0328 0496 PptpMiniport - ok
08:18:49.0328 0496 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:18:49.0343 0496 ProtectedStorage - ok
08:18:49.0343 0496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:18:49.0343 0496 PSched - ok
08:18:49.0375 0496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:18:49.0390 0496 Ptilink - ok
08:18:49.0406 0496 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:18:49.0406 0496 ql1080 - ok
08:18:49.0421 0496 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:18:49.0421 0496 Ql10wnt - ok
08:18:49.0437 0496 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:18:49.0437 0496 ql12160 - ok
08:18:49.0453 0496 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:18:49.0453 0496 ql1240 - ok
08:18:49.0453 0496 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:18:49.0468 0496 ql1280 - ok
08:18:49.0484 0496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:18:49.0484 0496 RasAcd - ok
08:18:49.0515 0496 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
08:18:49.0531 0496 RasAuto - ok
08:18:49.0546 0496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:18:49.0546 0496 Rasl2tp - ok
08:18:49.0593 0496 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
08:18:49.0593 0496 RasMan - ok
08:18:49.0593 0496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:18:49.0593 0496 RasPppoe - ok
08:18:49.0625 0496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:18:49.0625 0496 Raspti - ok
08:18:49.0656 0496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:18:49.0671 0496 Rdbss - ok
08:18:49.0687 0496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:18:49.0687 0496 RDPCDD - ok
08:18:49.0718 0496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:18:49.0734 0496 rdpdr - ok
08:18:49.0765 0496 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:18:49.0765 0496 RDPWD - ok
08:18:49.0796 0496 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
08:18:49.0812 0496 RDSessMgr - ok
08:18:49.0843 0496 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:18:49.0843 0496 redbook - ok
08:18:49.0875 0496 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
08:18:49.0875 0496 RemoteAccess - ok
08:18:49.0906 0496 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
08:18:49.0906 0496 RemoteRegistry - ok
08:18:49.0921 0496 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
08:18:49.0921 0496 RpcLocator - ok
08:18:49.0984 0496 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:18:49.0984 0496 RpcSs - ok
08:18:50.0015 0496 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
08:18:50.0031 0496 RSVP - ok
08:18:50.0046 0496 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:18:50.0046 0496 SamSs - ok
08:18:50.0078 0496 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
08:18:50.0078 0496 SCardSvr - ok
08:18:50.0109 0496 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
08:18:50.0109 0496 Schedule - ok
08:18:50.0125 0496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:18:50.0140 0496 Secdrv - ok
08:18:50.0156 0496 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
08:18:50.0156 0496 seclogon - ok
08:18:50.0171 0496 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
08:18:50.0171 0496 SENS - ok
08:18:50.0187 0496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:18:50.0187 0496 serenum - ok
08:18:50.0203 0496 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
08:18:50.0218 0496 Serial - ok
08:18:50.0234 0496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:18:50.0234 0496 Sfloppy - ok
08:18:50.0265 0496 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
08:18:50.0265 0496 SharedAccess - ok
08:18:50.0296 0496 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:18:50.0296 0496 ShellHWDetection - ok
08:18:50.0296 0496 Simbad - ok
08:18:50.0328 0496 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:18:50.0328 0496 sisagp - ok
08:18:50.0359 0496 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:18:50.0359 0496 Sparrow - ok
08:18:50.0375 0496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:18:50.0390 0496 splitter - ok
08:18:50.0406 0496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:18:50.0406 0496 Spooler - ok
08:18:50.0437 0496 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
08:18:50.0437 0496 sp_rsdrv2 - ok
08:18:50.0453 0496 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
08:18:50.0453 0496 sr - ok
08:18:50.0484 0496 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
08:18:50.0484 0496 srservice - ok
08:18:50.0515 0496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:18:50.0531 0496 Srv - ok
08:18:50.0531 0496 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
08:18:50.0531 0496 SSDPSRV - ok
08:18:50.0578 0496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:18:50.0578 0496 ssmdrv - ok
08:18:50.0656 0496 ST2012_Svc (8e67b6fad3c2696ff8507a2a24f83286) C:\Programme\Spyware Terminator\st_rsser.exe
08:18:50.0671 0496 ST2012_Svc - ok
08:18:50.0703 0496 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:18:50.0703 0496 StillCam - ok
08:18:50.0734 0496 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
08:18:50.0750 0496 stisvc - ok
08:18:50.0765 0496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:18:50.0781 0496 swenum - ok
08:18:50.0796 0496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:18:50.0796 0496 swmidi - ok
08:18:50.0812 0496 SwPrv - ok
08:18:50.0843 0496 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
08:18:50.0843 0496 symc810 - ok
08:18:50.0859 0496 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:18:50.0875 0496 symc8xx - ok
08:18:50.0875 0496 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:18:50.0890 0496 sym_hi - ok
08:18:50.0921 0496 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:18:50.0921 0496 sym_u3 - ok
08:18:50.0937 0496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:18:50.0937 0496 sysaudio - ok
08:18:50.0984 0496 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
08:18:50.0984 0496 SysmonLog - ok
08:18:51.0015 0496 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
08:18:51.0015 0496 TapiSrv - ok
08:18:51.0046 0496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:18:51.0062 0496 Tcpip - ok
08:18:51.0078 0496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:18:51.0078 0496 TDPIPE - ok
08:18:51.0093 0496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:18:51.0093 0496 TDTCP - ok
08:18:51.0109 0496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:18:51.0125 0496 TermDD - ok
08:18:51.0140 0496 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
08:18:51.0140 0496 TermService - ok
08:18:51.0171 0496 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:18:51.0171 0496 Themes - ok
08:18:51.0187 0496 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
08:18:51.0203 0496 TlntSvr - ok
08:18:51.0218 0496 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
08:18:51.0218 0496 TosIde - ok
08:18:51.0250 0496 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
08:18:51.0250 0496 TrkWks - ok
08:18:51.0265 0496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:18:51.0265 0496 Udfs - ok
08:18:51.0296 0496 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
08:18:51.0296 0496 ultra - ok
08:18:51.0328 0496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:18:51.0359 0496 Update - ok
08:18:51.0375 0496 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
08:18:51.0390 0496 upnphost - ok
08:18:51.0406 0496 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
08:18:51.0406 0496 UPS - ok
08:18:51.0437 0496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:18:51.0437 0496 usbccgp - ok
08:18:51.0453 0496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:18:51.0453 0496 usbehci - ok
08:18:51.0453 0496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:18:51.0468 0496 usbhub - ok
08:18:51.0484 0496 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:18:51.0484 0496 usbohci - ok
08:18:51.0500 0496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:18:51.0500 0496 USBSTOR - ok
08:18:51.0515 0496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:18:51.0515 0496 usbuhci - ok
08:18:51.0531 0496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:18:51.0531 0496 VgaSave - ok
08:18:51.0546 0496 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:18:51.0546 0496 viaagp - ok
08:18:51.0578 0496 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:18:51.0578 0496 ViaIde - ok
08:18:51.0578 0496 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
08:18:51.0593 0496 VolSnap - ok
08:18:51.0640 0496 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
08:18:51.0656 0496 VSS - ok
08:18:51.0671 0496 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
08:18:51.0671 0496 W32Time - ok
08:18:51.0703 0496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:18:51.0703 0496 Wanarp - ok
08:18:51.0718 0496 WDICA - ok
08:18:51.0750 0496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:18:51.0765 0496 wdmaud - ok
08:18:51.0765 0496 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
08:18:51.0781 0496 WebClient - ok
08:18:51.0828 0496 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:18:51.0843 0496 winmgmt - ok
08:18:51.0875 0496 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:18:51.0875 0496 WmdmPmSN - ok
08:18:51.0921 0496 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
08:18:51.0921 0496 Wmi - ok
08:18:51.0953 0496 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:18:51.0953 0496 WmiApSrv - ok
08:18:52.0046 0496 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
08:18:52.0109 0496 WMPNetworkSvc - ok
08:18:52.0156 0496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:18:52.0156 0496 WS2IFSL - ok
08:18:52.0187 0496 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
08:18:52.0187 0496 wscsvc - ok
08:18:52.0187 0496 WSearch - ok
08:18:52.0203 0496 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
08:18:52.0203 0496 wuauserv - ok
08:18:52.0218 0496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:18:52.0234 0496 WudfPf - ok
08:18:52.0250 0496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:18:52.0250 0496 WudfRd - ok
08:18:52.0281 0496 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:18:52.0281 0496 WudfSvc - ok
08:18:52.0328 0496 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
08:18:52.0343 0496 WZCSVC - ok
08:18:52.0359 0496 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
08:18:52.0375 0496 xmlprov - ok
08:18:52.0390 0496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:18:52.0703 0496 \Device\Harddisk0\DR0 - ok
08:18:52.0703 0496 Boot (0x1200) (11a4098ce1158dbd53e977230d5c5253) \Device\Harddisk0\DR0\Partition0
08:18:52.0703 0496 \Device\Harddisk0\DR0\Partition0 - ok
08:18:52.0734 0496 Boot (0x1200) (568dead2773621289841481597880093) \Device\Harddisk0\DR0\Partition1
08:18:52.0734 0496 \Device\Harddisk0\DR0\Partition1 - ok
08:18:52.0734 0496 ============================================================
08:18:52.0734 0496 Scan finished
08:18:52.0734 0496 ============================================================
08:18:52.0750 0504 Detected object count: 0
08:18:52.0750 0504 Actual detected object count: 0
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-27 09:32:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.AAB
Running: Gmer.exe; Driver: D:\Temp\pftdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB6755444]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB6754C8A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB6754958]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB6756520]
SSDT BA6E3E24 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB6754A68]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB6754B5A]
SSDT BA6E3E6F ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB6755780]
SSDT BA6E3E42 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB6754F9C]
SSDT BA6E3E10 ZwOpenProcess
SSDT BA6E3E15 ZwOpenThread
SSDT BA6E3E97 ZwQueryValueKey
SSDT BA6E3E4C ZwReplaceKey
SSDT BA6E3E88 ZwRequestWaitReplyPort
SSDT BA6E3E47 ZwRestoreKey
SSDT BA6E3E83 ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xB67550D2]
SSDT BA6E3E8D ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB675477E]
SSDT BA6E3E92 ZwSystemDebugControl
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB67556C8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB67552BC]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9636360, 0x32DEFD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Zick |
|
27.06.2012, 19:56
| #5 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Kein Problem! Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.06.2012, 14:31
| #6 |
| | Wahrscheinlich Rocketnews Trojaner So, diesmal schneller  Code:
ATTFilter ComboFix 12-06-28.01 - zick 28.06.2012 8:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1791.837 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\zick\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\zick\4.0
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\zick\Anwendungsdaten\PriceGong\Data\z.xml
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-19 06:02 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-06-19 06:02 . 2012-06-28 06:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2012-06-19 06:02 . 2012-06-19 06:02 -------- d-----w- c:\dokumente und einstellungen\zick\Anwendungsdaten\Spyware Terminator
2012-06-19 06:01 . 2012-06-19 06:03 -------- d-----w- c:\programme\Spyware Terminator
2012-06-19 05:59 . 2012-06-27 07:33 -------- d-----w- C:\Corinna gegen Virus
2012-06-15 06:03 . 2012-06-15 06:03 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-15 06:03 . 2012-06-15 06:03 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-14 05:54 . 2012-05-11 14:40 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 07:03 . 2012-06-11 07:03 -------- d-----w- c:\dokumente und einstellungen\zick\Anwendungsdaten\Malwarebytes
2012-06-11 07:03 . 2012-06-11 07:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-11 07:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 07:03 . 2012-06-11 07:03 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-05-31 13:51 . 2012-06-26 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-05-31 13:51 . 2012-05-31 13:51 -------- d-----w- c:\programme\Spybot - Search & Destroy
2012-05-31 09:21 . 2012-05-31 09:21 -------- d-----w- c:\dokumente und einstellungen\zick\Lokale Einstellungen\Anwendungsdaten\Sun
2012-05-31 09:20 . 2012-05-31 09:20 -------- d-----w- c:\programme\Oracle
2012-05-31 09:20 . 2012-05-31 09:20 -------- d-----w- c:\dokumente und einstellungen\zick\Anwendungsdaten\Oracle
2012-05-31 09:20 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-31 08:59 . 2012-05-31 09:00 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2012-05-29 14:02 . 2012-05-29 14:02 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 06:44 . 2012-04-05 06:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 06:44 . 2011-05-18 13:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-20 19:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-20 19:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-20 19:29 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-20 19:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-20 19:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-20 19:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-20 19:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-08-20 19:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-20 19:07 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-20 19:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2004-08-20 19:07 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-20 19:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-20 19:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-20 19:07 385024 ----a-w- c:\windows\system32\html.iec
2012-05-11 07:48 . 2012-05-11 07:48 94064 ----a-w- c:\windows\system32\drivers\k510mdm.sys
2012-05-11 07:48 . 2012-05-11 07:48 85408 ----a-w- c:\windows\system32\drivers\k510mgmt.sys
2012-05-11 07:48 . 2012-05-11 07:48 8336 ----a-w- c:\windows\system32\drivers\k510mdfl.sys
2012-05-11 07:48 . 2012-05-11 07:48 83344 ----a-w- c:\windows\system32\drivers\k510obex.sys
2012-05-11 07:48 . 2012-05-11 07:48 6176 ----a-w- c:\windows\system32\drivers\k510cmnt.sys
2012-05-11 07:48 . 2012-05-11 07:48 6176 ----a-w- c:\windows\system32\drivers\k510cm.sys
2012-05-11 07:48 . 2012-05-11 07:48 58288 ----a-w- c:\windows\system32\drivers\k510bus.sys
2012-05-11 07:48 . 2012-05-11 07:48 5808 ----a-w- c:\windows\system32\drivers\k510whnt.sys
2012-05-11 07:48 . 2012-05-11 07:48 5808 ----a-w- c:\windows\system32\drivers\k510wh.sys
2012-05-09 06:09 . 2012-04-11 06:02 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 06:09 . 2012-04-11 06:02 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2004-08-20 19:07 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-20 19:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 16:47 . 2008-08-09 07:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 16:47 . 2010-08-19 05:56 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-18 10:47 . 2011-05-06 07:12 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-20 16858112]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 995328]
"vspdfprsrv.exe"="c:\programme\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2011-12-16 220744]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"Malwarebytes' Anti-Malware"="c:\corinna gegen virus\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SpywareTerminatorShield"="c:\programme\Spyware Terminator\SpywareTerminatorShield.exe" [2012-03-28 2786480]
"SpywareTerminatorUpdater"="c:\programme\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-03-28 3669680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\zick\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Spyware Terminator\\SpywareTerminator.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.04.2012 08:02 36000]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [19.06.2012 08:02 32768]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.04.2012 08:02 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.06.2012 09:03 654408]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programme\Spyware Terminator\st_rsser.exe [19.06.2012 08:02 482992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.06.2012 09:03 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:00 250056]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [11.05.2012 09:48 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [11.05.2012 09:48 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [11.05.2012 09:48 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [11.05.2012 09:48 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [11.05.2012 09:48 83344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 12:43 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
TCP: Interfaces\{83D246A0-9F1E-44B4-95CB-5F44594EDAA7}: NameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-map&guide 9 Karte Deutschland City - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-28 08:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-28 08:48:38
ComboFix-quarantined-files.txt 2012-06-28 06:48
.
Vor Suchlauf: 7.032.901.632 Bytes frei
Nach Suchlauf: 7.229.173.760 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F9929101133769EFAECD306CF3A62A08
|
|
28.06.2012, 14:39
| #7 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Nein, das ist so richtig! Schritt 1: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
29.06.2012, 13:42
| #8 |
| | Wahrscheinlich Rocketnews Trojaner Hier das Ergebnis: Code:
ATTFilter # AdwCleaner v1.700 - Logfile created 06/29/2012 at 14:02:54
# Updated 26/06/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : zick - ZICKPC1
# Running from : C:\Virus\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\ConduitEngine
File Found : C:\WINDOWS\system32\conduitEngine.tmp
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
*************************
AdwCleaner[R1].txt - [1986 octets] - [29/06/2012 14:02:54]
########## EOF - C:\AdwCleaner[R1].txt - [2114 octets] ##########
|
|
03.07.2012, 06:39
| #9 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Schritt 1: Fix mit adwCleaner
Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.07.2012, 09:39
| #10 |
| | Wahrscheinlich Rocketnews Trojaner adwCleaner: Code:
ATTFilter # AdwCleaner v1.700 - Logfile created 07/04/2012 at 08:30:11
# Updated 26/06/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : zick - ZICKPC1
# Running from : C:\Dokumente und Einstellungen\zick\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Programme\Conduit
Folder Deleted : C:\Programme\ConduitEngine
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [2082 octets] - [04/07/2012 08:30:11]
########## EOF - C:\AdwCleaner[S1].txt - [2210 octets] ##########
Code:
ATTFilter OTL logfile created on: 04.07.2012 08:40:39 - Run 2 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\zick\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,25% Memory free 3,60 Gb Paging File | 2,83 Gb Available in Paging File | 78,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 30,00 Gb Total Space | 6,58 Gb Free Space | 21,94% Space Free | Partition Type: NTFS Drive D: | 202,89 Gb Total Space | 187,60 Gb Free Space | 92,47% Space Free | Partition Type: NTFS Computer Name: ZICKPC1 | User Name: zick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\zick\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Virus\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca Software Solutions) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () MOD - C:\Programme\Visagesoft\eXPert PDF\vspdfdialogs100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\expertpdf4core.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\vspdfcore100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\vsvector100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\vspdfeditor100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\TMSlite100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\te100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\VirtualTree100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\uoolep100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\VSDesktop100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\visage100.bpl () MOD - C:\Programme\Visagesoft\eXPert PDF\vsmisc100.bpl () MOD - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll () MOD - C:\Programme\Visagesoft\eXPert PDF\PKIECtrl100.bpl () MOD - C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll () MOD - C:\WINDOWS\system32\vsmon1.dll () MOD - C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll () MOD - C:\Programme\Visagesoft\eXPert PDF\sqlite.dll () MOD - C:\WINDOWS\system32\BrMuSNMP.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- D:\Temp\catchme.sys File not found DRV - (k510mdm) -- C:\WINDOWS\system32\drivers\k510mdm.sys (MCCI) DRV - (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\k510mgmt.sys (MCCI) DRV - (k510obex) -- C:\WINDOWS\system32\drivers\k510obex.sys (MCCI) DRV - (k510bus) Sony Ericsson K510 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\k510bus.sys (MCCI) DRV - (k510mdfl) -- C:\WINDOWS\system32\drivers\k510mdfl.sys (MCCI) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 12:47:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.31 11:00:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.22 08:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.01.20 17:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Extensions [2010.01.20 17:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.29 11:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions [2011.03.10 15:17:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.21 09:01:07 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Mozilla\Firefox\Profiles\81w2ysld.default\searchplugins\conduit.xml [2012.04.27 12:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.18 12:47:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 08:03:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 08:03:04 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 08:03:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 08:03:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 08:03:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 08:03:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.28 08:47:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found. O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\virus\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Dokumente und Einstellungen\zick\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83D246A0-9F1E-44B4-95CB-5F44594EDAA7}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.20 21:33:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 16:45:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\zick\Recent [2012.06.28 12:10:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.06.28 08:42:36 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.06.28 08:41:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.06.28 08:41:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.06.28 08:41:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.06.28 08:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.06.28 08:41:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.28 08:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.06.28 08:39:32 | 004,570,589 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\zick\Desktop\ComboFix.exe [2012.06.27 08:16:26 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\zick\Desktop\tdsskiller.exe [2012.06.19 11:18:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\zick\Desktop\OTL.exe [2012.06.19 08:02:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Spyware Terminator [2012.06.19 08:02:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2012.06.19 08:02:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012 [2012.06.19 08:01:41 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2012.06.19 07:59:15 | 000,000,000 | ---D | C] -- C:\virus [2012.06.14 07:54:26 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012.06.11 09:03:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\zick\Anwendungsdaten\Malwarebytes [2012.06.11 09:03:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.11 09:03:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.11 09:03:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.11 09:03:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.04 08:44:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.04 08:37:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.04 08:36:17 | 000,193,212 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.07.04 08:36:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.04 08:36:07 | 1877,917,696 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 14:02:24 | 000,609,365 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\adwcleaner.exe [2012.06.28 08:47:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.06.28 08:42:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012.06.28 08:39:45 | 004,570,589 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\zick\Desktop\ComboFix.exe [2012.06.27 08:22:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Gmer.exe [2012.06.27 08:16:27 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\zick\Desktop\tdsskiller.exe [2012.06.25 08:44:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.25 08:44:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.06.19 12:29:36 | 000,000,430 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Verknüpfung mit virus.lnk [2012.06.19 11:18:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\zick\Desktop\OTL.exe [2012.06.19 08:02:49 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2012.06.19 07:59:56 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 08:35:10 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.14 08:15:26 | 000,484,412 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.14 08:15:26 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.14 08:15:26 | 000,094,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.14 08:15:26 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.04 17:09:19 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.06.04 17:09:19 | 000,000,614 | ---- | M] () -- C:\Dokumente und Einstellungen\zick\Desktop\Avira DE-Cleaner.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.29 14:02:23 | 000,609,365 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\adwcleaner.exe [2012.06.28 08:42:40 | 000,000,222 | ---- | C] () -- C:\Boot.bak [2012.06.28 08:42:37 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.06.28 08:41:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.06.28 08:41:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.06.28 08:41:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.06.28 08:41:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.06.28 08:41:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.06.27 08:22:21 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Gmer.exe [2012.06.19 12:29:36 | 000,000,430 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Verknüpfung mit virus.lnk [2012.06.19 08:02:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012.06.19 08:02:49 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2012.06.11 09:03:29 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.04 17:09:19 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.06.04 17:09:19 | 000,000,614 | ---- | C] () -- C:\Dokumente und Einstellungen\zick\Desktop\Avira DE-Cleaner.lnk [2012.02.16 15:31:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.02.18 09:34:51 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2010.08.19 08:01:09 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 08:40:39 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\zick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,25% Memory free
3,60 Gb Paging File | 2,83 Gb Available in Paging File | 78,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,00 Gb Total Space | 6,58 Gb Free Space | 21,94% Space Free | Partition Type: NTFS
Drive D: | 202,89 Gb Total Space | 187,60 Gb Free Space | 92,47% Space Free | Partition Type: NTFS
Computer Name: ZICKPC1 | User Name: zick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{79991ABF-6E64-4177-BD97-4C62443B8F9A}" = map&guide Call Center
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 10.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.06.2012 06:11:07 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 28.06.2012 07:10:29 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 28.06.2012 07:10:29 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 29.06.2012 08:01:24 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 29.06.2012 08:01:26 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 29.06.2012 08:29:56 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 29.06.2012 08:29:59 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 02.07.2012 09:53:10 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 02.07.2012 09:53:13 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 04.07.2012 02:29:13 | Computer Name = ZICKPC1 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\zick\RECENT\DESKTOP.INI> in
der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
[ System Events ]
Error - 04.06.2012 10:29:05 | Computer Name = ZICKPC1 | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "D:\Eigene Dateien\Downloads\msert.exe"
in Zeile 0.
Error - 04.06.2012 10:29:05 | Computer Name = ZICKPC1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für D:\Eigene Dateien\Downloads\msert.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 04.07.2012 02:32:26 | Computer Name = ZICKPC1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 04.07.2012 02:32:26 | Computer Name = ZICKPC1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
05.07.2012, 06:06
| #11 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.07.2012, 08:07
| #12 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.07.2012, 11:13
| #13 |
| | Wahrscheinlich Rocketnews Trojaner Hallo, ja, ich brauche noch Hilfe. Zwar sind die Probleme verschwunden, aber ich warte bis du sagt es passt. Ich ersticke gerade nur in Arbeit und komme deshalb nicht zú den Scans, aber sobald ich sie habe, schreib ich sie hier rein. Sorry wegen der Verzögerung  |
|
12.07.2012, 10:54
| #14 |
| | Wahrscheinlich Rocketnews Trojaner ok, endlich dazu gekommen. Eset lässt mich nichts anzeigen, weil es nichts findet. Es gibt kein "List of found threats", er meldet nur "no threats found". MBAM liefert: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.10.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 kss1 :: ZICKPC1 [Administrator] Schutz: Aktiviert 10.07.2012 10:32:12 mbam-log-2012-07-10 (10-32-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352243 Laufzeit: 1 Stunde(n), 59 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
05.08.2012, 22:08
| #15 |
| /// Malwareteam | Wahrscheinlich Rocketnews Trojaner Dieses Thema wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Wahrscheinlich Rocketnews Trojaner |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivir, avg, avira, bho, crypto, dateisystem, desktop, entfernen, error, expert pdf, explorer, firefox, firefox 13.0.1, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, logfile, monitor, mozilla, object, plug-in, realtek, registry, rocketnews, rundll, safer networking, searchscopes, security, software, spyware, trojane, trojaner, usb, wrapper |
