| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.01.2013, 10:53
| #1 |
 | ![TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] - Frage](images/icons/icon5.gif){kind=icon} TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Guten Morgen liebes Anti-Trojaner-Team, vielen Dank erst einmal, dass Ihr hier so tolle Hilfe leistet! Als ich mal wieder mit dem CCleaner die temporären Dateien löschen wollte, meldete Avira Free mehrere Funde. Zuvor hatte ich Java komplett deinstalliert, ich nehme aber an, dass es da keinen Zusammenhang gibt. Da bei mir mehrere Sachen gefunden wurde, wollte ich mich lieber gleich melden, anstatt aus allen möglichen Threads Lösungen auszuprobieren und dabei evtl. schlimmeres anzurichten. Avira Funde: Code:
ATTFilter Exportierte Ereignisse:
20.01.2013 19:42 [System Scanner] Malware gefunden
Die Datei 'C:\Users\...\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c41b9ff.qua'
verschoben!
20.01.2013 19:42 [System Scanner] Malware gefunden
Die Datei 'C:\Users\...\AppData\Local\Temp\~!#4F4A.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdz.4040.1' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ac97ea.qua'
verschoben!
20.01.2013 19:42 [System Scanner] Malware gefunden
Die Datei 'C:\Users\...\AppData\Local\Temp\P9KOT1O4R.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e3ce2cd.qua'
verschoben!
20.01.2013 19:42 [System Scanner] Malware gefunden
Die Datei 'C:\Users\...\AppData\Local\Temp\2MV9N.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Buzus.hlmnubac' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '781ead3b.qua'
verschoben!
20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\...\AppData\Local\Temp\msimg32.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\...\AppData\Local\Temp\2MV9N.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Buzus.hlmnubac' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\...\AppData\Local\Temp\~!#4F4A.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.kdz.4040.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
In der Datei 'C:\Users\...\AppData\Local\Temp\P9KOT1O4R.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.01.2013 11:03 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-2339767433-1062430166-1985639694-1000\$e28a836f70bcf37
e4b7b08a58bc11a6a\n'
wurde ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Malwarebytes Anti-Malware - Logdatei: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.20.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ... :: ...-PC [Administrator] Schutz: Aktiviert 20.01.2013 20:03:46 mbam-log-2013-01-20 (20-03-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202384 Laufzeit: 4 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2339767433-1062430166-1985639694-1000\$e28a836f70bcf37e4b7b08a58bc11a6a\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL.txt: Code:
ATTFilter OTL logfile created on: 20.01.2013 20:36:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,29% Memory free 6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,02 Gb Total Space | 186,42 Gb Free Space | 64,72% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Computer Name: ...-PC | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll () MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll () MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll () ========== Services (SafeList) ========== SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\...\Desktop IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4080819 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DADE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621 FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.3 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.11.30 12:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.23 15:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M] [2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.14 11:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions [2010.11.18 18:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.14 11:09:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.08 11:32:48 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.05.25 11:51:16 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\pl@dictionaries.addons.mozilla.org [2012.08.19 07:29:36 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\tw3vpg9y.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013.01.19 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.30 12:55:36 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.01.19 12:49:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.16 22:21:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.16 22:21:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.16 22:21:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.16 22:21:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.16 22:21:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22F7C89-F44E-4F73-A8BD-2EB9408C7E17}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E823C953-D722-4CEA-B45C-F1C2E5AB60EC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E939E098-3699-4A2A-829A-22D8CE68A986}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F8F987-CA60-46BA-8B07-7DE04D765AC2}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG O24 - Desktop BackupWallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{514387a2-cc07-11e0-bd5a-001d099eb19b}\Shell - "" = AutoRun O33 - MountPoints2\{514387a2-cc07-11e0-bd5a-001d099eb19b}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{a9d0da13-f1c9-11dd-9bee-001d099eb19b}\Shell - "" = AutoRun O33 - MountPoints2\{a9d0da13-f1c9-11dd-9bee-001d099eb19b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013.01.20 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2013.01.20 20:01:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.19 12:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.11 08:56:44 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.11 08:55:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.01 15:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.01 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.30 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.12.30 19:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.12.28 10:44:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.28 10:44:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2013.01.20 20:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 20:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 20:30:49 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable [2013.01.20 20:17:03 | 000,443,065 | ---- | M] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf [2013.01.20 20:13:41 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe [2013.01.20 20:09:02 | 013,462,931 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip [2013.01.20 20:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013.01.20 20:01:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 19:22:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.20 17:19:47 | 000,630,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.20 17:19:47 | 000,127,492 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.20 17:19:47 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.20 17:19:47 | 000,008,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.20 17:14:53 | 3207,786,496 | -HS- | M] () -- C:\hiberfil.sys [2013.01.18 23:30:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.18 23:30:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.16 16:42:54 | 000,001,740 | -H-- | M] () -- C:\Users\...\Documents\Default.rdp [2013.01.11 11:13:02 | 000,367,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.01 15:01:58 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 19:51:08 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk ========== Files Created - No Company Name ========== [2013.01.20 20:30:49 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable [2013.01.20 20:17:01 | 000,443,065 | ---- | C] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf [2013.01.20 20:13:40 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe [2013.01.20 20:08:19 | 013,462,931 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip [2013.01.20 20:01:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.01 15:01:58 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 19:51:08 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.11.30 17:01:57 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.11.30 17:01:57 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.11.30 17:01:56 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.11.30 17:01:56 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.11.30 17:01:56 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.05.04 23:12:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2012.04.23 23:18:51 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.01.11 16:58:13 | 000,020,704 | ---- | C] () -- C:\Users\...\AppData\Roaming\UserTile.png [2011.08.28 15:31:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.28 15:31:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.28 15:31:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.28 15:31:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.28 15:31:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.28 15:31:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.28 15:31:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.28 15:31:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.28 15:31:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.28 15:31:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.28 15:31:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.28 15:31:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.06 15:07:36 | 000,067,072 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.27 17:26:22 | 000,027,863 | ---- | C] () -- C:\Users\...\AppData\Roaming\Kommagetrennte Werte (Windows).ADR ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.09.12 18:37:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ACD Systems [2012.11.01 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Amazon [2012.09.30 13:09:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft [2012.09.30 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.30 10:32:22 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit Software [2008.09.12 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\GHISLER [2012.06.08 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IrfanView [2008.09.14 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\MAGIX [2009.01.29 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Map Maker [2011.03.06 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PCDr [2012.05.06 17:24:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\pdfforge [2012.01.11 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PeerNetworking [2012.11.30 14:58:26 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Swiss Academic Software [2010.07.16 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7968.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7958.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7944.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7894.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\MAGIX_Fotos_auf_CD_DVD_65_e-version:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.01.2013 20:36:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,29% Memory free
6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,02 Gb Total Space | 186,42 Gb Free Space | 64,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{507E94CE-C66B-4DE4-B6AD-267B84FAC6B4}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{BA4FF2D5-E343-496F-96AF-B6012C7A55AD}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{237FBD77-363D-4CE4-9805-7C960545F3BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53701B50-27DC-4072-B9CC-569A745B5B6D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C4A2C34F-6353-4295-BE80-127241163D67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA59F34A-8F9E-4A2C-B661-4909E818AA6B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1G
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = Dell Support Center
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2011 10:52:03 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description =
Error - 21.05.2011 10:52:04 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description =
Error - 23.05.2011 13:01:14 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2011 13:02:08 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description =
Error - 23.05.2011 13:02:09 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description =
Error - 24.05.2011 07:48:37 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2011 08:11:50 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00067d5a, Prozess-ID 0xbf4, Anwendungsstartzeit
01cc1a0b50282b50.
Error - 24.05.2011 08:14:56 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x000673c0, Prozess-ID 0x13ec, Anwendungsstartzeit
01cc1a0bccd158c0.
Error - 24.05.2011 14:32:43 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2011 04:26:12 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.01.2013 11:35:48 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.01.2013 05:50:03 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.01.2013 08:36:13 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.01.2013 06:05:11 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.01.2013 18:30:15 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2013 05:02:19 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2013 16:00:58 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 03:27:25 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 07:16:46 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 12:16:40 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Gmer.txt: Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-20 23:23:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 Hitachi_HDP725032GLA360 rev.GM3OA5BA 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\...\AppData\Local\Temp\fglcquod.sys
---- System - GMER 2.0 ----
SSDT 8C3ABB96 ZwCreateSection
SSDT 8C3ABBA0 ZwRequestWaitReplyPort
SSDT 8C3ABB9B ZwSetContextThread
SSDT 8C3ABBA5 ZwSetSecurityObject
SSDT 8C3ABBAA ZwSystemDebugControl
SSDT 8C3ABB37 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822C18D8 4 Bytes [96, BB, 3A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 822C1BFC 4 Bytes [A0, BB, 3A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 822C1C30 4 Bytes [9B, BB, 3A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822C1C94 4 Bytes [A5, BB, 3A, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 822C1CDC 4 Bytes [AA, BB, 3A, 8C]
.text ...
---- EOF - GMER 2.0 ----
lg, me. |
|
21.01.2013, 12:37
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ![TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] - Standard](images/icons/icon1.gif){kind=icon} TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hallo und
__________________ Bitte ein Log mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
21.01.2013, 13:16
| #3 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hallo Cosinus,
__________________vielen Dank schon einmal vorneweg, dass Du Dich meines Problems annimmst! Combofix habe ich nach Anweisung ausgeführt. Hier ist die Logdatei combofix.txt: Code:
ATTFilter ComboFix 13-01-21.01 - ... 21.01.2013 13:00:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3060.1962 [GMT 1:00]
ausgeführt von:: c:\users\...\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
c:\users\...\4.0
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-21 bis 2013-01-21 ))))))))))))))))))))))))))))))
.
.
2013-01-21 12:05 . 2013-01-21 12:05 -------- d-----w- c:\users\...\AppData\Local\temp
2013-01-21 12:05 . 2013-01-21 12:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-20 19:01 . 2013-01-20 19:01 -------- d-----w- c:\users\...\AppData\Roaming\Malwarebytes
2013-01-20 19:01 . 2013-01-20 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-20 19:01 . 2013-01-20 19:01 -------- d-----w- c:\programdata\Malwarebytes
2013-01-20 19:01 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 10:19 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA4CA769-C3E2-4140-91A1-13AE2BDCDE93}\mpengine.dll
2013-01-11 07:56 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-11 07:55 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-11 07:55 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-01 14:01 . 2013-01-01 14:01 -------- d-----w- c:\program files\CCleaner
2012-12-30 18:51 . 2012-12-30 18:51 -------- d-----w- c:\program files\Defraggler
2012-12-28 09:44 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-28 09:44 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 22:30 . 2012-04-23 15:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-18 22:30 . 2011-05-17 18:33 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09 . 2012-12-13 08:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:22 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:22 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-02 10:18 . 2012-12-13 08:19 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-13 08:19 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-19 11:49 . 2013-01-19 11:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Setup-Assistent.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2109440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Free YouTube to MP3 Converter - c:\users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\...\AppData\Roaming\Mozilla\Firefox\Profiles\tw3vpg9y.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2012-11-30 12:55; {8AA36F4F-6DC7-4c06-77AF-5035170634FE}; c:\programdata\Swiss Academic Software\Citavi Picker\Firefox
FF - ExtSQL: !HIDDEN! 2009-06-25 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-21 13:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.nef"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20po"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20pp"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20ppf"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"
.
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xmp"
.
Zeit der Fertigstellung: 2013-01-21 13:06:53
ComboFix-quarantined-files.txt 2013-01-21 12:06
.
Vor Suchlauf: 15 Verzeichnis(se), 200.272.691.200 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 200.197.046.272 Bytes frei
.
- - End Of File - - D772541A73D9C2AD9D2232F2BE1C2A4D
lg, me. |
|
21.01.2013, 13:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.01.2013, 13:45
| #5 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, ich habe das Malwarebytes Anti-Rootkit nach Anleitung ausgeführt. Hier ist die Logdatei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.21.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
... :: ...-PC [administrator]
21.01.2013 13:34:39
mbar-log-2013-01-21 (13-34-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26017
Time elapsed: 5 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
lg, me. |
|
21.01.2013, 13:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ --> TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] |
|
21.01.2013, 14:07
| #7 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, die exportierten Ereignisse von Avira Free Antivirus hatte ich oben ja gepostet. Im Bereich Berichte kann ich mir zwar den Bericht anzeigen lassen, aber die Report-Datei konnte nicht gefunden werden & als ich auf "Datei neu anlegen" geklickt habe (ich dachte, die Log-Datei würde inkl. Inhalt neu erzeugt), war die Log-Datei komplett leer. Bei Malwarebytes habe ich nun noch eine zweite Logdatei gefunden, die wohl automatisch mit angelegt wurde (nach dem Quick-Scan, aber ich weiß nicht, ob vor oder nach der anderen Log-Datei): Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.20.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ... :: ...-PC [Administrator] Schutz: Aktiviert 20.01.2013 20:03:46 MBAM-log-2013-01-20 (20-20-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202384 Laufzeit: 4 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2339767433-1062430166-1985639694-1000\$e28a836f70bcf37e4b7b08a58bc11a6a\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Soll ich mit Malwarebytes noch einen kompletten Suchlauf machen? lg, me. |
|
21.01.2013, 14:10
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]Zitat:
Jetzt geht es weiter: 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 14:52
| #9 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, entschuldige bitte, das war von mir so gemeint, dass ich eben auf Deine Anweisung warte. Ich habe ohne Anweisung keine weiteren Scans durchgeführt!Der Versuch, vor den nächsten Schritten das Avira System Tray Tool über den Taskmanager zu beenden, führte zu einer Fehlermeldung. Allerdings sieht man weder in der Taskleiste noch in der Schnellstartleiste ein entsprechendes Symbol, ich gehe also davon aus, dass das Programm nicht mehr läuft. Ich habe aswMBR nach Anweisung ausgeführt. aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-21 14:20:14
-----------------------------
14:20:14.393 OS Version: Windows 6.0.6002 Service Pack 2
14:20:14.393 Number of processors: 2 586 0xF0D
14:20:14.393 ComputerName: ...-PC UserName: ...
14:20:15.501 Initialize success
14:24:09.579 AVAST engine defs: 13012100
14:24:47.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:24:47.440 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA5BA Size: 305245MB BusType: 3
14:24:47.455 Disk 0 MBR read successfully
14:24:47.471 Disk 0 MBR scan
14:24:47.471 Disk 0 Windows VISTA default MBR code
14:24:47.487 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
14:24:47.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 145408
14:24:47.518 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294933 MB offset 21116928
14:24:47.533 Disk 0 scanning sectors +625139712
14:24:47.627 Disk 0 scanning C:\Windows\system32\drivers
14:24:59.171 Service scanning
14:25:20.730 Modules scanning
14:25:25.301 Disk 0 trace - called modules:
14:25:25.332 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:25:25.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8551d1f8]
14:25:25.348 3 CLASSPNP.SYS[8a5a98b3] -> nt!IofCallDriver -> [0x8533c590]
14:25:25.348 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8531a8d8]
14:25:26.175 AVAST engine scan C:\Windows
14:25:29.747 AVAST engine scan C:\Windows\system32
14:29:28.895 AVAST engine scan C:\Windows\system32\drivers
14:29:45.759 AVAST engine scan C:\Users\...
14:32:25.581 AVAST engine scan C:\ProgramData
14:35:51.563 Scan finished successfully
14:39:36.749 Disk 0 MBR has been saved successfully to "C:\Users\...\Desktop\MBR.dat"
14:39:36.749 The log file has been saved successfully to "C:\Users\...\Desktop\aswMBR.txt"
Logdatei: Code:
ATTFilter 14:43:58.0065 3416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:43:58.0314 3416 ============================================================
14:43:58.0314 3416 Current date / time: 2013/01/21 14:43:58.0314
14:43:58.0314 3416 SystemInfo:
14:43:58.0314 3416
14:43:58.0314 3416 OS Version: 6.0.6002 ServicePack: 2.0
14:43:58.0314 3416 Product type: Workstation
14:43:58.0314 3416 ComputerName: ...-PC
14:43:58.0314 3416 UserName: ...
14:43:58.0314 3416 Windows directory: C:\Windows
14:43:58.0314 3416 System windows directory: C:\Windows
14:43:58.0314 3416 Processor architecture: Intel x86
14:43:58.0314 3416 Number of processors: 2
14:43:58.0314 3416 Page size: 0x1000
14:43:58.0314 3416 Boot type: Normal boot
14:43:58.0314 3416 ============================================================
14:43:59.0094 3416 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F,
TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:43:59.0094 3416 ============================================================
14:43:59.0094 3416 \Device\Harddisk0\DR0:
14:43:59.0094 3416 MBR partitions:
14:43:59.0094 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1400000
14:43:59.0094 3416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1423800, BlocksNum 0x2400A800
14:43:59.0094 3416 ============================================================
14:43:59.0125 3416 C: <-> \Device\Harddisk0\DR0\Partition2
14:43:59.0141 3416 D: <-> \Device\Harddisk0\DR0\Partition1
14:43:59.0141 3416 ============================================================
14:43:59.0141 3416 Initialize success
14:43:59.0141 3416 ============================================================
14:44:19.0047 3832 ============================================================
14:44:19.0047 3832 Scan started
14:44:19.0047 3832 Mode: Manual; SigCheck; TDLFS;
14:44:19.0047 3832 ============================================================
14:44:19.0483 3832 ================ Scan system memory ========================
14:44:19.0483 3832 System memory - ok
14:44:19.0483 3832 ================ Scan services =============================
14:44:19.0608 3832 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:44:19.0702 3832 ACPI - ok
14:44:19.0733 3832 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:44:19.0764 3832 adp94xx - ok
14:44:19.0780 3832 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:44:19.0795 3832 adpahci - ok
14:44:19.0811 3832 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:44:19.0827 3832 adpu160m - ok
14:44:19.0842 3832 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:44:19.0858 3832 adpu320 - ok
14:44:19.0889 3832 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:44:19.0967 3832 AeLookupSvc - ok
14:44:20.0061 3832 [ A6CE73469591554279DA63BE715DBC93 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
14:44:20.0076 3832 AERTFilters - ok
14:44:20.0107 3832 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:44:20.0154 3832 AFD - ok
14:44:20.0201 3832 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:44:20.0217 3832 agp440 - ok
14:44:20.0248 3832 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:44:20.0263 3832 aic78xx - ok
14:44:20.0295 3832 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:44:20.0373 3832 ALG - ok
14:44:20.0388 3832 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:44:20.0404 3832 aliide - ok
14:44:20.0419 3832 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:44:20.0435 3832 amdagp - ok
14:44:20.0451 3832 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:44:20.0466 3832 amdide - ok
14:44:20.0482 3832 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:44:20.0513 3832 AmdK7 - ok
14:44:20.0529 3832 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:44:20.0544 3832 AmdK8 - ok
14:44:20.0607 3832 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:44:20.0622 3832 AntiVirSchedulerService - ok
14:44:20.0653 3832 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:44:20.0669 3832 AntiVirService - ok
14:44:20.0716 3832 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:44:20.0747 3832 Appinfo - ok
14:44:20.0794 3832 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:44:20.0809 3832 arc - ok
14:44:20.0841 3832 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:44:20.0856 3832 arcsas - ok
14:44:20.0887 3832 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:20.0934 3832 AsyncMac - ok
14:44:20.0965 3832 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:44:20.0981 3832 atapi - ok
14:44:21.0012 3832 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:44:21.0043 3832 AudioEndpointBuilder - ok
14:44:21.0043 3832 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:44:21.0075 3832 Audiosrv - ok
14:44:21.0106 3832 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:44:21.0121 3832 avgntflt - ok
14:44:21.0168 3832 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:44:21.0184 3832 avipbb - ok
14:44:21.0199 3832 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:44:21.0215 3832 avkmgr - ok
14:44:21.0262 3832 [ E3D7BC2DD538C9029E3849B129062AA2 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:44:21.0309 3832 BCM43XX - ok
14:44:21.0340 3832 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:44:21.0371 3832 Beep - ok
14:44:21.0418 3832 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:44:21.0480 3832 BFE - ok
14:44:21.0527 3832 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
14:44:21.0574 3832 BITS - ok
14:44:21.0605 3832 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:44:21.0636 3832 blbdrive - ok
14:44:21.0667 3832 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:44:21.0699 3832 bowser - ok
14:44:21.0730 3832 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:44:21.0777 3832 BrFiltLo - ok
14:44:21.0792 3832 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:44:21.0855 3832 BrFiltUp - ok
14:44:21.0870 3832 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:44:21.0917 3832 Browser - ok
14:44:21.0933 3832 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:44:22.0089 3832 Brserid - ok
14:44:22.0120 3832 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:44:22.0198 3832 BrSerWdm - ok
14:44:22.0213 3832 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:44:22.0291 3832 BrUsbMdm - ok
14:44:22.0307 3832 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:44:22.0354 3832 BrUsbSer - ok
14:44:22.0385 3832 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:44:22.0432 3832 BTHMODEM - ok
14:44:22.0494 3832 catchme - ok
14:44:22.0510 3832 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:44:22.0557 3832 cdfs - ok
14:44:22.0572 3832 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:44:22.0619 3832 cdrom - ok
14:44:22.0666 3832 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:44:22.0697 3832 CertPropSvc - ok
14:44:22.0713 3832 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:44:22.0744 3832 circlass - ok
14:44:22.0775 3832 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:44:22.0791 3832 CLFS - ok
14:44:22.0837 3832 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:22.0884 3832 clr_optimization_v2.0.50727_32 - ok
14:44:22.0931 3832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:22.0947 3832 clr_optimization_v4.0.30319_32 - ok
14:44:22.0978 3832 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:44:22.0993 3832 cmdide - ok
14:44:23.0009 3832 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:44:23.0025 3832 Compbatt - ok
14:44:23.0040 3832 COMSysApp - ok
14:44:23.0056 3832 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:44:23.0071 3832 crcdisk - ok
14:44:23.0087 3832 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:44:23.0134 3832 Crusoe - ok
14:44:23.0165 3832 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:44:23.0181 3832 CryptSvc - ok
14:44:23.0227 3832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:44:23.0259 3832 DcomLaunch - ok
14:44:23.0290 3832 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:44:23.0305 3832 DfsC - ok
14:44:23.0368 3832 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:44:23.0477 3832 DFSR - ok
14:44:23.0508 3832 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:44:23.0539 3832 Dhcp - ok
14:44:23.0571 3832 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:44:23.0586 3832 disk - ok
14:44:23.0633 3832 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:44:23.0680 3832 Dnscache - ok
14:44:23.0695 3832 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:44:23.0727 3832 dot3svc - ok
14:44:23.0773 3832 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:44:23.0820 3832 Dot4 - ok
14:44:23.0836 3832 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:44:23.0867 3832 Dot4Print - ok
14:44:23.0883 3832 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:44:23.0914 3832 dot4usb - ok
14:44:23.0945 3832 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:44:23.0976 3832 DPS - ok
14:44:24.0023 3832 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:44:24.0039 3832 drmkaud - ok
14:44:24.0070 3832 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:44:24.0101 3832 DXGKrnl - ok
14:44:24.0148 3832 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
14:44:24.0148 3832 e1express - ok
14:44:24.0163 3832 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:44:24.0195 3832 E1G60 - ok
14:44:24.0241 3832 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:44:24.0273 3832 EapHost - ok
14:44:24.0304 3832 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:44:24.0319 3832 Ecache - ok
14:44:24.0366 3832 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:44:24.0397 3832 ehRecvr - ok
14:44:24.0413 3832 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:44:24.0460 3832 ehSched - ok
14:44:24.0460 3832 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:44:24.0491 3832 ehstart - ok
14:44:24.0522 3832 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:44:24.0538 3832 elxstor - ok
14:44:24.0585 3832 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:44:24.0647 3832 EMDMgmt - ok
14:44:24.0694 3832 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
14:44:24.0725 3832 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
14:44:24.0725 3832 epmntdrv - detected UnsignedFile.Multi.Generic (1)
14:44:24.0741 3832 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:44:24.0787 3832 ErrDev - ok
14:44:24.0803 3832 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
14:44:24.0819 3832 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
14:44:24.0819 3832 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
14:44:24.0865 3832 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:44:24.0881 3832 EventSystem - ok
14:44:24.0912 3832 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:44:24.0959 3832 exfat - ok
14:44:24.0975 3832 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:44:25.0006 3832 fastfat - ok
14:44:25.0021 3832 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:44:25.0053 3832 fdc - ok
14:44:25.0084 3832 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:44:25.0099 3832 fdPHost - ok
14:44:25.0099 3832 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:44:25.0146 3832 FDResPub - ok
14:44:25.0162 3832 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:44:25.0162 3832 FileInfo - ok
14:44:25.0177 3832 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:44:25.0209 3832 Filetrace - ok
14:44:25.0287 3832 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
14:44:25.0349 3832 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:44:25.0349 3832 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:44:25.0380 3832 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:25.0411 3832 flpydisk - ok
14:44:25.0443 3832 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:44:25.0458 3832 FltMgr - ok
14:44:25.0536 3832 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:44:25.0599 3832 FontCache - ok
14:44:25.0645 3832 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:44:25.0661 3832 FontCache3.0.0.0 - ok
14:44:25.0677 3832 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:44:25.0708 3832 Fs_Rec - ok
14:44:25.0739 3832 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:44:25.0755 3832 gagp30kx - ok
14:44:25.0786 3832 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:44:25.0848 3832 gpsvc - ok
14:44:25.0895 3832 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:44:25.0942 3832 HdAudAddService - ok
14:44:25.0973 3832 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:26.0020 3832 HDAudBus - ok
14:44:26.0051 3832 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:44:26.0082 3832 HidBth - ok
14:44:26.0113 3832 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:44:26.0160 3832 HidIr - ok
14:44:26.0176 3832 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
14:44:26.0191 3832 hidserv - ok
14:44:26.0207 3832 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:44:26.0238 3832 HidUsb - ok
14:44:26.0254 3832 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:44:26.0301 3832 hkmsvc - ok
14:44:26.0301 3832 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:44:26.0316 3832 HpCISSs - ok
14:44:26.0347 3832 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:44:26.0394 3832 HTTP - ok
14:44:26.0425 3832 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:44:26.0425 3832 i2omp - ok
14:44:26.0472 3832 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:26.0503 3832 i8042prt - ok
14:44:26.0550 3832 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
14:44:26.0566 3832 iaStor - ok
14:44:26.0597 3832 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:44:26.0613 3832 iaStorV - ok
14:44:26.0675 3832 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
\IDriverT.exe
14:44:26.0691 3832 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:44:26.0691 3832 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:44:26.0753 3832 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\infocard.exe
14:44:26.0815 3832 idsvc - ok
14:44:26.0878 3832 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:44:26.0971 3832 igfx - ok
14:44:26.0987 3832 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:44:27.0003 3832 iirsp - ok
14:44:27.0034 3832 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:44:27.0081 3832 IKEEXT - ok
14:44:27.0190 3832 [ B35F19AFF279E08B567B281FB2E94291 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:44:27.0299 3832 IntcAzAudAddService - ok
14:44:27.0346 3832 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:44:27.0361 3832 intelide - ok
14:44:27.0377 3832 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:44:27.0424 3832 intelppm - ok
14:44:27.0455 3832 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:44:27.0502 3832 IPBusEnum - ok
14:44:27.0517 3832 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:27.0580 3832 IpFilterDriver - ok
14:44:27.0611 3832 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:44:27.0658 3832 iphlpsvc - ok
14:44:27.0658 3832 IpInIp - ok
14:44:27.0705 3832 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:44:27.0736 3832 IPMIDRV - ok
14:44:27.0751 3832 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:44:27.0814 3832 IPNAT - ok
14:44:27.0829 3832 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:44:27.0861 3832 IRENUM - ok
14:44:27.0876 3832 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:44:27.0907 3832 isapnp - ok
14:44:27.0939 3832 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:27.0970 3832 iScsiPrt - ok
14:44:27.0985 3832 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:44:28.0001 3832 iteatapi - ok
14:44:28.0032 3832 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:44:28.0048 3832 iteraid - ok
14:44:28.0063 3832 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:28.0095 3832 kbdclass - ok
14:44:28.0110 3832 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:28.0141 3832 kbdhid - ok
14:44:28.0173 3832 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:44:28.0204 3832 KeyIso - ok
14:44:28.0251 3832 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:44:28.0282 3832 KSecDD - ok
14:44:28.0313 3832 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:44:28.0391 3832 KtmRm - ok
14:44:28.0422 3832 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
14:44:28.0469 3832 LanmanServer - ok
14:44:28.0500 3832 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:44:28.0547 3832 LanmanWorkstation - ok
14:44:28.0578 3832 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:44:28.0625 3832 lltdio - ok
14:44:28.0672 3832 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:44:28.0734 3832 lltdsvc - ok
14:44:28.0750 3832 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:44:28.0828 3832 lmhosts - ok
14:44:28.0859 3832 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:44:28.0875 3832 LSI_FC - ok
14:44:28.0890 3832 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:44:28.0921 3832 LSI_SAS - ok
14:44:28.0968 3832 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:44:28.0984 3832 LSI_SCSI - ok
14:44:29.0015 3832 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:44:29.0062 3832 luafv - ok
14:44:29.0077 3832 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:44:29.0093 3832 MBAMProtector - ok
14:44:29.0140 3832 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:44:29.0171 3832 MBAMScheduler - ok
14:44:29.0218 3832 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:29.0265 3832 MBAMService - ok
14:44:29.0311 3832 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:44:29.0343 3832 McComponentHostService - ok
14:44:29.0389 3832 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:44:29.0436 3832 Mcx2Svc - ok
14:44:29.0467 3832 [ A24130AC6472A7EB41388A0739BB7B86 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
14:44:29.0483 3832 MDM ( UnsignedFile.Multi.Generic ) - warning
14:44:29.0483 3832 MDM - detected UnsignedFile.Multi.Generic (1)
14:44:29.0530 3832 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:44:29.0545 3832 megasas - ok
14:44:29.0592 3832 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:44:29.0623 3832 MegaSR - ok
14:44:29.0639 3832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:44:29.0686 3832 MMCSS - ok
14:44:29.0717 3832 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:44:29.0764 3832 Modem - ok
14:44:29.0779 3832 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:44:29.0826 3832 monitor - ok
14:44:29.0826 3832 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:44:29.0857 3832 mouclass - ok
14:44:29.0873 3832 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:44:29.0889 3832 mouhid - ok
14:44:29.0904 3832 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:44:29.0904 3832 MountMgr - ok
14:44:29.0951 3832 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:44:29.0967 3832 MozillaMaintenance - ok
14:44:29.0998 3832 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:44:30.0013 3832 mpio - ok
14:44:30.0029 3832 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:44:30.0045 3832 mpsdrv - ok
14:44:30.0060 3832 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:44:30.0091 3832 MpsSvc - ok
14:44:30.0107 3832 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:44:30.0123 3832 Mraid35x - ok
14:44:30.0138 3832 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:44:30.0154 3832 MRxDAV - ok
14:44:30.0169 3832 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:30.0185 3832 mrxsmb - ok
14:44:30.0216 3832 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:30.0232 3832 mrxsmb10 - ok
14:44:30.0247 3832 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:30.0263 3832 mrxsmb20 - ok
14:44:30.0294 3832 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
14:44:30.0310 3832 msahci - ok
14:44:30.0325 3832 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:44:30.0325 3832 msdsm - ok
14:44:30.0357 3832 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:44:30.0403 3832 MSDTC - ok
14:44:30.0419 3832 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:44:30.0450 3832 Msfs - ok
14:44:30.0481 3832 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:44:30.0497 3832 msisadrv - ok
14:44:30.0513 3832 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:44:30.0544 3832 MSiSCSI - ok
14:44:30.0559 3832 msiserver - ok
14:44:30.0575 3832 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:44:30.0606 3832 MSKSSRV - ok
14:44:30.0637 3832 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:30.0684 3832 MSPCLOCK - ok
14:44:30.0700 3832 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:44:30.0731 3832 MSPQM - ok
14:44:30.0762 3832 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:44:30.0778 3832 MsRPC - ok
14:44:30.0809 3832 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:30.0825 3832 mssmbios - ok
14:44:30.0840 3832 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:44:30.0871 3832 MSTEE - ok
14:44:30.0887 3832 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:44:30.0903 3832 Mup - ok
14:44:30.0934 3832 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:44:30.0981 3832 napagent - ok
14:44:31.0012 3832 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:44:31.0027 3832 NativeWifiP - ok
14:44:31.0074 3832 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:44:31.0105 3832 NDIS - ok
14:44:31.0137 3832 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:31.0168 3832 NdisTapi - ok
14:44:31.0183 3832 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:31.0230 3832 Ndisuio - ok
14:44:31.0246 3832 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:31.0293 3832 NdisWan - ok
14:44:31.0308 3832 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:44:31.0339 3832 NDProxy - ok
14:44:31.0339 3832 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:44:31.0386 3832 NetBIOS - ok
14:44:31.0417 3832 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:44:31.0449 3832 netbt - ok
14:44:31.0464 3832 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:44:31.0480 3832 Netlogon - ok
14:44:31.0511 3832 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:44:31.0558 3832 Netman - ok
14:44:31.0573 3832 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:44:31.0620 3832 netprofm - ok
14:44:31.0667 3832 [ AF14F279BF4AC27560C6BCC82CB09D24 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
14:44:31.0714 3832 netr28u - ok
14:44:31.0776 3832 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\SMSvcHost.exe
14:44:31.0792 3832 NetTcpPortSharing - ok
14:44:31.0823 3832 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:44:31.0823 3832 nfrd960 - ok
14:44:31.0854 3832 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:44:31.0870 3832 NlaSvc - ok
14:44:31.0901 3832 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:44:31.0917 3832 Npfs - ok
14:44:31.0963 3832 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
14:44:31.0979 3832 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
14:44:31.0979 3832 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
14:44:31.0995 3832 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:44:32.0026 3832 nsi - ok
14:44:32.0041 3832 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:44:32.0088 3832 nsiproxy - ok
14:44:32.0135 3832 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:44:32.0166 3832 Ntfs - ok
14:44:32.0182 3832 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:44:32.0229 3832 ntrigdigi - ok
14:44:32.0244 3832 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:44:32.0275 3832 Null - ok
14:44:32.0291 3832 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:44:32.0291 3832 nvraid - ok
14:44:32.0322 3832 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:44:32.0338 3832 nvstor - ok
14:44:32.0369 3832 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:44:32.0369 3832 nv_agp - ok
14:44:32.0385 3832 NwlnkFlt - ok
14:44:32.0385 3832 NwlnkFwd - ok
14:44:32.0416 3832 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:44:32.0478 3832 ohci1394 - ok
14:44:32.0509 3832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:44:32.0556 3832 p2pimsvc - ok
14:44:32.0572 3832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:44:32.0603 3832 p2psvc - ok
14:44:32.0619 3832 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:44:32.0665 3832 Parport - ok
14:44:32.0681 3832 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:44:32.0697 3832 partmgr - ok
14:44:32.0712 3832 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:44:32.0775 3832 Parvdm - ok
14:44:32.0790 3832 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:44:32.0821 3832 PcaSvc - ok
14:44:32.0837 3832 PcdrNdisuio - ok
14:44:32.0853 3832 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:44:32.0868 3832 pci - ok
14:44:32.0915 3832 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:44:32.0931 3832 pciide - ok
14:44:32.0946 3832 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:44:32.0962 3832 pcmcia - ok
14:44:33.0009 3832 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:44:33.0087 3832 PEAUTH - ok
14:44:33.0149 3832 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:44:33.0227 3832 pla - ok
14:44:33.0258 3832 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:44:33.0305 3832 PlugPlay - ok
14:44:33.0336 3832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:44:33.0367 3832 PNRPAutoReg - ok
14:44:33.0367 3832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:44:33.0399 3832 PNRPsvc - ok
14:44:33.0430 3832 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:44:33.0477 3832 PolicyAgent - ok
14:44:33.0492 3832 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:44:33.0523 3832 PptpMiniport - ok
14:44:33.0555 3832 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:44:33.0570 3832 Processor - ok
14:44:33.0586 3832 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:44:33.0617 3832 ProfSvc - ok
14:44:33.0617 3832 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:44:33.0633 3832 ProtectedStorage - ok
14:44:33.0664 3832 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:44:33.0695 3832 PSched - ok
14:44:33.0726 3832 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:44:33.0726 3832 PxHelp20 - ok
14:44:33.0789 3832 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:44:33.0835 3832 ql2300 - ok
14:44:33.0867 3832 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:44:33.0882 3832 ql40xx - ok
14:44:33.0913 3832 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:44:33.0945 3832 QWAVE - ok
14:44:33.0960 3832 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:44:33.0976 3832 QWAVEdrv - ok
14:44:34.0054 3832 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
14:44:34.0163 3832 R300 - ok
14:44:34.0179 3832 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:44:34.0210 3832 RasAcd - ok
14:44:34.0241 3832 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:44:34.0288 3832 RasAuto - ok
14:44:34.0303 3832 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:34.0350 3832 Rasl2tp - ok
14:44:34.0381 3832 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:44:34.0413 3832 RasMan - ok
14:44:34.0444 3832 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:34.0459 3832 RasPppoe - ok
14:44:34.0491 3832 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:44:34.0506 3832 RasSstp - ok
14:44:34.0537 3832 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:44:34.0569 3832 rdbss - ok
14:44:34.0600 3832 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:34.0631 3832 RDPCDD - ok
14:44:34.0662 3832 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:44:34.0709 3832 rdpdr - ok
14:44:34.0725 3832 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:44:34.0787 3832 RDPENCDD - ok
14:44:34.0818 3832 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:44:34.0865 3832 RDPWD - ok
14:44:34.0896 3832 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:44:34.0943 3832 RemoteAccess - ok
14:44:34.0959 3832 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:44:35.0005 3832 RemoteRegistry - ok
14:44:35.0068 3832 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:44:35.0130 3832 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
14:44:35.0130 3832 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
14:44:35.0146 3832 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:44:35.0193 3832 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
14:44:35.0193 3832 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
14:44:35.0208 3832 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:44:35.0255 3832 RpcLocator - ok
14:44:35.0271 3832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:44:35.0317 3832 RpcSs - ok
14:44:35.0349 3832 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:44:35.0395 3832 rspndr - ok
14:44:35.0442 3832 [ 318F4F327190B2AEE7AAE9CAFD19BB19 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
14:44:35.0489 3832 RTL8187B - ok
14:44:35.0520 3832 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
14:44:35.0536 3832 RtlProt - ok
14:44:35.0551 3832 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:44:35.0567 3832 SamSs - ok
14:44:35.0598 3832 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:44:35.0614 3832 sbp2port - ok
14:44:35.0645 3832 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:44:35.0676 3832 SCardSvr - ok
14:44:35.0723 3832 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:44:35.0785 3832 Schedule - ok
14:44:35.0801 3832 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:44:35.0832 3832 SCPolicySvc - ok
14:44:35.0863 3832 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:44:35.0910 3832 SDRSVC - ok
14:44:35.0926 3832 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:44:36.0004 3832 secdrv - ok
14:44:36.0019 3832 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:44:36.0082 3832 seclogon - ok
14:44:36.0082 3832 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
14:44:36.0129 3832 SENS - ok
14:44:36.0129 3832 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:44:36.0175 3832 Serenum - ok
14:44:36.0191 3832 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:44:36.0253 3832 Serial - ok
14:44:36.0269 3832 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:44:36.0285 3832 sermouse - ok
14:44:36.0316 3832 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:44:36.0347 3832 SessionEnv - ok
14:44:36.0363 3832 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:44:36.0378 3832 sffdisk - ok
14:44:36.0378 3832 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:44:36.0425 3832 sffp_mmc - ok
14:44:36.0441 3832 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:44:36.0472 3832 sffp_sd - ok
14:44:36.0487 3832 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:44:36.0534 3832 sfloppy - ok
14:44:36.0550 3832 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:44:36.0597 3832 SharedAccess - ok
14:44:36.0612 3832 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:44:36.0659 3832 ShellHWDetection - ok
14:44:36.0675 3832 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:44:36.0690 3832 sisagp - ok
14:44:36.0706 3832 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:44:36.0721 3832 SiSRaid2 - ok
14:44:36.0753 3832 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:44:36.0768 3832 SiSRaid4 - ok
14:44:36.0815 3832 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:44:36.0877 3832 SkypeUpdate - ok
14:44:36.0971 3832 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:44:37.0065 3832 slsvc - ok
14:44:37.0127 3832 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:44:37.0143 3832 SLUINotify - ok
14:44:37.0174 3832 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:44:37.0205 3832 Smb - ok
14:44:37.0236 3832 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:44:37.0252 3832 SNMPTRAP - ok
14:44:37.0267 3832 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:44:37.0283 3832 spldr - ok
14:44:37.0314 3832 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:44:37.0361 3832 Spooler - ok
14:44:37.0377 3832 sprtsvc_dellsupportcenter - ok
14:44:37.0392 3832 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:44:37.0439 3832 srv - ok
14:44:37.0455 3832 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:44:37.0486 3832 srv2 - ok
14:44:37.0486 3832 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:44:37.0517 3832 srvnet - ok
14:44:37.0533 3832 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:44:37.0579 3832 SSDPSRV - ok
14:44:37.0611 3832 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:44:37.0626 3832 ssmdrv - ok
14:44:37.0642 3832 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:44:37.0657 3832 SstpSvc - ok
14:44:37.0689 3832 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:44:37.0704 3832 stisvc - ok
14:44:37.0751 3832 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:44:37.0782 3832 stllssvr ( UnsignedFile.Multi.Generic ) - warning
14:44:37.0782 3832 stllssvr - detected UnsignedFile.Multi.Generic (1)
14:44:37.0798 3832 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:44:37.0813 3832 swenum - ok
14:44:37.0860 3832 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:44:37.0891 3832 swprv - ok
14:44:37.0907 3832 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:44:37.0923 3832 Symc8xx - ok
14:44:37.0938 3832 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:44:37.0954 3832 Sym_hi - ok
14:44:37.0969 3832 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:44:37.0969 3832 Sym_u3 - ok
14:44:38.0016 3832 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:44:38.0063 3832 SysMain - ok
14:44:38.0079 3832 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:44:38.0110 3832 TabletInputService - ok
14:44:38.0141 3832 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:44:38.0157 3832 TapiSrv - ok
14:44:38.0172 3832 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:44:38.0219 3832 TBS - ok
14:44:38.0250 3832 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:44:38.0297 3832 Tcpip - ok
14:44:38.0313 3832 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:44:38.0344 3832 Tcpip6 - ok
14:44:38.0359 3832 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:44:38.0391 3832 tcpipreg - ok
14:44:38.0422 3832 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:44:38.0453 3832 TDPIPE - ok
14:44:38.0469 3832 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:44:38.0484 3832 TDTCP - ok
14:44:38.0515 3832 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:44:38.0547 3832 tdx - ok
14:44:38.0578 3832 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:44:38.0593 3832 TermDD - ok
14:44:38.0625 3832 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:44:38.0656 3832 TermService - ok
14:44:38.0671 3832 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:44:38.0687 3832 Themes - ok
14:44:38.0703 3832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:44:38.0734 3832 THREADORDER - ok
14:44:38.0765 3832 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:44:38.0796 3832 TrkWks - ok
14:44:38.0843 3832 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:44:38.0874 3832 TrustedInstaller - ok
14:44:38.0905 3832 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:38.0952 3832 tssecsrv - ok
14:44:38.0983 3832 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:44:39.0015 3832 tunmp - ok
14:44:39.0030 3832 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:44:39.0046 3832 tunnel - ok
14:44:39.0061 3832 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:44:39.0093 3832 uagp35 - ok
14:44:39.0108 3832 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:44:39.0155 3832 udfs - ok
14:44:39.0186 3832 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:44:39.0233 3832 UI0Detect - ok
14:44:39.0249 3832 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:44:39.0280 3832 uliagpkx - ok
14:44:39.0311 3832 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:44:39.0342 3832 uliahci - ok
14:44:39.0373 3832 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:44:39.0389 3832 UlSata - ok
14:44:39.0405 3832 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:44:39.0436 3832 ulsata2 - ok
14:44:39.0451 3832 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:44:39.0483 3832 umbus - ok
14:44:39.0514 3832 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:44:39.0576 3832 upnphost - ok
14:44:39.0607 3832 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:44:39.0654 3832 usbaudio - ok
14:44:39.0685 3832 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:39.0717 3832 usbccgp - ok
14:44:39.0732 3832 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:44:39.0826 3832 usbcir - ok
14:44:39.0857 3832 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:44:39.0888 3832 usbehci - ok
14:44:39.0919 3832 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:44:39.0966 3832 usbhub - ok
14:44:39.0982 3832 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:44:40.0060 3832 usbohci - ok
14:44:40.0091 3832 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:44:40.0138 3832 usbprint - ok
14:44:40.0153 3832 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:40.0200 3832 USBSTOR - ok
14:44:40.0216 3832 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:40.0263 3832 usbuhci - ok
14:44:40.0294 3832 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:44:40.0325 3832 UxSms - ok
14:44:40.0356 3832 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:44:40.0434 3832 vds - ok
14:44:40.0465 3832 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:40.0497 3832 vga - ok
14:44:40.0512 3832 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:44:40.0559 3832 VgaSave - ok
14:44:40.0590 3832 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:44:40.0606 3832 viaagp - ok
14:44:40.0621 3832 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:44:40.0668 3832 ViaC7 - ok
14:44:40.0668 3832 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:44:40.0684 3832 viaide - ok
14:44:40.0699 3832 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:44:40.0715 3832 volmgr - ok
14:44:40.0731 3832 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:44:40.0746 3832 volmgrx - ok
14:44:40.0777 3832 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:44:40.0777 3832 volsnap - ok
14:44:40.0809 3832 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:44:40.0824 3832 vsmraid - ok
14:44:40.0855 3832 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:44:40.0902 3832 VSS - ok
14:44:40.0949 3832 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:44:40.0965 3832 VSTHWBS2 - ok
14:44:41.0027 3832 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:44:41.0058 3832 VST_DPV - ok
14:44:41.0105 3832 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:44:41.0136 3832 W32Time - ok
14:44:41.0152 3832 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:44:41.0214 3832 WacomPen - ok
14:44:41.0214 3832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:44:41.0245 3832 Wanarp - ok
14:44:41.0245 3832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:44:41.0277 3832 Wanarpv6 - ok
14:44:41.0292 3832 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:44:41.0323 3832 wcncsvc - ok
14:44:41.0339 3832 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:44:41.0370 3832 WcsPlugInService - ok
14:44:41.0386 3832 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:44:41.0386 3832 Wd - ok
14:44:41.0417 3832 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:44:41.0448 3832 Wdf01000 - ok
14:44:41.0464 3832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:44:41.0495 3832 WdiServiceHost - ok
14:44:41.0495 3832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:44:41.0526 3832 WdiSystemHost - ok
14:44:41.0557 3832 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:44:41.0589 3832 WebClient - ok
14:44:41.0604 3832 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:44:41.0635 3832 Wecsvc - ok
14:44:41.0667 3832 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:44:41.0682 3832 wercplsupport - ok
14:44:41.0698 3832 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:44:41.0729 3832 WerSvc - ok
14:44:41.0760 3832 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:44:41.0807 3832 winachsf - ok
14:44:41.0869 3832 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:44:41.0901 3832 WinDefend - ok
14:44:41.0916 3832 WinHttpAutoProxySvc - ok
14:44:41.0947 3832 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:44:41.0979 3832 Winmgmt - ok
14:44:42.0041 3832 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:44:42.0103 3832 WinRM - ok
14:44:42.0150 3832 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:44:42.0181 3832 Wlansvc - ok
14:44:42.0197 3832 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:44:42.0228 3832 WmiAcpi - ok
14:44:42.0259 3832 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:44:42.0291 3832 wmiApSrv - ok
14:44:42.0353 3832 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:44:42.0415 3832 WMPNetworkSvc - ok
14:44:42.0431 3832 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:44:42.0462 3832 WPCSvc - ok
14:44:42.0493 3832 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:44:42.0509 3832 WPDBusEnum - ok
14:44:42.0587 3832 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319
\WPF\WPFFontCache_v0400.exe
14:44:42.0634 3832 WPFFontCache_v0400 - ok
14:44:42.0649 3832 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:44:42.0681 3832 ws2ifsl - ok
14:44:42.0696 3832 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
14:44:42.0727 3832 wscsvc - ok
14:44:42.0727 3832 WSearch - ok
14:44:42.0805 3832 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:44:42.0868 3832 wuauserv - ok
14:44:42.0899 3832 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:42.0946 3832 WUDFRd - ok
14:44:42.0961 3832 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:44:42.0993 3832 wudfsvc - ok
14:44:43.0024 3832 ================ Scan global ===============================
14:44:43.0055 3832 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:44:43.0086 3832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:43.0102 3832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:43.0133 3832 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:44:43.0133 3832 [Global] - ok
14:44:43.0133 3832 ================ Scan MBR ==================================
14:44:43.0149 3832 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:44:43.0398 3832 \Device\Harddisk0\DR0 - ok
14:44:43.0398 3832 ================ Scan VBR ==================================
14:44:43.0445 3832 [ B82B1F0C9BC3F8CA70E0531C76C09FBA ] \Device\Harddisk0\DR0\Partition1
14:44:43.0445 3832 \Device\Harddisk0\DR0\Partition1 - ok
14:44:43.0445 3832 [ C0BA2A8A9B4A11B5D2F418F3A8F661B9 ] \Device\Harddisk0\DR0\Partition2
14:44:43.0445 3832 \Device\Harddisk0\DR0\Partition2 - ok
14:44:43.0445 3832 ============================================================
14:44:43.0445 3832 Scan finished
14:44:43.0445 3832 ============================================================
14:44:43.0461 2908 Detected object count: 9
14:44:43.0461 2908 Actual detected object count: 9
14:45:01.0603 2908 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0603 2908 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0603 2908 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0603 2908 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0603 2908 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0603 2908 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0603 2908 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0603 2908 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0619 2908 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0619 2908 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0619 2908 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0619 2908 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0619 2908 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0619 2908 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0619 2908 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0619 2908 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:01.0619 2908 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:01.0619 2908 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
lg, me. |
|
21.01.2013, 15:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 15:29
| #11 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, danke für Deine weiteren Anweisungen! Ich hab den AdwCleaner vorhin neu heruntergeladen und ausgeführt. AdwCleaner[R1].txt: Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 15:26:12 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ... - ...-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\...\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\tw3vpg9y.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1093 octets] - [21/01/2013 15:26:12]
########## EOF - C:\AdwCleaner[R1].txt - [1153 octets] ##########
|
|
21.01.2013, 15:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 16:27
| #13 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, vielen Dank! Ich bin beim AdwCleaner wie beschrieben auf Löschen gegangen. Nach dem Neustart wurde die Logdatei aufgerufen. AdwCleaner[S1].txt: Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 15:51:23 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ... - ...-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\...\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\tw3vpg9y.default\prefs.js
C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\tw3vpg9y.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1222 octets] - [21/01/2013 15:26:12]
AdwCleaner[S1].txt - [1258 octets] - [21/01/2013 15:51:23]
########## EOF - C:\AdwCleaner[S1].txt - [1318 octets] ##########
OTL.txt: Code:
ATTFilter OTL logfile created on: 21.01.2013 15:55:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,10% Memory free 6,17 Gb Paging File | 5,12 Gb Available in Paging File | 82,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,02 Gb Total Space | 186,22 Gb Free Space | 64,65% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Computer Name: ...-PC | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll () MOD - C:\Programme\Winamp\winampa.exe () MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll () MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll () MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll () ========== Services (SafeList) ========== SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\...\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\...\Desktop IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DADE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621 FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.3 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.11.30 12:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.23 15:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M] [2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.14 11:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions [2010.11.18 18:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.14 11:09:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.08 11:32:48 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.05.25 11:51:16 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\pl@dictionaries.addons.mozilla.org [2012.08.19 07:29:36 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\tw3vpg9y.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013.01.19 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.30 12:55:36 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.01.19 12:49:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.16 22:21:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.16 22:21:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.16 22:21:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.16 22:21:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.16 22:21:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.21 13:05:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22F7C89-F44E-4F73-A8BD-2EB9408C7E17}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E823C953-D722-4CEA-B45C-F1C2E5AB60EC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E939E098-3699-4A2A-829A-22D8CE68A986}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F8F987-CA60-46BA-8B07-7DE04D765AC2}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG O24 - Desktop BackupWallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.21 14:40:21 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013.01.21 14:18:17 | 000,000,000 | R--D | C] -- C:\Users\...\Desktop\Tools [2013.01.21 14:18:15 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll [2013.01.21 14:14:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe [2013.01.21 13:26:31 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\mbar-1.01.0.1016 [2013.01.21 13:06:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.21 13:06:55 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.21 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\temp [2013.01.21 12:57:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.21 12:57:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.21 12:57:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.21 12:57:30 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.21 12:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.21 12:57:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.21 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Ablage [2013.01.21 12:43:43 | 005,024,380 | R--- | C] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe [2013.01.21 09:29:06 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Logfiles [2013.01.20 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013.01.20 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2013.01.20 20:01:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.19 12:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.11 08:56:44 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.11 08:55:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.01 15:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.01 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.30 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.12.30 19:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.12.28 10:44:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.28 10:44:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2013.01.21 15:52:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.21 15:52:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.21 15:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.21 15:52:32 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys [2013.01.21 15:25:32 | 000,574,677 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe [2013.01.21 14:40:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013.01.21 14:15:38 | 000,489,077 | ---- | M] () -- C:\Users\...\Desktop\TDSSKiller - Trojaner-Board.pdf [2013.01.21 14:15:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe [2013.01.21 13:25:26 | 000,421,556 | ---- | M] () -- C:\Users\...\Desktop\Anleitung_ Malwarebytes Anti-Rootkit - Trojaner-Board.pdf [2013.01.21 13:05:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.21 12:45:30 | 000,725,683 | ---- | M] () -- C:\Users\...\Desktop\Ein Leitfaden und Tutorium zur Nutzung von ComboFix.pdf [2013.01.21 12:44:03 | 005,024,380 | R--- | M] (Swearware) -- C:\Users\...\Desktop\ComboFix.exe [2013.01.21 09:33:17 | 000,630,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.21 09:33:17 | 000,127,492 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.21 09:33:17 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.21 09:33:17 | 000,008,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.20 20:30:49 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable [2013.01.20 20:17:03 | 000,443,065 | ---- | M] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf [2013.01.20 20:14:23 | 000,365,568 | ---- | M] () -- C:\Users\...\Desktop\gmer-2.0.18444.exe [2013.01.20 20:13:41 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe [2013.01.20 20:09:02 | 013,462,931 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip [2013.01.20 20:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013.01.20 20:01:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 23:30:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.18 23:30:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.16 16:42:54 | 000,001,740 | -H-- | M] () -- C:\Users\...\Documents\Default.rdp [2013.01.11 11:13:02 | 000,367,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.01 15:01:58 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 19:51:08 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk ========== Files Created - No Company Name ========== [2013.01.21 15:25:26 | 000,574,677 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe [2013.01.21 14:15:37 | 000,489,077 | ---- | C] () -- C:\Users\...\Desktop\TDSSKiller - Trojaner-Board.pdf [2013.01.21 13:25:24 | 000,421,556 | ---- | C] () -- C:\Users\...\Desktop\Anleitung_ Malwarebytes Anti-Rootkit - Trojaner-Board.pdf [2013.01.21 12:57:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.21 12:57:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.21 12:57:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.21 12:57:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.21 12:57:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.21 12:45:28 | 000,725,683 | ---- | C] () -- C:\Users\...\Desktop\Ein Leitfaden und Tutorium zur Nutzung von ComboFix.pdf [2013.01.20 20:30:49 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable [2013.01.20 20:17:01 | 000,443,065 | ---- | C] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf [2013.01.20 20:14:22 | 000,365,568 | ---- | C] () -- C:\Users\...\Desktop\gmer-2.0.18444.exe [2013.01.20 20:13:40 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe [2013.01.20 20:08:19 | 013,462,931 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip [2013.01.20 20:01:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.01 15:01:58 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 19:51:08 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.11.30 17:01:57 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.11.30 17:01:57 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.11.30 17:01:56 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.11.30 17:01:56 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.11.30 17:01:56 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.05.04 23:12:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2012.04.23 23:18:51 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.01.11 16:58:13 | 000,020,704 | ---- | C] () -- C:\Users\...\AppData\Roaming\UserTile.png [2011.08.28 15:31:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.28 15:31:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.28 15:31:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.28 15:31:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.28 15:31:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.28 15:31:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.28 15:31:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.28 15:31:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.28 15:31:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.28 15:31:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.28 15:31:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.28 15:31:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.06 15:07:36 | 000,067,072 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.27 17:26:22 | 000,027,863 | ---- | C] () -- C:\Users\...\AppData\Roaming\Kommagetrennte Werte (Windows).ADR ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7968.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7958.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7944.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7894.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\MAGIX_Fotos_auf_CD_DVD_65_e-version:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.01.2013 15:55:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,10% Memory free
6,17 Gb Paging File | 5,12 Gb Available in Paging File | 82,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,02 Gb Total Space | 186,22 Gb Free Space | 64,65% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{507E94CE-C66B-4DE4-B6AD-267B84FAC6B4}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{BA4FF2D5-E343-496F-96AF-B6012C7A55AD}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{237FBD77-363D-4CE4-9805-7C960545F3BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53701B50-27DC-4072-B9CC-569A745B5B6D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C4A2C34F-6353-4295-BE80-127241163D67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA59F34A-8F9E-4A2C-B661-4909E818AA6B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1G
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = Dell Support Center
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2011 03:02:59 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2011 10:44:21 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2011 10:52:03 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description =
Error - 21.05.2011 10:52:04 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description =
Error - 23.05.2011 13:01:14 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.05.2011 13:02:08 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description =
Error - 23.05.2011 13:02:09 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description =
Error - 24.05.2011 07:48:37 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2011 08:11:50 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00067d5a, Prozess-ID 0xbf4, Anwendungsstartzeit
01cc1a0b50282b50.
Error - 24.05.2011 08:14:56 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x000673c0, Prozess-ID 0x13ec, Anwendungsstartzeit
01cc1a0bccd158c0.
[ System Events ]
Error - 19.01.2013 05:02:19 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2013 16:00:58 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 03:27:25 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 07:16:46 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2013 12:16:40 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.01.2013 04:29:56 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.01.2013 08:00:07 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 21.01.2013 08:02:57 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 21.01.2013 08:05:45 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 21.01.2013 10:54:18 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
lg, me. |
|
21.01.2013, 16:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 16:48
| #15 |
| | TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] Hi Cosinus, vielen Dank wieder einmal für Deine schnelle Antwort! Ich habe einen Quickscan mit Malwarebytes gemacht & vorher das Update gestartet. Hier ist die Logdatei: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.21.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ... :: ...-PC [Administrator] Schutz: Aktiviert 21.01.2013 16:38:15 mbam-log-2013-01-21 (16-38-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206268 Laufzeit: 3 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Dann wollte ich mit dem OnlineScanner von ESET weitermachen, hätte aber vorher noch eine Frage. Du schreibst, ich soll evtl. vorhandene USB-Sticks an den Rechner anschließen. Ich bin mir nicht sicher, ob und welche USB-Sticks ich in letzter Zeit benutzt habe, aber soll ich alle in Frage kommenden gleichzeitig anschließen (also an so einen USB-"Mehrfachstecker")? Oder lieber nacheinander? Ach so, und gilt das auch für Speicherkarten von Kameras? lg, me. |
|
| Themen zu TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] |
| antivir, application/pdf:, autorun, avira, backdoor, bds/zeroaccess.gen, bho, converter, excel, firefox, flash player, install.exe, malware, netgear, ntdll.dll, programm, realtek, recycle.bin, security, software, super, system, total commander, tr/buzus.hlmnubac, tr/rogue.kdz.4040.1, tr/sirefef.p.1075, trojan.0access, usb |
![TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-sirefef-p-tr-rogue-kdz-tr-buzus-bds-zeroaccess-gen-gefunden-anfaenger-vista_ltr.gif)
