Trojaner-Board - Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer

So, endlich geschafft !

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002\\"MasterDeviceTimingMode"|dword:ffffffff /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002\\"MasterDeviceTimingModeAllowed"|dword:ffffffff /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002\\MasterIdDataCheckSum deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"MasterDeviceTimingMode"|dword:ffffffff /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"MasterDeviceTimingModeAllowed"|dword:ffffffff /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\MasterIdDataCheckSum deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"SlaveDeviceTimingMode"|dword:ffffffff /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"SlaveDeviceTimingModeAllowed"|dword:ffffffff /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\SlaveIdDataCheckSum deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 348 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 213193 bytes

->Flash cache emptied: 348 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 65670 bytes

 

User: Ludi

->Temp folder emptied: 14663 bytes

->Temporary Internet Files folder emptied: 9535819 bytes

->Java cache emptied: 1 bytes

->FireFox cache emptied: 376074768 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 2017481 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 2980 bytes

 

User: Tine

->Temp folder emptied: 110745431 bytes

->Temporary Internet Files folder emptied: 726622731 bytes

->Java cache emptied: 46426952 bytes

->FireFox cache emptied: 3116218 bytes

->Flash cache emptied: 12514 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7879 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.216,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 04192013_144943
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org
 

Database version: v2013.04.19.03
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Ludi :: OEM-37FF81E6E19 [administrator]
 

19.04.2013 15:33:25

mbar-log-2013-04-19 (15-33-25).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 26171

Time elapsed: 17 minute(s), 33 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 2

HKLM\SOFTWARE\CLASSES\INTERFACE\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.FakeAlert) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\TypeLib\{8A10FC9B-8D76-4E95-A9BE-ACDA2F665C30} (Trojan.FakeAlert) -> Delete on reboot.
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Code:

OTL logfile created on: 19.04.2013 16:18:11 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Ludi\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,42 Mb Total Physical Memory | 509,45 Mb Available Physical Memory | 49,83% Memory free

2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,74% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 278,81 Gb Total Space | 217,94 Gb Free Space | 78,17% Space Free | Partition Type: NTFS

Drive D: | 19,27 Gb Total Space | 13,72 Gb Free Space | 71,19% Space Free | Partition Type: FAT32

Drive E: | 298,08 Gb Total Space | 297,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

 

Computer Name: OEM-37FF81E6E19 | User Name: Ludi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

PRC - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2013.03.28 10:56:14 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2013.03.28 10:56:11 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe

PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe

PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.09.11 04:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)

SRV - [2013.04.12 14:04:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.04.06 13:01:58 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.03.28 10:56:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.03.28 10:56:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.03.14 17:02:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)

SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)

SRV - [2009.06.28 18:46:00 | 003,100,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)

DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013.04.19 15:39:35 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.07 20:09:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009.10.31 14:06:12 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.10.31 14:06:11 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009.08.03 14:59:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.06.12 18:17:47 | 000,138,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2008.03.07 13:46:38 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)

DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

DRV - [2006.09.18 19:42:48 | 000,141,824 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)

DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{67C7A229-DE37-484F-804F-ACA73A0D5D1E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_deDE518

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Programme\PDF Architect\FFPDFArchitectExt [2013.01.23 23:39:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 14:04:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2013.01.08 20:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions

[2013.04.12 14:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.04.12 14:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013.04.12 14:04:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2013.02.28 17:20:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.02.28 17:20:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2013.02.28 17:20:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2013.02.28 17:20:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.02.28 17:20:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.02.28 17:20:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.04.19 11:45:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)

O3 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1361278859-838385415-1197325983-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158754282359 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158754271218 (MUWebControl Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ADB9F89-88FC-45C3-A623-F6D28716FECA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD313F6-2E3D-4D74-BB6C-1731AD27289B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.19 12:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.19 15:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Desktop\mbar

[2013.04.19 13:14:15 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.04.19 12:24:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.04.19 11:22:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013.04.19 11:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.04.19 11:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.04.19 11:19:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.04.19 11:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.04.19 11:19:08 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.19 11:19:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Eigene Videos

[2013.04.19 11:19:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos

[2013.04.19 11:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.04.19 11:15:28 | 005,056,640 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Ludi\Desktop\ComboFix.exe

[2013.04.18 20:23:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013.04.18 17:37:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Ludi\Desktop\tdsskiller.exe

[2013.04.18 17:31:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Ludi\Desktop\aswMBR.exe

[2013.04.18 14:04:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

[2013.04.12 14:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[2013.04.10 22:37:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder

[2013.04.10 20:55:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Startmenü\Programme\digital publishing

[2013.04.10 20:54:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik

[2013.04.10 20:51:02 | 000,000,000 | ---D | C] -- C:\Programme\digital publishing

[2013.04.06 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2013.04.06 13:07:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013.04.06 13:07:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2013.04.06 11:54:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InstallShield

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.19 16:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.04.19 15:39:35 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2013.04.19 15:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.04.19 15:36:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.04.19 15:36:55 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.19 11:45:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.04.19 11:22:28 | 000,000,338 | RHS- | M] () -- C:\boot.ini

[2013.04.19 11:15:37 | 005,056,640 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Ludi\Desktop\ComboFix.exe

[2013.04.19 10:59:15 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\adwcleaner.exe

[2013.04.18 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2013.04.18 17:37:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Ludi\Desktop\tdsskiller.exe

[2013.04.18 17:37:15 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\MBR.dat

[2013.04.18 17:32:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Ludi\Desktop\aswMBR.exe

[2013.04.18 14:19:59 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\gmer_2.1.19163.exe

[2013.04.18 14:04:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

[2013.04.18 14:01:20 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.18 14:00:10 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2013.04.18 13:57:31 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable

[2013.04.18 13:52:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe

[2013.04.16 20:56:03 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2013.04.16 20:56:03 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2013.04.16 20:55:51 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2013.04.16 20:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk

[2013.04.16 14:04:46 | 000,253,912 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2013.04.14 18:12:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2013.04.13 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2013.04.12 19:21:17 | 000,194,891 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt

[2013.04.12 18:49:01 | 000,156,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf

[2013.04.12 07:23:13 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013.04.11 19:58:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.04.10 22:29:53 | 000,004,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip

[2013.04.10 22:13:10 | 000,001,364 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN1C3450PC05JZ.job

[2013.04.10 20:55:52 | 000,001,754 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk

[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013.03.31 09:43:19 | 000,453,922 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.03.31 09:43:19 | 000,436,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.03.31 09:43:19 | 000,083,096 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.03.31 09:43:19 | 000,069,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.03.29 12:29:58 | 000,034,363 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt

[2013.03.29 12:14:17 | 000,032,269 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt

[2013.03.28 10:56:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2013.03.28 10:56:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2013.03.28 10:56:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2013.03.24 15:47:14 | 000,160,148 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf

[2013.03.24 15:46:57 | 000,218,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt

 
 ========== Files Created - No Company Name ==========

 

[2013.04.19 15:39:35 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2013.04.19 11:22:28 | 000,000,222 | ---- | C] () -- C:\Boot.bak

[2013.04.19 11:22:21 | 000,262,448 | RHS- | C] () -- C:\cmldr

[2013.04.19 11:19:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.04.19 11:19:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.04.19 11:19:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.04.19 11:19:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.04.19 11:19:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.04.19 10:59:13 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\adwcleaner.exe

[2013.04.18 17:37:15 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\MBR.dat

[2013.04.18 14:19:58 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\gmer_2.1.19163.exe

[2013.04.18 13:57:08 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable

[2013.04.18 13:52:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe

[2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2013.04.16 20:55:51 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2013.04.16 20:55:51 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2013.04.16 20:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk

[2013.04.12 19:21:17 | 000,194,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.odt

[2013.04.12 18:49:00 | 000,156,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Unbenannt 1.pdf

[2013.04.10 22:29:53 | 000,004,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\IntelliPlanArchive.zip

[2013.04.10 20:55:52 | 000,001,754 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\digital publishing.lnk

[2013.04.06 13:07:55 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013.03.29 12:14:38 | 000,034,363 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Heilpflanzen.odt

[2013.03.29 11:54:38 | 000,032,269 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Apoforte_Schüssler.odt

[2013.03.24 15:40:10 | 000,160,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.pdf

[2013.03.24 15:36:40 | 000,218,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\3. EB-Sitzung offiziell.odt

[2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012.11.03 20:29:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.04.11 08:59:30 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.02.17 16:50:27 | 000,001,056 | RHS- | C] () -- C:\Dokumente und Einstellungen\Ludi\ntuser.pol

[2008.12.03 22:26:07 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006.09.22 16:52:42 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak

[2006.09.22 16:52:42 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak

[2006.09.22 16:52:42 | 000,000,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak

 
 ========== ZeroAccess Check ==========

 

[2006.09.19 12:32:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.10.24 15:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland

[2010.05.08 19:37:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2009.10.06 18:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012.10.23 19:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations

[2010.05.02 12:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs

[2009.02.22 19:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2012.10.24 11:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2013.04.19 11:02:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.03.09 19:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU

[2010.04.05 12:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground

[2009.01.27 22:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2009.12.28 21:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft

[2012.10.23 19:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone

[2009.05.15 12:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone

[2010.05.08 19:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Canneverbe Limited

[2012.10.24 12:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\DAEMON Tools Lite

[2009.02.22 20:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Datalayer

[2010.02.13 15:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Firaxis Games

[2012.10.24 10:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\FUJIFILM

[2012.10.23 17:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ICQ

[2010.05.06 16:20:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InfraRecorder

[2009.10.06 20:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Leadertech

[2012.10.23 19:14:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\MSNInstaller

[2012.10.23 19:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\My Games

[2009.02.22 20:43:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Nokia

[2012.10.24 15:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org

[2009.02.04 21:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PC Suite

[2013.01.23 23:59:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\PDF Architect

[2008.12.08 17:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\ScummVM

[2009.12.01 15:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\temp

[2009.12.28 22:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Ubisoft

[2009.05.15 12:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Vodafone

[2009.01.27 22:33:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Datalayer

[2012.10.24 10:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\FUJIFILM

[2010.05.09 13:06:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\ICQ

[2010.05.09 12:48:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\ImgBurn

[2009.01.27 22:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Nokia

[2009.01.27 22:33:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\Nokia Multimedia Player

[2009.01.27 22:43:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tine\Anwendungsdaten\PC Suite

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c >

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0

    DMAEnabled        REG_DWORD        0x1

    Driver        REG_SZ        atapi

HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0\Scsi Bus 0

 
 < reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c >

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}

    Class        REG_SZ        hdc

    <NO NAME>        REG_SZ        IDE ATA/ATAPI-Controller

    Icon        REG_SZ        -9

    Installer32        REG_SZ        SysSetup.Dll,HdcClassInstaller

    TroubleShooter-0        REG_SZ        hcp://help/tshoot/tsdrive.htm

    UpperFilters        REG_MULTI_SZ        xfilt\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000

    TransferModeTiming        REG_MULTI_SZ        18\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\015\0\0

    InfPath        REG_SZ        oem34.inf

    InfSection        REG_SZ        vide_PATA_Inst_x32

    ProviderName        REG_SZ        VIA Technologies, Inc.

    DriverDateData        REG_BINARY        00004B307FF1C601

    DriverDate        REG_SZ        10-17-2006

    DriverVersion        REG_SZ        6.0.5728.160

    MatchingDeviceId        REG_SZ        pci\ven_1106&dev_0571

    DriverDesc        REG_SZ        VIA Bus Master IDE Controller - 0571

    InfSectionExt        REG_SZ        .NTx86

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001

    InfPath        REG_SZ        oem34.inf

    InfSection        REG_SZ        vide_Inst_x32

    ProviderName        REG_SZ        VIA Technologies, Inc.

    DriverDateData        REG_BINARY        00004B307FF1C601

    DriverDate        REG_SZ        10-17-2006

    DriverVersion        REG_SZ        6.0.5728.160

    MatchingDeviceId        REG_SZ        pci\ven_1106&dev_0591&cc_0101

    DriverDesc        REG_SZ        VIA Serial ATA Controller - 0591

    InfSectionExt        REG_SZ        .NTx86

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002

    EnumPropPages32        REG_SZ        storprop.dll,IdePropPageProvider

    InfPath        REG_SZ        mshdc.inf

    InfSection        REG_SZ        atapi_Inst_primary

    ProviderName        REG_SZ        Microsoft

    DriverDateData        REG_BINARY        008062C5C001C101

    DriverDate        REG_SZ        7-1-2001

    DriverVersion        REG_SZ        5.1.2600.2180

    MatchingDeviceId        REG_SZ        primary_ide_channel

    DriverDesc        REG_SZ        Primärer IDE-Kanal

    MasterDeviceType        REG_DWORD        0x1

    SlaveDeviceType        REG_DWORD        0x0

    SlaveDeviceDetectionTimeout        REG_DWORD        0x1

    MasterDeviceTimingMode        REG_DWORD        0x20010

    MasterDeviceTimingModeAllowed        REG_DWORD        0xffffffff

    SlaveDeviceTimingMode        REG_DWORD        0x0

    MasterIdDataCheckSum        REG_DWORD        0x13787

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003

    EnumPropPages32        REG_SZ        storprop.dll,IdePropPageProvider

    InfPath        REG_SZ        mshdc.inf

    InfSection        REG_SZ        atapi_Inst_secondary

    ProviderName        REG_SZ        Microsoft

    DriverDateData        REG_BINARY        008062C5C001C101

    DriverDate        REG_SZ        7-1-2001

    DriverVersion        REG_SZ        5.1.2600.2180

    MatchingDeviceId        REG_SZ        secondary_ide_channel

    DriverDesc        REG_SZ        Sekundärer IDE-Kanal

    MasterDeviceType        REG_DWORD        0x1

    SlaveDeviceType        REG_DWORD        0x0

    MasterDeviceTimingMode        REG_DWORD        0x20010

    SlaveDeviceTimingMode        REG_DWORD        0x0

    SlaveDeviceDetectionTimeout        REG_DWORD        0x1

    MasterDeviceTimingModeAllowed        REG_DWORD        0xffffffff

    MasterIdDataCheckSum        REG_DWORD        0x13f93

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004

    EnumPropPages32        REG_SZ        storprop.dll,IdePropPageProvider

    InfPath        REG_SZ        mshdc.inf

    InfSection        REG_SZ        atapi_Inst_primary

    ProviderName        REG_SZ        Microsoft

    DriverDateData        REG_BINARY        008062C5C001C101

    DriverDate        REG_SZ        7-1-2001

    DriverVersion        REG_SZ        5.1.2600.2180

    MatchingDeviceId        REG_SZ        primary_ide_channel

    DriverDesc        REG_SZ        Primärer IDE-Kanal

    MasterDeviceType        REG_DWORD        0x2

    SlaveDeviceType        REG_DWORD        0x2

    MasterDeviceTimingMode        REG_DWORD        0x2010

    MasterDeviceTimingModeAllowed        REG_DWORD        0xffffffff

    SlaveDeviceTimingMode        REG_DWORD        0x2010

    SlaveDeviceTimingModeAllowed        REG_DWORD        0xffffffff

    MasterIdDataCheckSum        REG_DWORD        0x14006

    SlaveIdDataCheckSum        REG_DWORD        0x1d0a7

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005

    EnumPropPages32        REG_SZ        storprop.dll,IdePropPageProvider

    InfPath        REG_SZ        mshdc.inf

    InfSection        REG_SZ        atapi_Inst_secondary

    ProviderName        REG_SZ        Microsoft

    DriverDateData        REG_BINARY        008062C5C001C101

    DriverDate        REG_SZ        7-1-2001

    DriverVersion        REG_SZ        5.1.2600.2180

    MatchingDeviceId        REG_SZ        secondary_ide_channel

    DriverDesc        REG_SZ        Sekundärer IDE-Kanal

    MasterDeviceType        REG_DWORD        0x0

    SlaveDeviceType        REG_DWORD        0x0

    MasterDeviceTimingMode        REG_DWORD        0x0

    SlaveDeviceTimingMode        REG_DWORD        0x0

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Manufacturer
 

< End of report >