Two days ago I clicked on some phising mail out of curiosity - although is did not enter any data, I fear that I got infected in some way.
The reason why I think this way are the following malwarebytes logs:
2011-09-18 log:
05:24:28 Till MESSAGE Protection started successfully
05:24:32 Till MESSAGE IP Protection started successfully
05:34:40 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51822, Process: firefox.exe)
05:34:40 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51829, Process: firefox.exe)
05:35:04 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51836, Process: firefox.exe)
05:35:12 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51839, Process: firefox.exe)
05:35:20 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51848, Process: firefox.exe)
05:36:08 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51857, Process: firefox.exe)
05:36:08 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51862, Process: firefox.exe)
05:36:32 Till IP-BLOCK 93.174.95.152 (Type: outgoing, Port: 40243, Process: skype.exe)
05:36:40 Till IP-BLOCK 93.174.95.152 (Type: outgoing, Port: 40243, Process: skype.exe)
05:37:44 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51871, Process: firefox.exe)
05:43:20 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51905, Process: firefox.exe)
07:35:59 Till MESSAGE Scheduled update executed successfully
07:36:19 Till MESSAGE IP Protection stopped
07:36:21 Till MESSAGE Database updated successfully
07:36:21 Till MESSAGE IP Protection started successfully
16:43:36 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
16:43:36 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
16:43:44 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
2011-09-19 log:
02:17:01 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
02:17:01 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
02:17:41 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 55037, Process: firefox.exe)
02:17:41 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 55038, Process: firefox.exe)
Following the logs created during performing the 6-step-guide:
Antivirus:
Running and Updated MSE
Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7739
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
19.09.2011 02:57:00
mbam-log-2011-09-19 (02-57-00).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 190072
Laufzeit: 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
gmer:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-19 03:11:45
Windows 6.1.7601 Service Pack 1
Running: 9fbqtk85.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x3B 0xF1 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x4C 0x61 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x37 0xAF 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xF9 0xA8 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x58 0xB4 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x4C 0x61 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x37 0xAF 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xF9 0xA8 0xF6 ...
---- EOF - GMER 1.0.15 ----
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Till at 3:13:58 on 2011-09-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8099.5317 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=expstart.exe
BHO: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ALBATTTOOL]
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Till\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Till\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Till\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERP~1.LNK - C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7E6A0D15-30D6-4F02-BF1C-49DAF934CAB2} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB} : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB} : DhcpNameServer = 213.191.74.12 213.191.92.82
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\163746163746 : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\163746163746 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\4656661657C647 : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\4656661657C647 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Till\AppData\Roaming\Mozilla\Firefox\Profiles\2pwvj4sj.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-8-28 159232]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-18 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-30 2214504]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-27 33792]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-12 2337144]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Till\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-6-30 14544]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-1-28 25832]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 massfilter_hs;USB Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-19 01:12:56 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B9D7009-3C29-4F0D-AAD7-2FE7A0D4F5AC}\mpengine.dll
2011-09-18 03:06:42 -------- d-----w- C:\Users\Till\AppData\Roaming\Malwarebytes
2011-09-18 03:06:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-18 03:06:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-18 03:06:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-16 12:25:39 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7A4AF59-A428-4C93-A8FD-1C75ED0F2975}\gapaengine.dll
2011-08-28 13:24:26 -------- d-----w- C:\Temp
2011-08-28 13:23:58 -------- d-----w- C:\Users\Till\AppData\Local\Samsung
2011-08-28 12:56:31 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2011-08-28 12:56:20 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2011-08-28 12:56:20 -------- d-----w- C:\Program Files (x86)\MarkAny
2011-08-28 12:55:31 -------- d-----w- C:\Users\Till\AppData\Roaming\Samsung
2011-08-28 12:55:29 -------- d-----w- C:\ProgramData\Samsung
2011-08-28 12:55:29 -------- d-----w- C:\Program Files (x86)\Samsung
2011-08-28 12:54:47 -------- d-----w- C:\Users\Till\AppData\Local\Downloaded Installations
2011-08-26 23:04:58 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-08-26 23:04:58 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2011-08-26 23:04:58 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-08-26 23:04:54 64512 ----a-w- C:\Windows\SysWow64\MSCC2DE.DLL
2011-08-26 23:04:54 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-08-26 23:04:54 158208 ----a-w- C:\Windows\SysWow64\MSCMCDE.DLL
2011-08-26 23:04:54 125712 ----a-w- C:\Windows\SysWow64\VB6DE.DLL
2011-08-26 23:04:54 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-08-24 23:35:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 23:35:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 18:06:29 -------- d-----w- C:\Users\Till\AppData\Local\Ubisoft Game Launcher
2011-08-23 17:57:57 851456 ----a-w- C:\Windows\System32\msvcp90.dll
2011-08-23 17:07:28 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-08-23 17:06:42 -------- d-----w- C:\Windows\System32\appmgmt
2011-08-21 13:55:42 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
.
==================== Find3M ====================
.
2011-08-22 06:22:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 20:17:46 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 20:15:40 925184 ----a-w- C:\Windows\expstart.exe
2011-07-15 19:48:52 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-07-15 19:48:34 2851840 ----a-w- C:\Windows\System32\themeui.dll
2011-07-15 19:48:29 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 11:28:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-30 11:28:15 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-30 11:03:14 147456 ----a-w- C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 3:14:12,60 ===============
DDS-Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30.06.2011 11:28:54
System Uptime: 17.09.2011 15:44:23 (36 hours ago)
.
Motherboard: CLEVO CO. | | W150HRM
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | SOCKET 0 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 144,248 GiB free.
D: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 14.08.2011 14:00:40 - Windows-Sicherung
RP45: 16.08.2011 18:24:36 - Windows Update
RP46: 18.08.2011 01:15:08 - Windows-Sicherung
RP47: 20.08.2011 01:08:07 - Windows Update
RP48: 23.08.2011 19:06:23 - Removed Adobe Reader 8.3.0
RP49: 23.08.2011 19:12:59 - Windows Update
RP50: 23.08.2011 19:22:01 - Installiert From Dust
RP51: 23.08.2011 20:03:57 - DirectX wurde installiert
RP52: 23.08.2011 20:06:12 - Configured Ubisoft Game Launcher
RP53: 23.08.2011 21:49:51 - Entfernt From Dust
RP54: 23.08.2011 21:51:06 - Installed From Dust
RP55: 23.08.2011 22:24:57 - Windows-Sicherung
RP56: 25.08.2011 01:35:42 - Windows Update
RP57: 28.08.2011 12:59:50 - Windows Update
RP58: 28.08.2011 14:54:58 - Installed Samsung Kies
RP59: 16.09.2011 14:25:26 - Windows Update
RP60: 16.09.2011 14:27:14 - Windows Update
RP61: 16.09.2011 14:34:05 - Windows-Sicherung
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
AkkuLine Batterie-Tool
BisonCam
Crystal Reports for Visual Studio
CrystalDiskInfo 4.0.2
Curse Client
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon Age: Origins
Dropbox
ffdshow [rev 3154] [2009-12-09]
Foxit Reader 5.0
From Dust
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotkey 3.3023
Intel(R) Processor Graphics
Intel® Solid-State Drive Toolbox
IrfanView (remove only)
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
JPEG-EXIF_autorotate
Malwarebytes' Anti-Malware Version 1.51.2.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (German) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (German) 2010
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio Macro Tools
Mobile Connection Manager
Mozilla Firefox 6.0.2 (x86 en-US)
Notepad++
NVIDIA PhysX
PDFCreator
Pidgin
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553008)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Simplo Video Camera
Skype™ 5.5
SSDlife Free
TeamViewer 6
TrueCrypt
Ubisoft Game Launcher
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.9
WebCam Installer
Winamp
.
==== End Of File ===========================
aswMBR.exe log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-19 02:47:52
-----------------------------
02:47:52.207 OS Version: Windows x64 6.1.7601 Service Pack 1
02:47:52.207 Number of processors: 8 586 0x2A07
02:47:52.208 ComputerName: MONSTER UserName: Till
02:47:52.746 Initialize success
02:47:55.628 AVAST engine defs: 11091801
02:48:03.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
02:48:03.752 Disk 0 Vendor: INTEL_SSDSA2CW300G3 4PC10362 Size: 286168MB BusType: 11
02:48:05.784 Disk 0 MBR read successfully
02:48:05.787 Disk 0 MBR scan
02:48:05.790 Disk 0 Windows 7 default MBR code
02:48:05.795 Service scanning
02:48:06.055 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
02:48:06.096 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:48:06.634 Modules scanning
02:48:06.637 Disk 0 trace - called modules:
02:48:06.643 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007a722c0]<<
02:48:06.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e43790]
02:48:06.649 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa8007bf3520]
02:48:06.653 5 ACPI.sys[fffff880011997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007bf2060]
02:48:06.657 \Driver\atapi[0xfffffa8007b8c870] -> IRP_MJ_CREATE -> 0xfffffa8007a722c0
02:48:07.206 AVAST engine scan C:\Windows
02:48:16.456 AVAST engine scan C:\Windows\system32
02:50:49.051 AVAST engine scan C:\Windows\system32\drivers
02:51:12.133 AVAST engine scan C:\Users\Till
02:52:06.988 AVAST engine scan C:\ProgramData
02:52:11.105 Scan finished successfully
02:52:19.087 Disk 0 MBR has been saved successfully to "C:\Users\Till\Documents\MBR.dat"
02:52:19.091 The log file has been saved successfully to "C:\Users\Till\Documents\aswMBR.txt"
The reason why I think this way are the following malwarebytes logs:
2011-09-18 log:
05:24:28 Till MESSAGE Protection started successfully
05:24:32 Till MESSAGE IP Protection started successfully
05:34:40 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51822, Process: firefox.exe)
05:34:40 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51829, Process: firefox.exe)
05:35:04 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51836, Process: firefox.exe)
05:35:12 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51839, Process: firefox.exe)
05:35:20 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51848, Process: firefox.exe)
05:36:08 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51857, Process: firefox.exe)
05:36:08 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51862, Process: firefox.exe)
05:36:32 Till IP-BLOCK 93.174.95.152 (Type: outgoing, Port: 40243, Process: skype.exe)
05:36:40 Till IP-BLOCK 93.174.95.152 (Type: outgoing, Port: 40243, Process: skype.exe)
05:37:44 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51871, Process: firefox.exe)
05:43:20 Till IP-BLOCK 92.241.190.116 (Type: outgoing, Port: 51905, Process: firefox.exe)
07:35:59 Till MESSAGE Scheduled update executed successfully
07:36:19 Till MESSAGE IP Protection stopped
07:36:21 Till MESSAGE Database updated successfully
07:36:21 Till MESSAGE IP Protection started successfully
16:43:36 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
16:43:36 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
16:43:44 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
2011-09-19 log:
02:17:01 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
02:17:01 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 40243, Process: skype.exe)
02:17:41 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 55037, Process: firefox.exe)
02:17:41 Till IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 55038, Process: firefox.exe)
Following the logs created during performing the 6-step-guide:
Antivirus:
Running and Updated MSE
Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7739
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
19.09.2011 02:57:00
mbam-log-2011-09-19 (02-57-00).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 190072
Laufzeit: 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
gmer:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-19 03:11:45
Windows 6.1.7601 Service Pack 1
Running: 9fbqtk85.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0x3B 0xF1 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x4C 0x61 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x37 0xAF 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xF9 0xA8 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x58 0xB4 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7A 0x4C 0x61 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x37 0xAF 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xF9 0xA8 0xF6 ...
---- EOF - GMER 1.0.15 ----
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Till at 3:13:58 on 2011-09-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8099.5317 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=expstart.exe
BHO: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ALBATTTOOL]
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Till\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Till\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Till\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERP~1.LNK - C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7E6A0D15-30D6-4F02-BF1C-49DAF934CAB2} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB} : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB} : DhcpNameServer = 213.191.74.12 213.191.92.82
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\163746163746 : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\163746163746 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\4656661657C647 : NameServer = 62.233.233.233
TCP: Interfaces\{B0A17806-4362-44FE-A753-1D0B9B6D48DB}\4656661657C647 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Till\AppData\Roaming\Mozilla\Firefox\Profiles\2pwvj4sj.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-8-28 159232]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-18 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-30 2214504]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-27 33792]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-12 2337144]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Till\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-6-30 14544]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-1-28 25832]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 massfilter_hs;USB Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-19 01:12:56 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B9D7009-3C29-4F0D-AAD7-2FE7A0D4F5AC}\mpengine.dll
2011-09-18 03:06:42 -------- d-----w- C:\Users\Till\AppData\Roaming\Malwarebytes
2011-09-18 03:06:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-18 03:06:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-18 03:06:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-16 12:25:39 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7A4AF59-A428-4C93-A8FD-1C75ED0F2975}\gapaengine.dll
2011-08-28 13:24:26 -------- d-----w- C:\Temp
2011-08-28 13:23:58 -------- d-----w- C:\Users\Till\AppData\Local\Samsung
2011-08-28 12:56:31 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2011-08-28 12:56:20 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2011-08-28 12:56:20 -------- d-----w- C:\Program Files (x86)\MarkAny
2011-08-28 12:55:31 -------- d-----w- C:\Users\Till\AppData\Roaming\Samsung
2011-08-28 12:55:29 -------- d-----w- C:\ProgramData\Samsung
2011-08-28 12:55:29 -------- d-----w- C:\Program Files (x86)\Samsung
2011-08-28 12:54:47 -------- d-----w- C:\Users\Till\AppData\Local\Downloaded Installations
2011-08-26 23:04:58 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-08-26 23:04:58 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2011-08-26 23:04:58 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-08-26 23:04:54 64512 ----a-w- C:\Windows\SysWow64\MSCC2DE.DLL
2011-08-26 23:04:54 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-08-26 23:04:54 158208 ----a-w- C:\Windows\SysWow64\MSCMCDE.DLL
2011-08-26 23:04:54 125712 ----a-w- C:\Windows\SysWow64\VB6DE.DLL
2011-08-26 23:04:54 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-08-24 23:35:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 23:35:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 18:06:29 -------- d-----w- C:\Users\Till\AppData\Local\Ubisoft Game Launcher
2011-08-23 17:57:57 851456 ----a-w- C:\Windows\System32\msvcp90.dll
2011-08-23 17:07:28 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-08-23 17:06:42 -------- d-----w- C:\Windows\System32\appmgmt
2011-08-21 13:55:42 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
.
==================== Find3M ====================
.
2011-08-22 06:22:38 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 20:17:46 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-15 20:15:40 925184 ----a-w- C:\Windows\expstart.exe
2011-07-15 19:48:52 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-07-15 19:48:34 2851840 ----a-w- C:\Windows\System32\themeui.dll
2011-07-15 19:48:29 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 11:28:15 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-30 11:28:15 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-30 11:03:14 147456 ----a-w- C:\Program Files (x86)\Power Plan Switcher for Windows 7.exe
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 3:14:12,60 ===============
DDS-Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30.06.2011 11:28:54
System Uptime: 17.09.2011 15:44:23 (36 hours ago)
.
Motherboard: CLEVO CO. | | W150HRM
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | SOCKET 0 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 144,248 GiB free.
D: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 14.08.2011 14:00:40 - Windows-Sicherung
RP45: 16.08.2011 18:24:36 - Windows Update
RP46: 18.08.2011 01:15:08 - Windows-Sicherung
RP47: 20.08.2011 01:08:07 - Windows Update
RP48: 23.08.2011 19:06:23 - Removed Adobe Reader 8.3.0
RP49: 23.08.2011 19:12:59 - Windows Update
RP50: 23.08.2011 19:22:01 - Installiert From Dust
RP51: 23.08.2011 20:03:57 - DirectX wurde installiert
RP52: 23.08.2011 20:06:12 - Configured Ubisoft Game Launcher
RP53: 23.08.2011 21:49:51 - Entfernt From Dust
RP54: 23.08.2011 21:51:06 - Installed From Dust
RP55: 23.08.2011 22:24:57 - Windows-Sicherung
RP56: 25.08.2011 01:35:42 - Windows Update
RP57: 28.08.2011 12:59:50 - Windows Update
RP58: 28.08.2011 14:54:58 - Installed Samsung Kies
RP59: 16.09.2011 14:25:26 - Windows Update
RP60: 16.09.2011 14:27:14 - Windows Update
RP61: 16.09.2011 14:34:05 - Windows-Sicherung
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
AkkuLine Batterie-Tool
BisonCam
Crystal Reports for Visual Studio
CrystalDiskInfo 4.0.2
Curse Client
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon Age: Origins
Dropbox
ffdshow [rev 3154] [2009-12-09]
Foxit Reader 5.0
From Dust
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotkey 3.3023
Intel(R) Processor Graphics
Intel® Solid-State Drive Toolbox
IrfanView (remove only)
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
JPEG-EXIF_autorotate
Malwarebytes' Anti-Malware Version 1.51.2.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (German) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (German) 2010
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio Macro Tools
Mobile Connection Manager
Mozilla Firefox 6.0.2 (x86 en-US)
Notepad++
NVIDIA PhysX
PDFCreator
Pidgin
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553008)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Simplo Video Camera
Skype™ 5.5
SSDlife Free
TeamViewer 6
TrueCrypt
Ubisoft Game Launcher
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.9
WebCam Installer
Winamp
.
==== End Of File ===========================
aswMBR.exe log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-19 02:47:52
-----------------------------
02:47:52.207 OS Version: Windows x64 6.1.7601 Service Pack 1
02:47:52.207 Number of processors: 8 586 0x2A07
02:47:52.208 ComputerName: MONSTER UserName: Till
02:47:52.746 Initialize success
02:47:55.628 AVAST engine defs: 11091801
02:48:03.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
02:48:03.752 Disk 0 Vendor: INTEL_SSDSA2CW300G3 4PC10362 Size: 286168MB BusType: 11
02:48:05.784 Disk 0 MBR read successfully
02:48:05.787 Disk 0 MBR scan
02:48:05.790 Disk 0 Windows 7 default MBR code
02:48:05.795 Service scanning
02:48:06.055 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
02:48:06.096 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:48:06.634 Modules scanning
02:48:06.637 Disk 0 trace - called modules:
02:48:06.643 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007a722c0]<<
02:48:06.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e43790]
02:48:06.649 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa8007bf3520]
02:48:06.653 5 ACPI.sys[fffff880011997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007bf2060]
02:48:06.657 \Driver\atapi[0xfffffa8007b8c870] -> IRP_MJ_CREATE -> 0xfffffa8007a722c0
02:48:07.206 AVAST engine scan C:\Windows
02:48:16.456 AVAST engine scan C:\Windows\system32
02:50:49.051 AVAST engine scan C:\Windows\system32\drivers
02:51:12.133 AVAST engine scan C:\Users\Till
02:52:06.988 AVAST engine scan C:\ProgramData
02:52:11.105 Scan finished successfully
02:52:19.087 Disk 0 MBR has been saved successfully to "C:\Users\Till\Documents\MBR.dat"
02:52:19.091 The log file has been saved successfully to "C:\Users\Till\Documents\aswMBR.txt"