-
browser hijacked qvo6.com malware
Hello from a new member of this Forum.
Apologise in advance. I'm from Germany and English is not my mother language, so might get some problems for me to understand everything.
I'm on nearly the same problem as the user in thread *browser hijacked* http://forums.spybot.info/showthread...owser-hijacked a few days ago. ken545 was the friendly helper there.
Problem:
qvo6.com spam site gets opened in a tab when starting IE or Firefox.
Removing the link from the IE or Firefox setup doesn't help.
I've tried to fix it with spybot with no success.
Did the ERUNT process.
Followed the steps with Adwcleaner, OTL to analyse the problem source from the above thread until the instructions of post #17
http://forums.spybot.info/showthread...l=1#post441426
Did nothing to OTL cause I do not have the *1-click run* problem in my log files. I've stopped there at #17.
This is my DDS.txt as follows, and the other are attached including aswMBR.txt
attach.zip
aswMBR.txt
Virus scanner was disabled when I did the steps from the other thread. Also there is a wanted tool installed that looks like malware, but is not
Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ <<---- wanted and known extension, doesn't harm
Looking forward to your kind help
Regards
Peter
-----------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by HEF01 at 14:38:16 on 2013-05-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.637 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\cjpcsc.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe
C:\Program Files\HI-epanelLSPService\HI-epanelLSPService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
C:\Program Files\Mobile Partner Manager\AssistantServices.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Mobile Partner Manager\UIExec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\Wertpapieranalyse 2012\wm60.exe
C:\Program Files\Bagusoft Password Safe\pwsafe.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Program Files\Lexware\Quicken\2012\qw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\HEF01\Downloads\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = localhost:21320
uProxyOverride = <local>;192.168.*.*
BHO: Digital Trends Club: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - c:\program files\digital trends club\Gacela2.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
uRun: [Google Update] "c:\users\hef01\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [SkyDrive] "c:\users\hef01\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Akamai NetSession Interface] "c:\users\hef01\appdata\local\akamai\netsession_win.exe"
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [ACTray] c:\program files\lenovo\access connections\ACTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HI-epanel-WatchDog] "c:\program files\hi-epanellspservice\HI-epanel-WatchDog.exe" /Debug
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FLxHCIm] "c:\program files\fresco logic inc\fresco logic usb3.0 host controller\host\FLxHCIm.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [UIExec] "c:\program files\mobile partner manager\UIExec.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [Del224411197] cmd.exe /Q /D /c del "c:\users\hef01\appdata\local\temp\0.del"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hef01\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\key-or~1.lnk - c:\program files\aidex\keyorganizer\KeyOrganizer.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\hef01\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - c:\program files\digital trends club\Gacela2.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\windows\system32\HI-epanelLSPService.DLL
LSP: bmnet.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.178.36/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11} : DHCPNameServer = 212.166.210.80 212.73.32.67
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414D234845434B4D284546423 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414F503731323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\5416379724F687D2837323441383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273339303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\8405531333434343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\D6F63757378696 : DHCPNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
IFEO: avnotify.exe - null.exe
IFEO: ipmgui.exe - null.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\siz\sizchip-plugin\mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\hef01\appdata\local\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\users\hef01\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-17 21:17; fb_add_on@avm.de; c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-4 25416]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-3-20 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-3-20 41544]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-25 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2011-4-16 14949]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-3-20 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-3-20 186952]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-3-19 7936]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-6-27 13680]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-5-25 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-5-25 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-25 83392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-8-23 104240]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2011-4-16 506288]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-20 68168]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-5 48640]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-9-8 132864]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [2013-4-21 105728]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-11-15 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-11-15 29472]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-2-2 388264]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-4 72832]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-4 125696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-30 22856]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-9-30 10383360]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 22640]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2011-5-23 375296]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2011-5-23 190848]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-4-3 38200]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-12-5 25088]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-9 38336]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-7-18 509456]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [2011-4-16 28144]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-9-8 280640]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-4 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-4 348160]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-11-19 174080]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-11-19 38400]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-2-14 49664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-1-4 9216]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-8 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2012-7-15 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-8 49664]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2012-1-4 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2012-1-4 105856]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver 4\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-30 11:35:07 -------- d-----w- c:\users\hef01\appdata\roaming\Malwarebytes
2013-05-30 11:34:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-30 11:34:45 -------- d-----w- c:\programdata\Malwarebytes
2013-05-30 11:34:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-30 10:40:44 -------- d-----w- c:\windows\ERUNT
2013-05-30 10:40:30 -------- d-----w- C:\JRT
2013-05-29 23:51:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-29 23:51:02 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-29 23:50:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-28 08:29:37 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\offreg.dll
2013-05-28 08:07:29 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\mpengine.dll
2013-05-23 19:28:00 -------- d-----w- c:\users\hef01\.thumbnails
2013-05-23 19:23:50 -------- d-----w- c:\users\hef01\appdata\local\fontconfig
2013-05-23 19:23:49 -------- d-----w- c:\users\hef01\.gimp-2.8
2013-05-23 19:23:48 -------- d-----w- c:\users\hef01\appdata\local\gegl-0.2
2013-05-23 19:19:41 -------- d-----w- c:\program files\GIMP 2
2013-05-23 19:18:48 -------- d-----w- c:\program files\common files\337
2013-05-23 19:18:45 -------- d-----w- c:\programdata\eSafe
2013-05-23 19:17:41 -------- d-----w- c:\users\hef01\appdata\local\Temp6d0f0d5e9b2f9168be1f2b87cf34f9e2
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\ChromeExtensions
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempe46dda8bb39b9c8e8cfd4432b6411a3c
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempd24b12627639ae220aaee1670257cc72
2013-05-23 19:17:35 -------- d-----w- c:\users\hef01\appdata\roaming\eIntaller
2013-05-21 13:57:00 383616 ----a-w- c:\windows\system32\HI-epanelLSPService64.dll
2013-05-21 13:57:00 316032 ----a-w- c:\windows\system32\HI-epanelLSPService.dll
2013-05-20 15:01:17 -------- d-----w- c:\users\hef01\appdata\roaming\IPCamWizard
2013-05-20 15:01:14 -------- d-----w- c:\program files\IP Camera Wizard
2013-05-15 07:46:43 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 07:46:43 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 07:46:38 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 07:46:29 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:46:29 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 07:46:21 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 07:46:20 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 07:46:20 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-14 22:08:09 9195912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-06 23:56:24 59816 ----a-r- c:\users\hef01\appdata\roaming\microsoft\installer\{1d2ff661-4402-4d75-aa40-b23fcaf81d32}\ARPPRODUCTICON.exe
2013-05-06 16:13:26 126976 ----a-w- c:\windows\system32\GPEapSim.dll
2013-05-06 16:09:49 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys
2013-05-06 16:09:32 -------- d-----w- c:\windows\system32\SupportAppCB
2013-05-06 16:09:20 -------- d-----w- c:\program files\Mobile Partner Manager
2013-05-06 08:07:14 -------- d-----w- c:\program files\common files\SPBA
2013-05-04 00:08:20 39936 ----a-w- c:\windows\system32\capi2032.dll
2013-05-03 22:49:49 62736 ----a-w- c:\program files\common files\system\ole db\msdatl2.dll
2013-05-03 22:49:49 5392 ----a-w- c:\program files\common files\system\ole db\OLEDB32X.DLL
2013-05-03 22:49:41 7952 ----a-w- c:\windows\system32\odbccp32.cpl
2013-05-02 14:15:52 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-05-02 14:15:50 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzPort.dll
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzColorPort.dll
2013-05-01 23:19:48 451888 ----a-w- c:\windows\system32\HHActiveX.dll
2013-05-01 23:19:48 42288 ----a-w- c:\windows\system32\Fridru32.dll
2013-05-01 23:19:47 -------- d-----w- c:\users\hef01\appdata\roaming\FRITZ!fax für FRITZ!Box
2013-05-01 23:19:47 -------- d-----w- c:\programdata\ISDNWatch
2013-05-01 23:19:47 -------- d-----w- c:\program files\FRITZ!
2013-05-01 23:13:14 328704 ----a-w- c:\windows\IsUn0407.exe
2013-05-01 01:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2013-05-14 22:08:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:08:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 07:54:15 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-07 07:54:15 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
2013-05-07 07:54:10 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-07 07:54:09 355056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 04:54:00 3752744 ------w- c:\windows\system32\PWMCP32V.cpl
2013-04-23 04:54:00 2692904 ------w- c:\windows\PWMBTHLV.EXE
2013-04-23 04:54:00 25416 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2013-04-23 04:54:00 19712 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2013-04-21 10:03:07 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 03:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-22 00:26:10 4082688 ----a-w- c:\windows\system32\qtintf70.dll
2013-03-19 17:06:54 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-10 17:11:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 17:11:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD75 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8381A000]<< >>UNKNOWN [0x8C200000]<< >>UNKNOWN [0x8C3E5000]<< >>UNKNOWN [0x83FA4000]<< >>UNKNOWN [0x83C2D000]<< >>UNKNOWN [0x8C41D000]<< >>UNKNOWN [0x8C0B5000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Harddisk0\DR0[0x89266A28]
\Driver\Disk[0x89264238] -> IRP_MJ_CREATE -> 0x8C20439F
3 [0x8C20459E] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> [0x8732C950]
\Driver\ACPI[0x8657AE48] -> IRP_MJ_CREATE -> 0x83FAD4CC
5 [0x83FAD3D4] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Ide\IAAStorageDevice-1[0x87378028]
\Driver\iaStor[0x87319B00] -> IRP_MJ_CREATE -> 0x8C486F20
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
error: Read Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:39:31,37 ===============
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
