|
Log-Analyse und Auswertung: 95p.com redirekt rootkidWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.12.2011, 15:24 | #1 | |
| 95p.com redirekt rootkid hey habe seit gestern das problem das ich bei einer google suche immer auf die seite 95p.com komme. habe bissel gelesen und habe dann erstmal TDSS einen scan gemacht und dann einen mit OTL hier der TDSS scan Zitat:
mfg |
31.12.2011, 15:26 | #2 |
| 95p.com redirekt rootkid OTL scan
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/31/2011 3:17:12 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benni\Downloads Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 218.29 Mb Available Physical Memory | 21.52% Memory free 1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 68.04 Gb Free Space | 68.04% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 53.00 Gb Free Space | 44.97% Space Free | Partition Type: NTFS Drive E: | 630.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 186.31 Gb Total Space | 98.96 Gb Free Space | 53.11% Space Free | Partition Type: NTFS Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Benni\Downloads\OTL.exe (OldTimer Tools) PRC - C:\TDSSkiller\TDSSKiller.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - D:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - D:\Programme\ICQ\ICQ7.2\MDb.dll () MOD - \\?\globalroot\systemroot\system32\mswsock.DLL () ========== Win32 Services (SafeList) ========== SRV - (sftvsa) -- File not found SRV - (MySQL55) -- File not found SRV - (cvhsvc) -- File not found SRV - (BBUpdate) -- File not found SRV - (AsusService) -- File not found SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (AFD) -- C:\windows\system32\drivers\afd.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.comhxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/startpage|hxxp://www.google.de/firefox" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\Vision\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\Vision\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: D:\Programme\Reader\npPagePlaceStarter.dll (Deutsche Telekom AG) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011/11/10 08:52:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011/11/10 08:52:13 | 000,000,000 | ---D | M] [2010/12/18 10:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2011/12/27 23:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\s4ib0x5s.default\extensions () (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S4IB0X5S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Vision\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\windows\System32\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] D:\Programme\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] D:\Programme\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (Ubi Soft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{785E45B2-F95B-4CE9-AFA3-03CAA028D70C}: DhcpNameServer = 131.246.9.116 131.246.1.116 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4D4F6-8E2A-4AE8-96F9-752B373F0060}: NameServer = 192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E79AF3FB-DABC-4232-8FA7-61445012E2AB}: NameServer = 192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF0CD257-4965-476C-8CAD-1FF2482C3132}: NameServer = 192.168.1.2 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Benni\AppData\Local\0b12b8ea\X) -C:\Users\Benni\AppData\Local\0b12b8ea\X () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003/10/21 12:05:21 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2002/11/12 16:39:16 | 000,258,048 | R--- | M] (Blue Byte Software, Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002/01/29 10:43:23 | 000,000,096 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{081c8007-c910-11e0-957e-20cf3070d3d6}\Shell - "" = AutoRun O33 - MountPoints2\{081c8007-c910-11e0-957e-20cf3070d3d6}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/11/12 16:39:16 | 000,258,048 | R--- | M] (Blue Byte Software, Inc.) O33 - MountPoints2\{0aeb2181-c489-11e0-8e31-20cf3070d3d6}\Shell - "" = AutoRun O33 - MountPoints2\{0aeb2181-c489-11e0-8e31-20cf3070d3d6}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\windows\System32\ [2030/01/01 22:45:41 | 000,000,000 | -HSD | C] -- C:\Boot [2011/12/31 15:15:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011/12/31 14:58:43 | 000,000,000 | ---D | C] -- C:\TDSSkiller [2011/12/31 14:24:07 | 000,222,568 | ---- | C] (Teruten) -- C:\windows\System32\FsUsbExService.Exe [2011/12/31 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Avira [2011/12/31 00:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/12/31 00:32:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2011/12/31 00:32:45 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2011/12/31 00:32:45 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2011/12/31 00:32:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2011/12/31 00:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/12/31 00:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011/12/28 22:10:07 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA% [2011/12/28 22:05:46 | 000,000,000 | -HSD | C] -- C:\Users\Benni\AppData\Local\0b12b8ea [2011/12/27 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Byte [2011/12/27 21:48:43 | 000,000,000 | ---D | C] -- C:\BlueByte [2011/12/14 19:00:54 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/12/14 19:00:54 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/12/14 19:00:54 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/12/14 19:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/12/14 19:00:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/12/14 19:00:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2011/12/14 19:00:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/12/14 19:00:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/12/14 19:00:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/12/14 19:00:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/12/14 19:00:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/12/14 19:00:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/12/14 18:52:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2011/12/14 18:37:37 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/12/14 18:36:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EncDec.dll [2011/12/14 18:36:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll [2011/12/14 18:36:07 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/12/14 18:36:06 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/12/12 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Homepage Prof. Dr. Peter Liell-Dateien [2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\windows\System32\ [2011/12/31 15:15:29 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/31 15:15:29 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/31 15:08:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/12/31 15:07:28 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2011/12/31 14:25:54 | 000,655,072 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/12/31 14:25:54 | 000,616,914 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/12/31 14:25:54 | 000,130,364 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/12/31 14:25:54 | 000,106,746 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/12/31 00:41:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011/12/31 00:33:11 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/12/30 19:16:09 | 000,001,440 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk [2011/12/27 21:50:39 | 000,002,048 | ---- | M] () -- C:\Users\Benni\Desktop\Ubi Soft Product Registration.lnk [2011/12/27 21:49:53 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\Die Siedler IV Gold+ Edition.lnk [2011/12/25 19:44:27 | 000,015,485 | ---- | M] () -- C:\Users\Benni\Desktop\last-christmas-piano-tab.png [2011/12/18 03:26:25 | 000,273,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/12/15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2011/12/15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2011/12/12 12:30:26 | 000,000,418 | ---- | M] () -- C:\Users\Benni\Desktop\Homepage Prof. Dr. Peter Liell.htm [2011/12/02 09:15:49 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2030/01/01 22:45:41 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2011/12/31 00:33:11 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/12/30 19:16:09 | 000,001,440 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk [2011/12/27 21:50:39 | 000,002,048 | ---- | C] () -- C:\Users\Benni\Desktop\Ubi Soft Product Registration.lnk [2011/12/25 19:44:25 | 000,015,485 | ---- | C] () -- C:\Users\Benni\Desktop\last-christmas-piano-tab.png [2011/12/12 12:30:21 | 000,000,418 | ---- | C] () -- C:\Users\Benni\Desktop\Homepage Prof. Dr. Peter Liell.htm [2011/12/02 09:15:48 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2011/10/09 23:54:43 | 000,000,232 | ---- | C] () -- C:\windows\ODBCINST.INI [2011/08/17 21:38:56 | 000,069,632 | R--- | C] () -- C:\windows\System32\xmltok.dll [2011/08/17 21:38:56 | 000,036,864 | R--- | C] () -- C:\windows\System32\xmlparse.dll [2011/08/16 21:53:54 | 000,021,747 | ---- | C] () -- C:\windows\MSTMON_S.INI [2011/08/16 21:53:54 | 000,019,253 | ---- | C] () -- C:\windows\MSUMLT_S.INI [2011/06/17 07:06:17 | 000,338,944 | ---- | C] () -- C:\windows\System32\drivers\afd.sys [2011/03/18 19:41:30 | 000,005,120 | ---- | C] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/25 17:59:34 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll [2011/01/25 17:59:34 | 000,042,112 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys [2011/01/07 11:18:55 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2010/12/18 11:21:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/18 10:32:10 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini [2010/12/18 10:30:50 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010/12/18 10:09:45 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2010/12/18 10:09:45 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe [2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2009/10/26 04:38:22 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config [2009/07/26 02:28:45 | 000,655,072 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/07/26 02:28:45 | 000,130,364 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,273,544 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,616,914 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,106,746 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat < End of report > und der extra OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/31/2011 3:17:12 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benni\Downloads Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 218.29 Mb Available Physical Memory | 21.52% Memory free 1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 68.04 Gb Free Space | 68.04% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 53.00 Gb Free Space | 44.97% Space Free | Partition Type: NTFS Drive E: | 630.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 186.31 Gb Total Space | 98.96 Gb Free Space | 53.11% Space Free | Partition Type: NTFS Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "D:\Program Files\Vision\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Program Files\Vision\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{090C73E1-BB48-403D-9DFF-A60FD71FF73A}" = MySQL Connector J "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam "{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7 "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2 "{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1 "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.7 MUI "{B9A129AB-CA6B-4CD1-B55C-792722E2B947}" = MySQL Installer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C4A56-8560-4E3B-AA5D-BDCED4F110E7}" = MySQL Documents "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{DDE2DD42-9ABA-4164-BAAF-A8624819FAE3}" = Multimedia-Führerschein & Verkehr 2010/11 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3ABB4CC-1DC5-4430-BC49-D86AB708A9B8}" = MySQL Workbench 5.2 CE "{E929D860-AB8D-4AC0-8B7F-8DB5D65E46D0}" = MySQL Server 5.5 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J "{F53503A3-41B3-4327-A5C0-B058AB72B90D}" = MySQL Examples and Samples 5.5 "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD753E57-1F44-41E6-B962-E01D76676206}" = MySQL Connector C++ 1.1.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "Blue Byte Game Channel" = Blue Byte Game Channel "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Diagram Designer" = Diagram Designer "Edraw Flowchart_is1" = Edraw Flowchart 6.1 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "KiSS PC-Link" = KiSS PC-Link 3.0.5 "KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.VISIOR" = Microsoft Visio Professional 2010 "OpenVPN" = OpenVPN 2.1.1-gui-1.0.3 "PagePlace" = PagePlace "PokerStars" = PokerStars "S4Uninst" = Die Siedler IV "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.6 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/10/2011 3:02:19 PM | Computer Name = Benni-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 12/10/2011 5:16:08 PM | Computer Name = Benni-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12/12/2011 9:56:50 AM | Computer Name = Benni-PC | Source = .NET Runtime | ID = 1026 Description = Error - 12/12/2011 9:56:53 AM | Computer Name = Benni-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MySQLWorkbench.exe, Version: 5.2.34.7780, Zeitstempel: 0x4ddbbfe9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00908ec4 ID des fehlerhaften Prozesses: 0xcedc Startzeit der fehlerhaften Anwendung: 0x01ccb8d4da778eec Pfad der fehlerhaften Anwendung: D:\Program Files\MySQL\MySQL Workbench CE 5.2.34.2\MySQLWorkbench.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2508f454-24c9-11e1-9f3b-20cf3070d3d6 Error - 12/12/2011 11:23:53 AM | Computer Name = Benni-PC | Source = Application Hang | ID = 1002 Description = Programm MySQLWorkbench.exe, Version 5.2.34.7780 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: caa0 Startzeit: 01ccb8d5efe5d6eb Endzeit: 155 Anwendungspfad: D:\Program Files\MySQL\MySQL Workbench CE 5.2.34.2\MySQLWorkbench.exe Berichts-ID: 42ccef3e-24d5-11e1-9f3b-20cf3070d3d6 Error - 12/12/2011 6:29:06 PM | Computer Name = Benni-PC | Source = .NET Runtime | ID = 1026 Description = Error - 12/12/2011 6:29:07 PM | Computer Name = Benni-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MySQLWorkbench.exe, Version: 5.2.34.7780, Zeitstempel: 0x4ddbbfe9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x055b6e50 ID des fehlerhaften Prozesses: 0x18d54 Startzeit der fehlerhaften Anwendung: 0x01ccb91b66bfc823 Pfad der fehlerhaften Anwendung: D:\Program Files\MySQL\MySQL Workbench CE 5.2.34.2\MySQLWorkbench.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: b3b4e9aa-2510-11e1-9f3b-20cf3070d3d6 Error - 12/14/2011 3:50:27 PM | Computer Name = Benni-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12/14/2011 4:12:23 PM | Computer Name = Benni-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12/17/2011 2:51:59 PM | Computer Name = Benni-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 12/8/2011 1:52:33 PM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/10/2011 3:01:34 PM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/11/2011 3:45:21 AM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 12/11/2011 7:03:30 AM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 12/12/2011 4:38:36 AM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/12/2011 10:46:14 AM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/13/2011 9:47:40 AM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst upnphost erreicht. Error - 12/15/2011 3:39:38 PM | Computer Name = Benni-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der Netzwerkhardwareadresse 00-15-0C-B9-5E-34 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 12/17/2011 2:51:18 PM | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/17/2011 2:52:38 PM | Computer Name = Benni-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E79AF3FB-DABC-4232-8FA7-61445012E2AB} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. < End of report > |
02.01.2012, 16:28 | #3 |
/// Malware-holic | 95p.com redirekt rootkidCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ |
Themen zu 95p.com redirekt rootkid |
95p.com, andere, ccc, config, device, drivers, gestern, google, harddisk, intel, manual, object, partition, problem, rootkit, scan, seite, servicepack, suche, system32, tdss, tool, version, windows\system32\drivers, works |