| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 rätselhafte popups und weiterleitung auf andre WebsitesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2010, 23:03
| #1 |
| |  Windows 7 rätselhafte popups und weiterleitung auf andre Websites Hallo Trojaner Board, Ich habe seit kurzem Windows 7 Ultimate 32bit installiert und bin sehr begeistert doch seit ca. 2-3Wochen vllt. sogar länger habe ich etwas bemerkt. Wenn ich in Googel seiten aufgerufen habe wurde ich nciht auf die Seite verwiesen die bei Googel gelistet wurde, sondenr auf Werbesites oderso. Oder wenn ich Firefox etwas länger laufen lies, öffnen sich Popups Automatisch. Heute besonders stark da ich es gemerkt habe durch den Kaspersky Internet Security 2010 der das hier blockiert hat: Code:
ATTFilter 27.01.2010 22:47:35 Verboten: http://91.213.121.11/download/nocl.exe (mit der Datenbank für verdächtige Webadressen untersuchen) http://91.213.121.11/download/nocl.exe Der Link wurde in einer Datenbank gefunden Host Process for Windows Services
So HijackThis logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58:55, on 27.01.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Creative\DVDAudio\CTDVDDET.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\ScannerU\AM32.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe O4 - Startup: Mobiola Web Camera for S60.lnk = C:\Program Files\Mobiola Web Camera for S60\webcam.exe O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3CBA4C-E933-4DB4-9340-7B11F540BAD1}: NameServer = 192.168.0.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 10265 bytes Internet Explorer ist komplett deinstalliert! Malwarebytes läuft gerade nochmals durch. Spybot hat auch nichts gefunden! Bin langsam am verzweifeln.... Grüße SKyX |
|
28.01.2010, 00:06
| #2 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Malewarebytes hat folgende Meldung zum Schluss ausgespuckt:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3644
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.01.2010 23:28:04
mbam-log-2010-01-27 (23-28-04).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 276657
Laufzeit: 44 minute(s), 43 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
28.01.2010, 15:28
| #3 |
  | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. Gmer (ist nicht freigegeben für Win 7, müssen wir probieren, muß als Admin gestartet werden!) Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. chris
__________________ |
|
28.01.2010, 17:42
| #4 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Gmer kann ich schon im Vorfeld sagen, dass Windows 7 Abstürzt und ein Speicherfehler auslöst. Habs zweimal hintereinander gehabt. OTL Log Code:
ATTFilter OTL logfile created on: 28.01.2010 17:36:36 - Run 1 OTL by OldTimer - Version 3.1.27.0 Folder = D:\DOWNLOADS Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 53,61 Gb Total Space | 16,78 Gb Free Space | 31,30% Space Free | Partition Type: NTFS Drive D: | 95,34 Gb Total Space | 58,67 Gb Free Space | 61,54% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 3,84 Gb Total Space | 1,55 Gb Free Space | 40,38% Space Free | Partition Type: NTFS Drive Y: | 229,23 Gb Total Space | 0,07 Gb Free Space | 0,03% Space Free | Partition Type: NTFS Drive Z: | 229,23 Gb Total Space | 109,60 Gb Free Space | 47,81% Space Free | Partition Type: NTFS Computer Name: AMD-PC Current User Name: PatrickSchinker Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\DOWNLOADS\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams) PRC - C:\Programme\Creative\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) PRC - C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation) PRC - C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation) PRC - C:\Programme\ScannerU\AM32.exe () ========== Modules (SafeList) ========== MOD - D:\DOWNLOADS\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Ray Adams\ATI Tray Tools\raphook.dll () ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (VRLBMR) -- C:\Users\PATRIC~1\AppData\Local\Temp\VRLBMR.exe (Sysinternals - www.sysinternals.com) SRV - (MEUAUORJLR) -- C:\Users\PATRIC~1\AppData\Local\Temp\MEUAUORJLR.exe (Sysinternals - www.sysinternals.com) SRV - (VDBLUWHQE) -- C:\Users\PATRIC~1\AppData\Local\Temp\VDBLUWHQE.exe (Sysinternals - www.sysinternals.com) SRV - (Creative Dolby Digital Live Pack Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (InterBaseServer) -- C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation) SRV - (InterBaseGuardian) -- C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation) ========== Driver Services (SafeList) ========== DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTERFXFX.SYS) -- C:\Windows\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd) DRV - (CTERFXFX) -- C:\Windows\System32\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd) DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd) DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd) DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd) DRV - (SkyNetBDA) TechniSat DVB-PC TV Star PCI (BDA) -- C:\Windows\System32\drivers\SkyNetBDA.sys (TechniSat Digital, S.A.) DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.) DRV - (atitray) -- C:\Programme\Ray Adams\ATI Tray Tools\atitray.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 41 48 13 01 83 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.12.22 16:28:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.21 00:01:57 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.18 23:40:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009.12.23 03:10:47 | 00,000,000 | ---D | M] [2009.12.25 04:15:17 | 00,000,000 | ---D | M] -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Extensions [2010.01.28 16:23:09 | 00,000,000 | ---D | M] -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Firefox\Paddy\extensions [2010.01.28 16:23:08 | 00,000,000 | ---D | M] (Speed Dial) -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Firefox\Paddy\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2009.12.22 13:21:53 | 00,000,000 | ---D | M] -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Mozilla_old\Extensions [2009.12.22 13:21:53 | 00,000,000 | ---D | M] (No name found) -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Mozilla_old\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.12.24 17:25:05 | 00,000,000 | ---D | M] -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Mozilla_old\Firefox\Profiles\zqm6xwju.default\extensions [2009.12.23 11:28:36 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Mozilla_old\Firefox\Profiles\zqm6xwju.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.12.22 13:27:44 | 00,000,000 | ---D | M] (Speed Dial) -- C:\Users\PatrickSchinker\AppData\Roaming\mozilla\Mozilla_old\Firefox\Profiles\zqm6xwju.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.01.28 16:23:09 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.12.23 03:11:34 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.01.13 23:46:00 | 00,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2009.12.02 09:31:53 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 09:31:53 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 09:31:53 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 09:31:53 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 09:31:53 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.01.26 20:54:09 | 00,372,081 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 http://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 12824 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe File not found O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RegisterDropHandler] C:\Programme\ScannerU\TBridge\Bin\RegisterDropHandler.exe () O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Programme\ScannerU\TBridge\Bin\RegisterDropHandler.exe () O4 - Startup: C:\Users\PatrickSchinker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams) O4 - Startup: C:\Users\PatrickSchinker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mobiola Web Camera for S60.lnk = C:\Programme\Mobiola Web Camera for S60\webcam.exe (Warelex LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0012-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.2.0/jinstall-1_2_0-windows-i586.cab (Java Plug-in 1.2.0) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.28 17:34:03 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\PatrickSchinker\Desktop\OTL.exe [2010.01.28 02:24:15 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.01.28 02:23:05 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010.01.28 02:22:59 | 00,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.01.28 02:22:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.01.27 21:50:08 | 02,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.01.27 21:50:04 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.01.27 21:50:04 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.01.27 21:50:02 | 00,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.01.27 21:50:02 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.01.27 14:39:59 | 00,000,000 | ---D | C] -- C:\Windows\Minidump [2010.01.27 14:34:31 | 00,085,969 | ---- | C] (GMER) -- C:\Windows\System32\drivers\gmer.sys [2010.01.27 12:19:19 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Roaming\Malwarebytes [2010.01.27 12:19:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.01.27 12:19:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.01.27 12:19:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.01.27 12:19:03 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.01.27 11:55:17 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.01.26 23:26:47 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.01.21 21:21:24 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\Desktop\Karl [2010.01.21 14:34:57 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\Documents\Activstudio3 [2010.01.20 00:53:59 | 00,000,000 | ---D | C] -- C:\Web [2010.01.20 00:32:48 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\Documents\Artisteer Templates [2010.01.19 22:17:34 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\Documents\Alcohol 120% [2010.01.18 23:52:08 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Roaming\Artisteer [2010.01.18 23:49:26 | 00,000,000 | ---D | C] -- C:\Programme\Artisteer 2 [2010.01.18 23:40:40 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.01.18 21:33:19 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Roaming\Opera [2010.01.18 21:33:19 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Local\Opera [2010.01.18 16:51:48 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Local\Mumble [2010.01.18 16:39:44 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\AppData\Roaming\Mumble [2010.01.18 16:39:17 | 00,000,000 | ---D | C] -- C:\Programme\Mumble [2010.01.17 20:22:09 | 00,000,000 | ---D | C] -- C:\ProgramData\CMUV [2010.01.17 20:21:56 | 00,000,000 | ---D | C] -- C:\Programme\DVBViewer TE2 [2010.01.17 20:11:01 | 00,507,408 | ---- | C] (TechniSat Digital, S.A.) -- C:\Windows\System32\drivers\SkyNET.sys [2010.01.17 20:10:59 | 00,551,824 | ---- | C] (TechniSat Digital, S.A.) -- C:\Windows\System32\drivers\SkyNetBDA.sys [2009.12.29 20:58:43 | 00,000,000 | ---D | C] -- C:\Users\PatrickSchinker\Documents\Remote Assistance Logs [2009.12.23 01:02:07 | 00,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.01.28 17:38:41 | 06,815,744 | -HS- | M] () -- C:\Users\PatrickSchinker\NTUSER.DAT [2010.01.28 17:34:07 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\PatrickSchinker\Desktop\OTL.exe [2010.01.28 16:20:06 | 00,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.01.28 16:20:06 | 00,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.01.28 16:20:06 | 00,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.01.28 16:20:06 | 00,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.01.28 16:20:05 | 01,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.01.28 13:42:46 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.01.28 13:42:46 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.01.28 13:38:09 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.01.28 13:38:09 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.01.28 13:38:09 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.01.28 13:38:09 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.01.28 13:38:09 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.01.28 13:37:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.01.28 13:37:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.01.28 13:37:30 | 16,102,60480 | -HS- | M] () -- C:\hiberfil.sys [2010.01.28 13:36:44 | 00,033,232 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2010.01.28 13:36:44 | 00,033,232 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2010.01.28 13:36:44 | 00,032,448 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2010.01.28 13:36:44 | 00,032,448 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2010.01.28 13:36:44 | 00,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx [2010.01.28 13:36:20 | 01,972,467 | -H-- | M] () -- C:\Users\PatrickSchinker\AppData\Local\IconCache.db [2010.01.28 02:24:08 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.01.28 02:23:04 | 00,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.01.27 14:34:31 | 00,884,736 | ---- | M] () -- C:\Windows\gmer.dll [2010.01.27 14:34:31 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys [2010.01.27 14:34:31 | 00,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd [2010.01.27 14:33:43 | 00,811,008 | ---- | M] () -- C:\Windows\gmer.exe [2010.01.27 12:19:11 | 00,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.27 11:55:18 | 00,002,050 | ---- | M] () -- C:\Users\PatrickSchinker\Desktop\HijackThis.lnk [2010.01.27 02:15:59 | 00,004,096 | -H-- | M] () -- C:\Users\PatrickSchinker\AppData\Local\keyfile3.drm [2010.01.26 20:54:09 | 00,372,081 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.01.22 21:04:48 | 00,000,600 | ---- | M] () -- C:\Users\PatrickSchinker\AppData\Local\PUTTY.RND [2010.01.20 00:25:55 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010.01.19 11:38:05 | 02,364,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.01.19 00:10:23 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm [2010.01.19 00:10:23 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm [2010.01.18 23:43:30 | 00,125,280 | ---- | M] () -- C:\Users\PatrickSchinker\AppData\Local\GDIPFONTCACHEV1.DAT [2010.01.18 23:40:07 | 00,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010.01.18 23:22:04 | 00,001,304 | ---- | M] () -- C:\Users\PatrickSchinker\Desktop\Notepad.lnk [2010.01.18 18:53:54 | 04,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF [2010.01.18 16:47:51 | 00,002,385 | ---- | M] () -- C:\Users\PatrickSchinker\Documents\MumbleAutomaticCertificateBackup.p12 [2010.01.17 20:21:58 | 00,000,964 | ---- | M] () -- C:\Users\PatrickSchinker\Desktop\DVBViewer TE2.lnk [2010.01.14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.01.11 08:12:38 | 00,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.01.28 13:38:09 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.01.28 13:38:09 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010.01.28 13:38:09 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010.01.28 13:38:09 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010.01.28 13:38:09 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010.01.28 02:30:24 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.01.28 02:23:04 | 00,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.01.28 00:12:32 | 00,293,376 | ---- | C] () -- C:\Users\PatrickSchinker\Desktop\gga.exe [2010.01.27 14:34:31 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll [2010.01.27 14:34:31 | 00,811,008 | ---- | C] () -- C:\Windows\gmer.exe [2010.01.27 14:34:31 | 00,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd [2010.01.27 12:19:11 | 00,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.27 11:55:17 | 00,002,050 | ---- | C] () -- C:\Users\PatrickSchinker\Desktop\HijackThis.lnk [2010.01.27 02:15:59 | 00,004,096 | -H-- | C] () -- C:\Users\PatrickSchinker\AppData\Local\keyfile3.drm [2010.01.20 00:25:55 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.01.18 23:40:07 | 00,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk [2010.01.18 23:22:04 | 00,001,304 | ---- | C] () -- C:\Users\PatrickSchinker\Desktop\Notepad.lnk [2010.01.18 16:47:51 | 00,002,385 | ---- | C] () -- C:\Users\PatrickSchinker\Documents\MumbleAutomaticCertificateBackup.p12 [2010.01.17 20:21:58 | 00,000,964 | ---- | C] () -- C:\Users\PatrickSchinker\Desktop\DVBViewer TE2.lnk [2009.12.23 13:26:23 | 00,011,264 | ---- | C] () -- C:\Users\PatrickSchinker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.23 03:19:22 | 00,000,600 | ---- | C] () -- C:\Users\PatrickSchinker\AppData\Local\PUTTY.RND [2009.12.23 01:04:00 | 00,176,128 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.12.23 01:04:00 | 00,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.23 01:02:07 | 00,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll [2009.12.23 01:02:07 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll [2009.12.23 01:02:05 | 00,049,962 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.12.23 01:02:05 | 00,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini [2009.12.23 01:02:05 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.12.22 18:03:21 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.12.22 17:14:34 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.12.22 16:25:03 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.12.22 16:25:03 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.12.22 16:25:02 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.22 16:25:01 | 00,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.12.22 16:25:00 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.22 16:25:00 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.12.22 15:17:39 | 00,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2009.12.22 14:53:50 | 00,055,808 | ---- | C] () -- C:\Windows\System32\ActPanel.dll [2009.12.22 14:12:01 | 00,000,231 | ---- | C] () -- C:\Windows\AC3API.INI [2009.12.22 14:08:35 | 00,000,136 | ---- | C] () -- C:\Windows\SBWIN.INI [2009.12.22 14:03:29 | 00,000,105 | ---- | C] () -- C:\Windows\pccuo.ini [2009.12.22 14:03:11 | 00,028,672 | ---- | C] () -- C:\Windows\pccuo.dll [2009.12.22 14:03:11 | 00,001,871 | ---- | C] () -- C:\Windows\~~~runcd.ini [2009.12.22 13:19:44 | 00,007,598 | ---- | C] () -- C:\Users\PatrickSchinker\AppData\Local\Resmon.ResmonCfg [2009.12.22 13:17:55 | 00,000,374 | ---- | C] () -- C:\Windows\SCNDRVU.INI [2009.12.22 13:17:51 | 00,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL [2009.12.22 13:17:51 | 00,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL [2009.12.22 13:17:50 | 00,046,512 | ---- | C] () -- C:\Windows\System32\EPSN.DLL [2009.12.22 13:17:50 | 00,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2009.12.22 13:17:50 | 00,000,114 | ---- | C] () -- C:\Windows\Tb98.ini [2009.12.22 13:17:45 | 01,513,984 | ---- | C] () -- C:\Windows\System32\Mgxrdr80.dll [2009.12.22 13:17:45 | 00,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL [2009.12.22 13:17:45 | 00,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL [2009.12.22 13:17:45 | 00,064,000 | ---- | C] () -- C:\Windows\System32\Ppiv30.dll [2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007.04.12 08:10:28 | 00,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll [2006.09.12 10:08:38 | 06,172,672 | ---- | C] () -- C:\Windows\System32\HwRecogK.dll [2006.08.14 08:56:52 | 07,946,240 | ---- | C] () -- C:\Windows\System32\HWRecogT.dll [2006.08.13 16:48:58 | 15,147,008 | ---- | C] () -- C:\Windows\System32\HWRecog.dll [2003.08.07 15:01:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2003.03.24 05:03:00 | 00,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL [1998.03.26 00:12:00 | 00,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:9D1B94FD < End of report > |
|
28.01.2010, 17:43
| #5 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Extra Log: Code:
ATTFilter OTL Extras logfile created on: 28.01.2010 17:36:36 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = D:\DOWNLOADS
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,61 Gb Total Space | 16,78 Gb Free Space | 31,30% Space Free | Partition Type: NTFS
Drive D: | 95,34 Gb Total Space | 58,67 Gb Free Space | 61,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,84 Gb Total Space | 1,55 Gb Free Space | 40,38% Space Free | Partition Type: NTFS
Drive Y: | 229,23 Gb Total Space | 0,07 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
Drive Z: | 229,23 Gb Total Space | 109,60 Gb Free Space | 47,81% Space Free | Partition Type: NTFS
Computer Name: AMD-PC
Current User Name: PatrickSchinker
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5170f4ae-824f-4e0f-8cf1-027a1f63cd52}" = Nero 9
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{701FBA22-A157-4F69-91A5-CBED824ADF7A}" = Activstudio Student Edition v3.6
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"AC3Filter" = AC3Filter (remove only)
"AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ALchemy" = Creative ALchemy
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.30
"AudioCS" = Creative-Audiokonsole
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DVBViewer TE2_is1" = DVBViewer TE2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Equalizer" = Creative-Grafik-Equalizer
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.30
"GIF Animator" = Microsoft GIF Animator
"HijackThis" = HijackThis 2.0.2
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"InterBase" = InterBase 6.5
"JRE 1.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mobiola Web Camera for S60_is1" = Mobiola Web Camera for S60 3.0.15
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mumble" = Mumble and Murmur
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Plustek USB Scanner" = Plustek USB Scanner
"ProgDVB" = ProgDVB
"rayatitray" = Ray Adams ATI Tray Tools
"RealVNC_is1" = VNC Enterprise Edition E4.4.2
"SFBM" = SoundFont-Bank-Manager
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"SPEAKER" = Creative Lautsprechereinstellungen
"Steam App 240" = Counter-Strike: Source
"TBAN v2 Navigation " = TBAN v2 Navigation
"Totalcmd" = Total Commander (Remove or Repair)
"vbcpp40" = VisiBroker for Cpp 4.5
"VLC media player" = VLC media player 1.0.3
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinISD Pro [alpha]" = WinISD Pro [alpha]
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.01.2010 15:09:35 | Computer Name = AMD-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2810,
Zeitstempel: 0x4b2f0bcd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00055668 ID des fehlerhaften
Prozesses: 0x9ec Startzeit der fehlerhaften Anwendung: 0x01ca9abc6ce47813 Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 82b46451-06c0-11df-818d-00805a300b10
Error - 21.01.2010 16:36:57 | Computer Name = AMD-PC | Source = WinVNC4 | ID = 1
Description = SConnection: AuthFailureException: Access is denied
Error - 21.01.2010 18:53:21 | Computer Name = AMD-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2810,
Zeitstempel: 0x4b2f0bcd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00053067 ID des fehlerhaften
Prozesses: 0x51c Startzeit der fehlerhaften Anwendung: 0x01ca9ad57e52e0de Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c54b24ce-06df-11df-818d-00805a300b10
Error - 22.01.2010 14:32:13 | Computer Name = AMD-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2810,
Zeitstempel: 0x4b2f0bcd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005a849 ID des fehlerhaften
Prozesses: 0x740 Startzeit der fehlerhaften Anwendung: 0x01ca9b7ade4760c9 Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 74debda8-0784-11df-989b-00805a300b10
Error - 23.01.2010 07:15:05 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.01.2010 07:15:07 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\ray
adams\ati tray tools\utils64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.01.2010 07:15:57 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 25.01.2010 07:19:26 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.01.2010 07:19:28 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\ray
adams\ati tray tools\utils64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.01.2010 07:20:22 | Computer Name = AMD-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 25.12.2009 07:39:57 | Computer Name = AMD-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Betrieb" den Befehl "chkdsk" aus.
Error - 25.12.2009 07:39:57 | Computer Name = AMD-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Betrieb" den Befehl "chkdsk" aus.
Error - 25.12.2009 07:39:57 | Computer Name = AMD-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Betrieb" den Befehl "chkdsk" aus.
Error - 25.12.2009 07:39:57 | Computer Name = AMD-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Betrieb" den Befehl "chkdsk" aus.
Error - 31.12.2009 08:55:00 | Computer Name = AMD-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 17.01.2010 15:20:48 | Computer Name = AMD-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 19.01.2010 07:32:51 | Computer Name = AMD-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 20.01.2010 19:08:42 | Computer Name = AMD-PC | Source = DCOM | ID = 10005
Description =
Error - 20.01.2010 19:08:42 | Computer Name = AMD-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.01.2010 19:08:42 | Computer Name = AMD-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
< End of report >
|
|
28.01.2010, 19:24
| #6 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Hi, Dein Explorer ist sehr "nue": Code:
ATTFilter [2010.01.27 21:50:08 | 02,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
Fileuplod: http://www.file-upload.net/, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich... Lade dir Lop S&D (http://eric.71.mespages.googlepages.com/LopSD.exe) herunter. Führe Lop S&D.exe per Doppelklick aus. Bei Vista und Win7 bitte unter Admin-Rechten ausführen! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen). chris
__________________ --> Windows 7 rätselhafte popups und weiterleitung auf andre Websites |
|
28.01.2010, 20:06
| #7 |
  | Windows 7 rätselhafte popups und weiterleitung auf andre Websites @Chris4You Der Rechner ist infiziert mit ein Rootkit  |
|
28.01.2010, 22:25
| #8 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites So die LOG: Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows 7 ( v6.1.7600 )
X86-based PC ( Multiprocessor Free : Dual Core AMD Opteron(tm) Processor )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:53 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:95 Go (Free:58 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
L:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 28.01.2010|22:17 )
[ UAC => 0 ]
--------------------\\ Ordner Verzeichnis unter Local
[18.01.2010|23:41] C:\Users\~1\AppData\Local\Adobe
[22.12.2009|12:29] C:\Users\~1\AppData\Local\Anwendungsdaten
[22.12.2009|18:01] C:\Users\~1\AppData\Local\ashampoo
[25.12.2009|14:17] C:\Users\~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[25.01.2010|12:25] C:\Users\~1\AppData\Local\Diagnostics
[25.12.2009|14:27] C:\Users\~1\AppData\Local\Downloaded Installations
[25.01.2010|12:25] C:\Users\~1\AppData\Local\ElevatedDiagnostics
[18.01.2010|23:43] C:\Users\~1\AppData\Local\GDIPFONTCACHEV1.DAT
[22.12.2009|15:34] C:\Users\~1\AppData\Local\GHISLER
[28.01.2010|13:36] C:\Users\~1\AppData\Local\IconCache.db
[27.01.2010|02:15] C:\Users\~1\AppData\Local\keyfile3.drm
[28.01.2010|18:06] C:\Users\~1\AppData\Local\Microsoft
[22.12.2009|14:35] C:\Users\~1\AppData\Local\Microsoft Help
[22.12.2009|13:21] C:\Users\~1\AppData\Local\Mozilla
[18.01.2010|16:51] C:\Users\~1\AppData\Local\Mumble
[18.01.2010|21:33] C:\Users\~1\AppData\Local\Opera
[24.12.2009|18:44] C:\Users\~1\AppData\Local\PowerDVDCinema
[24.12.2009|18:44] C:\Users\~1\AppData\Local\PowerDVDCox
[22.01.2010|21:04] C:\Users\~1\AppData\Local\PUTTY.RND
[22.12.2009|13:19] C:\Users\~1\AppData\Local\Resmon.ResmonCfg
[28.01.2010|22:11] C:\Users\~1\AppData\Local\Temp
[22.12.2009|12:29] C:\Users\~1\AppData\Local\Temporary Internet Files
[22.12.2009|12:29] C:\Users\~1\AppData\Local\Verlauf
[22.12.2009|14:05] C:\Users\~1\AppData\Local\VirtualStore
[22.12.2009|18:13] C:\Users\~1\AppData\Local\WinAVI
[6|Datei(en),] C:\Users\~1\AppData\Local\Bytes
[21|Verzeichnis(se),] C:\Users\~1\AppData\Local\Bytes frei
--------------------\\ Geplante Aufgaben unter C:\Windows\Tasks
[28.01.2010 13:38][--a------] C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[28.01.2010 13:38][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[28.01.2010 13:38][--a------] C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[28.01.2010 13:38][--a------] C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[28.01.2010 13:38][--a------] C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[28.01.2010 13:37][--ah-----] C:\Windows\tasks\SA.DAT
[14.07.2009 05:53][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Ordner Verzeichnis unter C:\ProgramData
[28.01.2010|02:23] C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[25.12.2009|14:28] C:\ProgramData\Activ Software
[18.01.2010|23:38] C:\ProgramData\Adobe
[22.12.2009|12:26] C:\ProgramData\Anwendungsdaten
[22.12.2009|18:01] C:\ProgramData\ashampoo
[17.01.2010|20:22] C:\ProgramData\CMUV
[23.12.2009|01:16] C:\ProgramData\Creative
[23.12.2009|01:16] C:\ProgramData\Creative Labs
[24.12.2009|19:53] C:\ProgramData\CyberLink
[22.12.2009|12:26] C:\ProgramData\Desktop
[22.12.2009|12:26] C:\ProgramData\Dokumente
[22.12.2009|12:26] C:\ProgramData\Favoriten
[22.12.2009|16:57] C:\ProgramData\FlashFXP
[26.12.2009|14:25] C:\ProgramData\FLEXnet
[22.12.2009|16:27] C:\ProgramData\Installations
[22.12.2009|15:18] C:\ProgramData\InstallShield
[28.01.2010|14:01] C:\ProgramData\Kaspersky Lab
[23.12.2009|03:05] C:\ProgramData\Kaspersky Lab Setup Files
[28.01.2010|02:24] C:\ProgramData\Lavasoft
[29.12.2009|12:15] C:\ProgramData\LightScribe
[27.01.2010|12:19] C:\ProgramData\Malwarebytes
[25.01.2010|22:49] C:\ProgramData\Messenger Plus!
[24.12.2009|17:34] C:\ProgramData\Microsoft
[27.01.2010|21:54] C:\ProgramData\Microsoft Help
[22.12.2009|17:11] C:\ProgramData\Nero
[24.12.2009|15:35] C:\ProgramData\PC Suite
[25.12.2009|04:33] C:\ProgramData\Spybot - Search & Destroy
[22.12.2009|12:26] C:\ProgramData\Startmenü
[28.01.2010|14:01] C:\ProgramData\TEMP
[22.12.2009|15:17] C:\ProgramData\Ulead Systems
[22.12.2009|12:26] C:\ProgramData\Vorlagen
[23.12.2009|11:28] C:\ProgramData\Winamp Toolbar
[0|Datei(en),] C:\ProgramData\Bytes
[34|Verzeichnis(se),] C:\ProgramData\Bytes frei
--------------------\\ Ordner Verzeichnis unter C:\Program Files
[26.12.2009|03:50] C:\Program Files\7-Zip
[23.12.2009|02:41] C:\Program Files\AC3Filter
[25.12.2009|14:28] C:\Program Files\Activ Software
[18.01.2010|23:36] C:\Program Files\Adobe
[22.12.2009|18:07] C:\Program Files\Alcohol Soft
[22.12.2009|13:49] C:\Program Files\AMD
[20.01.2010|00:54] C:\Program Files\Artisteer 2
[22.12.2009|18:00] C:\Program Files\Ashampoo
[22.12.2009|13:28] C:\Program Files\ATI
[22.12.2009|13:28] C:\Program Files\ATI Technologies
[22.12.2009|14:53] C:\Program Files\Borland
[23.12.2009|01:42] C:\Program Files\Clockgen
[25.12.2009|14:28] C:\Program Files\Common Files
[23.12.2009|01:40] C:\Program Files\Core Temp
[23.12.2009|01:39] C:\Program Files\Cpuz
[23.12.2009|01:11] C:\Program Files\Creative
[24.12.2009|18:43] C:\Program Files\CyberLink
[22.12.2009|16:28] C:\Program Files\DIFX
[22.12.2009|16:19] C:\Program Files\DivX
[17.01.2010|20:21] C:\Program Files\DVBViewer TE2
[22.12.2009|13:55] C:\Program Files\DVD Maker
[23.12.2009|02:22] C:\Program Files\eclipse
[22.12.2009|16:57] C:\Program Files\FlashFXP
[22.12.2009|12:26] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files]
[23.12.2009|01:38] C:\Program Files\Heidsql
[24.12.2009|18:42] C:\Program Files\InstallShield Installation Information
[27.01.2010|21:55] C:\Program Files\Internet Explorer
[22.12.2009|16:40] C:\Program Files\Java
[22.12.2009|14:53] C:\Program Files\JavaSoft
[23.12.2009|03:10] C:\Program Files\Kaspersky Lab
[22.12.2009|16:28] C:\Program Files\K-Lite Codec Pack
[22.12.2009|18:11] C:\Program Files\Lavalys
[28.01.2010|02:22] C:\Program Files\Lavasoft
[22.12.2009|17:00] C:\Program Files\Linearteam
[27.01.2010|12:19] C:\Program Files\Malwarebytes' Anti-Malware
[20.01.2010|16:11] C:\Program Files\Messenger Plus! Live
[22.12.2009|16:50] C:\Program Files\Microsoft
[14.07.2009|09:56] C:\Program Files\Microsoft Games
[23.12.2009|01:40] C:\Program Files\Microsoft GIF Animator
[22.12.2009|14:37] C:\Program Files\Microsoft Office
[27.01.2010|21:54] C:\Program Files\Microsoft Silverlight
[22.12.2009|14:37] C:\Program Files\Microsoft Visual Studio
[22.12.2009|14:36] C:\Program Files\Microsoft Visual Studio 8
[24.12.2009|04:00] C:\Program Files\Microsoft Works
[22.12.2009|14:37] C:\Program Files\Microsoft.NET
[24.12.2009|17:37] C:\Program Files\Mobiola Web Camera for S60
[28.01.2010|16:23] C:\Program Files\Mozilla Firefox
[22.12.2009|14:37] C:\Program Files\MSBuild
[22.12.2009|18:01] C:\Program Files\MSN
[23.12.2009|03:30] C:\Program Files\MSXML 4.0
[18.01.2010|16:39] C:\Program Files\Mumble
[22.12.2009|17:14] C:\Program Files\Nero
[22.12.2009|16:28] C:\Program Files\Nokia
[23.12.2009|01:04] C:\Program Files\OpenAL
[22.12.2009|15:33] C:\Program Files\Opera
[22.12.2009|16:28] C:\Program Files\PC Connectivity Solution
[21.01.2010|14:42] C:\Program Files\ProgDVB
[25.12.2009|20:08] C:\Program Files\ProgDVB6
[23.12.2009|02:44] C:\Program Files\Putty
[22.12.2009|13:30] C:\Program Files\Ray Adams
[22.12.2009|16:12] C:\Program Files\RealVNC
[14.07.2009|05:52] C:\Program Files\Reference Assemblies
[25.12.2009|04:22] C:\Program Files\Safer Networking
[22.12.2009|13:17] C:\Program Files\ScannerU
[25.12.2009|04:23] C:\Program Files\Spybot - Search & Destroy
[19.01.2010|13:50] C:\Program Files\Steam
[02.01.2010|01:51] C:\Program Files\TBANv2
[27.01.2010|11:55] C:\Program Files\Trend Micro
[22.12.2009|15:18] C:\Program Files\Ulead Systems
[14.07.2009|05:53] C:\Program Files\Uninstall Information
[25.12.2009|14:24] C:\Program Files\VideoLAN
[26.01.2010|23:27] C:\Program Files\Winamp
[26.01.2010|23:26] C:\Program Files\Winamp Detect
[27.01.2010|22:39] C:\Program Files\Winamp Toolbar
[22.12.2009|18:17] C:\Program Files\WinAVI Video Converter 9.0
[14.07.2009|09:47] C:\Program Files\Windows Defender
[14.07.2009|09:56] C:\Program Files\Windows Journal
[22.12.2009|16:50] C:\Program Files\Windows Live
[22.12.2009|16:50] C:\Program Files\Windows Live SkyDrive
[14.07.2009|09:47] C:\Program Files\Windows Mail
[25.12.2009|16:38] C:\Program Files\Windows Media Player
[22.12.2009|15:17] C:\Program Files\Windows Media-Komponenten
[22.12.2009|12:26] C:\Program Files\Windows NT
[14.07.2009|09:47] C:\Program Files\Windows Photo Viewer
[14.07.2009|05:52] C:\Program Files\Windows Portable Devices
[22.12.2009|17:13] C:\Program Files\Windows Sidebar
[22.12.2009|15:29] C:\Program Files\WinRAR
[23.12.2009|11:06] C:\Program Files\WOL
[22.12.2009|17:02] C:\Program Files\Zattoo
[0|Datei(en),] C:\Program Files\Bytes
[91|Verzeichnis(se),] C:\Program Files\Bytes frei
--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files
[25.12.2009|14:28] C:\Program Files\Common Files\Activ Software
[19.01.2010|23:28] C:\Program Files\Common Files\Adobe
[22.12.2009|14:51] C:\Program Files\Common Files\Borland Shared
[23.12.2009|01:05] C:\Program Files\Common Files\Creative Labs Shared
[24.12.2009|18:42] C:\Program Files\Common Files\CyberLink
[22.12.2009|14:37] C:\Program Files\Common Files\DESIGNER
[22.12.2009|16:19] C:\Program Files\Common Files\DivX Shared
[22.12.2009|15:15] C:\Program Files\Common Files\InstallShield
[22.12.2009|17:07] C:\Program Files\Common Files\LightScribe
[22.12.2009|17:24] C:\Program Files\Common Files\Macrovision Shared
[24.12.2009|04:00] C:\Program Files\Common Files\microsoft shared
[22.12.2009|17:21] C:\Program Files\Common Files\Nero
[22.12.2009|16:28] C:\Program Files\Common Files\Nokia
[22.12.2009|16:28] C:\Program Files\Common Files\PCSuite
[22.12.2009|16:19] C:\Program Files\Common Files\PX Storage Engine
[14.07.2009|03:37] C:\Program Files\Common Files\Services
[14.07.2009|03:37] C:\Program Files\Common Files\SpeechEngines
[22.12.2009|15:49] C:\Program Files\Common Files\Steam
[22.12.2009|14:35] C:\Program Files\Common Files\System
[22.12.2009|15:17] C:\Program Files\Common Files\Ulead Systems
[22.12.2009|16:46] C:\Program Files\Common Files\Windows Live
[22.12.2009|13:17] C:\Program Files\Common Files\Xerox Shared
[0|Datei(en),] C:\Program Files\Common Files\Bytes
[24|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei
--------------------\\ Process
( 61 Processes )
... OK !
--------------------\\ Ueberpruefung mit S_Lop
Kein Lop Ordner gefunden !
--------------------\\ Suche nach Lop Dateien - Ordnern
C:\Users\~1\AppData\Local\Temp\msgpl_64c4.tmp
C:\Users\~1\AppData\Local\Temp\msgpl_9b4a.tmp
C:\Users\~1\AppData\Local\Temp\msgpl_b8a6.tmp
C:\Users\~1\AppData\Local\Temp\msgpl_e2d1.tmp
C:\Users\~1\AppData\Local\Temp\msgpl_e3f6.tmp
--------------------\\ Suche innerhalb der Registry
..... OK !
--------------------\\ Ueberpruefung der Hosts Datei
Hosts Datei SAUBER
--------------------\\ Suche nach verborgenen Dateien mit Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 22:18:09
Windows 6.1.7600 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
--------------------\\ Suche nach anderen Infektionen
--------------------\\ Cracks & Keygens ..
[F:81][D:133]-> C:\Users\~1\AppData\Local\Temp
[F:84][D:1]-> C:\Users\~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1829][D:5]-> C:\Users\~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:3][D:1]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 28.01.2010|22:19 - Option : [1]
--------------------\\ Scan beendet um 22:19:04
[ UAC => 1 ]
Danke |
|
29.01.2010, 08:01
| #9 | |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Hi, das gefällt mir nicht: Zitat:
Öffne eine Commandline-Shell mit Adminrechten. Am einfachsten Du erstellst eine entsprechende Verknüpfung auf dem Desktop. Ziel der Verknüpfung ist "C:\Windows\System32\cmd.exe". Ausführen als Administrator ankreuzen nicht vergessen... Code:
ATTFilter sfc /scannow
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.01.2010, 11:15
| #10 | |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites @Argus Ja, daher GMER, aber der läuft leider nicht unter win7. Das Rootkit ist bereits aktiv und versucht Komponenten aus der Ukraine: Zitat:
ComboFix läuft auch nicht unter win7... Hmm... Probieren wir ob der TDSS-Killer was findet: http://support.kaspersky.com/de/viru...&qid=207620123 Entpacke ihn in ein Verzeichnis, lege in diesem Verzeichnis eine start.bat an und kopiere folgenden Text in die start.bat rein: Code:
ATTFilter @ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
Danach Dr. Web (der findet auch ab- und an was aus der TDSS-Familie)... http://www.trojaner-board.de/59299-a...eb-cureit.html chris Ps.: Den Namen des Hackers hätte ich auch, bringt nur nix...
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (29.01.2010 um 11:48 Uhr) |
|
29.01.2010, 12:36
| #11 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites So, Erstmals Danke für deine Hilfe! Hätte gerne auch dieses Wissen, um selber so Sachen an zu gehen  Aber nun gut.SFC /scannow hat nichts gefunden was beschädigt sein könnte. War alles ok. Report von Killer: Code:
ATTFilter 12:27:47:369 2980 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
12:27:47:369 2980 ================================================================================
12:27:47:369 2980 SystemInfo:
12:27:47:369 2980 OS Version: 6.1.7600 ServicePack: 0.0
12:27:47:369 2980 Product type: Workstation
12:27:47:369 2980 ComputerName:
12:27:47:369 2980 UserName:
12:27:47:369 2980 Windows directory: C:\Windows
12:27:47:369 2980 Processor architecture: Intel x86
12:27:47:369 2980 Number of processors: 2
12:27:47:369 2980 Page size: 0x1000
12:27:47:369 2980 Boot type: Normal boot
12:27:47:369 2980 ================================================================================
12:27:47:369 2980 UnloadDriverW: NtUnloadDriver error 2
12:27:47:369 2980 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:27:47:369 2980 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
12:27:47:869 2980 UtilityInit: KLMD drop and load success
12:27:47:869 2980 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
12:27:47:869 2980 UtilityInit: KLMD open success
12:27:47:869 2980 UtilityInit: Initialize success
12:27:47:869 2980
12:27:47:869 2980 Scanning Services ...
12:27:47:869 2980 CreateRegParser: Registry parser init started
12:27:47:869 2980 CreateRegParser: DisableWow64Redirection error
12:27:47:869 2980 wfopen_ex: Trying to open file C:\Windows\system32\config\system
12:27:47:869 2980 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
12:27:47:869 2980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:27:47:869 2980 wfopen_ex: Trying to KLMD file open
12:27:47:869 2980 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
12:27:47:869 2980 wfopen_ex: File opened ok (Flags 2)
12:27:47:884 2980 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 1CC14A8
12:27:47:884 2980 wfopen_ex: Trying to open file C:\Windows\system32\config\software
12:27:47:884 2980 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
12:27:47:884 2980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:27:47:884 2980 wfopen_ex: Trying to KLMD file open
12:27:47:884 2980 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
12:27:47:884 2980 wfopen_ex: File opened ok (Flags 2)
12:27:47:900 2980 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 1CC1320
12:27:47:900 2980 CreateRegParser: EnableWow64Redirection error
12:27:47:900 2980 CreateRegParser: RegParser init completed
12:27:49:134 2980 GetAdvancedServicesInfo: Raw services enum returned 504 services
12:27:49:134 2980 ScanTDL2Services: Exact detect SKYNET (h: 0)
12:27:49:134 2980 RegNode HKLM\SYSTEM\ControlSet001\services\SKYNET infected by TDSS rootkit ... 12:27:49:134 2980 will be deleted on reboot
12:27:49:134 2980 DeleteTDL2Service: SafeBoot Minimal doesn't infected
12:27:49:134 2980 DeleteTDL2Service: SafeBoot Network doesn't infected
12:27:49:150 2980 RegNode HKLM\SYSTEM\ControlSet002\services\SKYNET infected by TDSS rootkit ... 12:27:49:150 2980 will be deleted on reboot
12:27:49:150 2980 DeleteTDL2Service: SafeBoot Minimal doesn't infected
12:27:49:150 2980 DeleteTDL2Service: SafeBoot Network doesn't infected
12:27:49:150 2980 File C:\Windows\system32\DRIVERS\SkyNET.SYS infected by TDSS rootkit ... 12:27:49:150 2980 will be deleted on reboot
12:27:49:150 2980 ScanTDL2Services: DeleteEvilService(SKYNET) success
12:27:49:150 2980 ScanTDL2Services: Exact detect SkyNetBDA (h: 0)
12:27:49:150 2980 RegNode HKLM\SYSTEM\ControlSet001\services\SkyNetBDA infected by TDSS rootkit ... 12:27:49:150 2980 will be deleted on reboot
12:27:49:150 2980 DeleteTDL2Service: SafeBoot Minimal doesn't infected
12:27:49:166 2980 DeleteTDL2Service: SafeBoot Network doesn't infected
12:27:49:166 2980 RegNode HKLM\SYSTEM\ControlSet002\services\SkyNetBDA infected by TDSS rootkit ... 12:27:49:166 2980 will be deleted on reboot
12:27:49:166 2980 DeleteTDL2Service: SafeBoot Minimal doesn't infected
12:27:49:166 2980 DeleteTDL2Service: SafeBoot Network doesn't infected
12:27:49:166 2980 File C:\Windows\system32\DRIVERS\SkyNetBDA.sys infected by TDSS rootkit ... 12:27:49:166 2980 will be deleted on reboot
12:27:49:166 2980 ScanTDL2Services: DeleteEvilService(SkyNetBDA) success
12:27:49:166 2980 fclose_ex: Trying to close file C:\Windows\system32\config\system
12:27:49:166 2980 fclose_ex: Trying to close file C:\Windows\system32\config\software
12:27:49:166 2980
12:27:49:166 2980 Scanning Kernel memory ...
12:27:49:166 2980 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
12:27:49:166 2980 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85D22D90
12:27:49:166 2980 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
12:27:49:166 2980
12:27:49:166 2980 DetectCureTDL3: DEVICE_OBJECT: 85D23030
12:27:49:166 2980 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D23030
12:27:49:166 2980 DetectCureTDL3: DEVICE_OBJECT: 85BE5918
12:27:49:166 2980 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85BE5918
12:27:49:166 2980 DetectCureTDL3: DEVICE_OBJECT: 85BC2030
12:27:49:166 2980 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85BC2030
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85BC2030[0x38]
12:27:49:166 2980 DetectCureTDL3: DRIVER_OBJECT: 85F3C268
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85F3C268[0xA8]
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85BC1030[0x38]
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85BAB598[0xA8]
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x84F4D208[0x1A]
12:27:49:166 2980 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
12:27:49:166 2980 DetectCureTDL3: IrpHandler (0) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (1) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (2) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (3) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (4) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (5) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (6) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (7) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (8) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (9) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (10) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (11) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (12) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (13) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (14) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (15) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (16) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (17) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (18) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (19) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (20) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (21) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (22) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (23) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (24) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (25) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: IrpHandler (26) addr: 85C4C618
12:27:49:166 2980 DetectCureTDL3: All IRP handlers pointed to one addr: 85C4C618
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85C4C618[0x400]
12:27:49:166 2980 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
12:27:49:166 2980 Driver "atapi" Irp handler infected by TDSS rootkit ... 12:27:49:166 2980 KLMD_WriteMem: Trying to WriteMemory 0x85C4C67D[0xD]
12:27:49:166 2980 cured
12:27:49:166 2980 KLMD_ReadMem: Trying to ReadMemory 0x85C4C4BF[0x400]
12:27:49:166 2980 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
12:27:49:166 2980 Driver "atapi" StartIo handler infected by TDSS rootkit ... 12:27:49:166 2980 TDL3_StartIoHookCure: Number of patches 1
12:27:49:166 2980 KLMD_WriteMem: Trying to WriteMemory 0x85C4C5B6[0x6]
12:27:49:166 2980 cured
12:27:49:166 2980 TDL3_FileDetect: Processing driver: atapi
12:27:49:166 2980 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
12:27:49:166 2980 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys
12:27:49:181 2980 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected
12:27:49:181 2980 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 12:27:49:181 2980 TDL3_FileCure: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
12:27:49:587 2980 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys:21584, checking..
12:27:49:603 2980 ValidateDriverFile: Stage 1 passed
12:27:49:603 2980 ValidateDriverFile: Stage 2 passed
12:27:49:681 2980 DigitalSignVerifyByHandle: Embedded DS result: 00000000
12:27:49:681 2980 ValidateDriverFile: Stage 3 passed
12:27:49:681 2980 FileCallback: File validated successfully, restore information prepared
12:27:50:697 2980 FindDriverFileBackup: Backup copy found in DriverStore
12:27:50:697 2980 TDL3_FileCure: Backup copy found, using it..
12:27:50:712 2980 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk4085.tmp
12:27:50:884 2980 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk4085.tmp, system32\drivers\atapi.sys)
12:27:50:900 2980 TDL3_FileCure: KLMD jobs schedule success
12:27:50:900 2980 will be cured on next reboot
12:27:50:900 2980 UtilityBootReinit: Reboot required for cure complete..
12:27:50:900 2980 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
12:27:50:916 2980 UtilityBootReinit: KLMD drop success
12:27:50:916 2980 KLMD_ApplyPendList: Pending buffer(5A26_3D52, 1424) dropped successfully
12:27:50:916 2980 UtilityBootReinit: Cure on reboot scheduled successfully
12:27:50:916 2980
12:27:50:916 2980 Completed
12:27:50:916 2980
12:27:50:916 2980 Results:
12:27:50:916 2980 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
12:27:50:916 2980 Registry objects infected / cured / cured on reboot: 4 / 0 / 4
12:27:50:916 2980 File objects infected / cured / cured on reboot: 3 / 0 / 3
12:27:50:916 2980
12:27:50:916 2980 UnloadDriverW: NtUnloadDriver error 1
12:27:50:916 2980 KLMD_Unload: UnloadDriverW(klmd21) error 1
12:27:50:931 2980 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
12:27:50:931 2980 UtilityDeinit: KLMD(ARK) unloaded successfully
|
|
29.01.2010, 14:19
| #12 | |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Hi, hast Du neu gebootet? TDSS ist wie vermutet auf dem Rechner aktiv... Zitat:
chris chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.01.2010, 16:47
| #13 |
| | Windows 7 rätselhafte popups und weiterleitung auf andre Websites Also wurde was gefunden? Ähm ja nach dem TDSS wurde neu rebootet. Boot Cd ist vorhanden sowie eine Linux Live CD. Dr Web läuft schon seit 4h durch bisher noch nichts gefunden, aber hat auch noch über die hälfte vorsich zu scannen  |
|
29.01.2010, 21:25
| #14 | |
| | Windows 7 rätselhafte popups und weiterleitung auf andre WebsitesZitat:
ALso ich hoffe das es jetzt behoben ist. Grüße und Vielen Vielen Dank Chris und ans Board Ps Wenn noch was sein sollte melde ich mich SkyX |
|
| Themen zu Windows 7 rätselhafte popups und weiterleitung auf andre Websites |
| adobe, bho, blockiert, browser, firefox, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, langsam, logfile, malwarebytes' anti-malware, mozilla, object, pdf-datei, plug-in, programdata, scan, security, senden, software, system, tastatur, trojaner, trojaner board, virus, werbesites, windows, windows 7 ultimate |
Linear-Darstellung
