| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit.Win32.TDSS.d - und Firefox friert einWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.02.2010, 14:15
| #1 |
 |  Rootkit.Win32.TDSS.d - und Firefox friert ein Hallo, ich brauche eure Hilfe bei 2 Problemen. Ich benutze Windows Vista Home Premium, Service Pack 2. Virenschutz: Kaspersky 1) Rootkit.Win32.TDSS.d Seit einigen Wochen findet mein Kaspersky den Rootkit.Win32.TDSS.d. Er führt dann auf Anfrage einen Desinfektionsvorgang durch und es ist wieder ein paar Tage Ruhe, dann erfolgt dasselbe Spielchen. Online-Scans lässt mich der PC nicht durchführen. Windows-Explorer schließt sich einfach und Firefox friert ein. Ich habe versucht mit GMER und Sophos zu prüfen: die Programme haben sich geschlossen bzw. aufgehängt. CCleaner durchgeführt, bis keine Fehler mehr gefunden wurden. Malewarebytes: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3769 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.02.2010 13:41:57 mbam-log-2010-02-21 (13-41-57).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 429789 Laufzeit: 1 hour(s), 14 minute(s), 48 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Peter\Sammelordner\FarCry2\dvt-fc2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\Niki\Far Cry 2\bin\dvt-fc2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Advantage\AdVantageupdate.exe (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully. C:\Users\Kids\Desktop\CtrlCenter.LNK (Rogue.ControlCenter) -> Quarantined and deleted successfully. RSIT: log.txt: Logfile of random's system information tool 1.06 (written by random/random) Run by Sabine at 2010-02-21 13:49:19 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 75 GB (31%) free of 239 GB Total RAM: 3070 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:49:31, on 21.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe D:\PETER\Ashampoo UnInstaller 3\UIWatcher.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Sabine\Downloads\RSIT.exe C:\Program Files\trend micro\Sabine.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [UIWatcher] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAF4827-2491-4EFE-B123-B8872DA8E2AE}: NameServer = 192.168.0.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HVHU - Sysinternals - www.sysinternals.com - C:\Users\***\AppData\Local\Temp\HVHU.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IJZXAME - Sysinternals - www.sysinternals.com - C:\Users\***\AppData\Local\Temp\IJZXAME.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XDEKKDKAB - Sysinternals - www.sysinternals.com - C:\Users\***\AppData\Local\Temp\XDEKKDKAB.exe -- End of file - 10274 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-04 312880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-12-27 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908] "eRecoveryService"= [] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-27 30192] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "UIWatcher"=D:\***\Ashampoo UnInstaller 3\UIWatcher.exe [2009-02-23 3508568] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-04-25 319488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-25 34040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-04-25 319488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] C:\Program Files\Windows Live\Family Safety\fssui.exe -autorun [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-05-04 161328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2008-01-29 4911104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smash] C:\Program Files\SoftMaker Office 2006 (Trial)\Smash.exe [2006-08-03 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-16 2000112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe [2009-02-23 3508568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2005-05-23 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload] d:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-06 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-04-12 341488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2006-02-23 278528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-02-21 13:49:20 ----D---- C:\Program Files\trend micro 2010-02-21 13:49:19 ----D---- C:\rsit 2010-02-21 12:24:15 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-02-21 12:24:07 ----D---- C:\ProgramData\Malwarebytes 2010-02-21 12:24:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-21 11:09:46 ----D---- C:\Program Files\CCleaner 2010-02-13 01:00:10 ----RD---- C:\Program Files\Skype 2010-02-02 18:48:17 ----D---- C:\Program Files\iPod 2010-02-02 18:48:10 ----D---- C:\Program Files\iTunes 2010-02-02 18:44:49 ----D---- C:\Program Files\QuickTime ======List of files/folders modified in the last 1 months====== 2010-02-21 13:49:21 ----D---- C:\Windows\Temp 2010-02-21 13:49:20 ----RD---- C:\Program Files 2010-02-21 13:48:49 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-02-21 13:48:32 ----D---- C:\ProgramData\Kaspersky Lab 2010-02-21 13:48:24 ----D---- C:\Windows\Tasks 2010-02-21 13:46:37 ----D---- C:\Windows 2010-02-21 13:44:47 ----D---- C:\Windows\system32\drivers 2010-02-21 13:44:47 ----D---- C:\Windows\Acer_Normal 2010-02-21 12:24:16 ----D---- C:\Windows\Prefetch 2010-02-21 12:24:07 ----HD---- C:\ProgramData 2010-02-21 12:20:28 ----D---- C:\Windows\Debug 2010-02-21 12:19:08 ----D---- C:\Windows\System32 2010-02-21 12:19:08 ----D---- C:\Windows\inf 2010-02-21 12:19:08 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-21 11:43:58 ----SHD---- C:\System Volume Information 2010-02-21 11:00:51 ----D---- C:\Windows\system32\catroot2 2010-02-18 19:47:30 ----D---- C:\Users\***\AppData\Roaming\dvdcss 2010-02-17 17:09:01 ----A---- C:\Windows\Pex.INI 2010-02-17 17:08:56 ----A---- C:\Windows\Ulead32.ini 2010-02-17 08:46:36 ----SHD---- C:\Windows\Installer 2010-02-17 08:13:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-17 08:12:23 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-02-15 23:12:20 ----A---- C:\Windows\NeroDigital.ini 2010-02-15 22:58:39 ----AD---- C:\ProgramData\TEMP 2010-02-13 01:00:10 ----D---- C:\ProgramData\Skype 2010-02-13 00:59:53 ----D---- C:\ProgramData\Google Updater 2010-02-13 00:00:35 ----D---- C:\Program Files\Mozilla Firefox 2010-02-06 18:38:43 ----D---- C:\Program Files\Google 2010-02-02 18:48:15 ----D---- C:\Program Files\Common Files\Apple 2010-01-28 14:19:42 ----D---- C:\Program Files\Metin2_Germany ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [2002-07-17 16877] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-20 239120] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-13 281760] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-04-25 15392] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-13 25888] R2 PSDNServ;PSDNServ; C:\Windows\system32\drivers\PSDNServ.sys [2008-03-04 16944] R2 psdvdisk;PSDVdisk; C:\Windows\system32\drivers\psdvdisk.sys [2008-03-04 60464] R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2008-02-25 14544] R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2008-02-25 6080] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-12-29 47360] R3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496] S3 aaiarsx0;aaiarsx0; C:\Windows\system32\drivers\aaiarsx0.sys [] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\A90A.tmp [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752] R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-16 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-16 107832] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032] S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-10-14 69120] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-27 30192] S3 HVHU;HVHU; C:\Users\***\AppData\Local\Temp\HVHU.exe [2010-01-01 555904] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 IJZXAME;IJZXAME; C:\Users\***\AppData\Local\Temp\IJZXAME.exe [2010-01-01 433024] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 XDEKKDKAB;XDEKKDKAB; C:\Users\***\AppData\Local\Temp\XDEKKDKAB.exe [2010-01-01 412544] -----------------EOF----------------- info.txt: info.txt logfile of random's system information tool 1.06 2010-02-21 13:49:33 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} -->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA} -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->F:\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} 4Story 1.2-->"D:\Program Files\Gameforge4D\4Story\unins000.exe" Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe" Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\setup.exe" -uninstall Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\setup.exe" -uninstall Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\setup.exe" -uninstall Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} Amelie's Restaurant-->"C:\Program Files\Amelie's Restaurant\Uninstall.exe" ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\Setup.exe" -runfromtemp -l0x0007 -removeonly AoA DVD Ripper-->"d:\Program Files\AoA DVD Ripper\UI.exe" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AquaSoft PhotoKalender 2-->"C:\ProgramData\{65084B98-987D-44AB-B6F9-8D5816F53B2E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE AquaSoft PhotoKalender 2-->C:\ProgramData\{65084B98-987D-44AB-B6F9-8D5816F53B2E}\Setup.exe ArtMoney SE v7.31-->"D:\PETER\ArtMoney\Uninstall\unins000.exe" Ashampoo Burning Studio 2009 Advanced-->"D:\PETER\Ashampoo Burning Studio 2009 Advanced\unins000.exe" Ashampoo UnInstaller 3.12-->"D:\PETER\Ashampoo UnInstaller 3\unins000.exe" Ashampoo WinOptimizer 2009 Advanced-->"D:\PETER\Ashampoo WinOptimizer 2009 Advanced\unins000.exe" Avidemux 2.4-->d:\Program Files\Avidemux 2.4\uninstall.exe AVS Video Converter 6-->"D:\PETER\components\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log" Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bookworm Deluxe-->"C:\Program Files\Bookworm Deluxe\Uninstall.exe" CABAL Online-->"D:\Program Files\Gameforge4D\CABAL Online\unins000.exe" Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log" Canon iP4500 series Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP4500 series\UNINST.EXE Canon iP4500 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series /L0x0007 Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application City Life-->C:\Users\Peter\City Life\uninst.exe CloneCD-->"d:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="d:\Program Files\SlySoft\CloneCD" CloneDVD2-->"d:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="d:\Program Files\Elaborate Bytes\CloneDVD2" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Cradle of Rome-->"C:\Program Files\Cradle of Rome\Uninstall.exe" Dark Project: Der Meisterdieb-->C:\Windows\IsUn0407.exe -fd:\niki\thiefalphaIIu.log Direkt Foto System 3.x-->"C:\Program Files\DirektFotoSystem3\unins001.exe" DirektFotoSystem2-->"C:\Program Files\DirektFotoSystem3\unins000.exe" DivX Codec-->F:\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->F:\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->F:\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->F:\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->F:\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVDFab 6.0.2.2 (June 26, 2009)-->"d:\Program Files\DVDFab 6\unins000.exe" EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly Enchanted Katya and the Mystery of the Lost Wizard-->"C:\Program Files\Enchanted Katya and the Mystery of the Lost Wizard\Uninstall.exe" Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly Fantastic Farm-->"C:\Program Files\Fantastic Farm\Uninstall.exe" Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0007 -removeonly Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} Farm Frenzy 2-->"C:\Program Files\Farm Frenzy 2\Uninstall.exe" Farm Frenzy 3-->"C:\Program Files\Farm Frenzy 3\Uninstall.exe" Farm Frenzy Pizza Party-->"C:\Program Files\Farm Frenzy Pizza Party\Uninstall.exe" Farm Frenzy-->"C:\Program Files\Farm Frenzy\Uninstall.exe" Farm Mania-->"C:\Program Files\Bluefish Games\Farm Mania\Uninstall.exe" "C:\Program Files\Bluefish Games\Farm Mania\install.log" -u Free Registry Cleaner for Vista 1.0-->"C:\Program Files\Free Registry Cleaner for Vista\unins000.exe" Google Apps-->MsiExec.exe /I{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E} Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Haunted Hotel II: Glaube den Lügen-->"C:\Program Files\Haunted Hotel II - Glaube den Luegen\Uninstall.exe" Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IKEA Home Planner-->MsiExec.exe /I{AFA9D219-A7FD-4240-8793-E5C7C9D715F4} InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0} InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61} Jane`s Hotel: Family Hero-->"C:\Program Files\Jane`s Hotel - Family Hero\Uninstall.exe" Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jewel Quest 3 de-->"D:\Program Files\Jewel Quest 3\unins000.exe" Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kernel for Excel ver 7.05.01-->"C:\Program Files\Kernel for Excel Demo\unins000.exe" Legend of Aladdin-->"C:\Program Files\Legend of Aladdin\Uninstall.exe" Mahjong Match-->"C:\Program Files\Mahjong Match\Uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F} Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840407-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3} MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->D:\PETER\uninstall\helper.exe MP3 and WAV Solutions 1-->C:\Windows\cadkasdeinst01.exe "d:\Program Files\MP3 and WAV Solutions 1\" MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Mystery Case Files: Rückkehr nach Ravenhearst ™-->"C:\Program Files\Mystery Case Files - Rueckkehr nach Ravenhearst\Uninstall.exe" Mystery Case Files: Ravenhearst -->"C:\Program Files\Mystery Case Files - Ravenhearst\Uninstall.exe" Mystic Inn-->"C:\Program Files\Mystic Inn\Uninstall.exe" NAVIGON Fresh 1.6.2-->C:\Program Files\NAVIGON\NAVIGON Fresh\uninst.exe Nero 7 Essentials-->MsiExec.exe /X{F61DD673-0030-4BB2-A382-7E57E97F1031} Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D} Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500} Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5} Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647} Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881} Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255} Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414} Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395} Nokia Software Launcher-->MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06} Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29} NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407 NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407 OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260} PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE} PG583_32_inf-->MsiExec.exe /I{C49624DD-C504-4279-B9E0-65A2EB6E1619} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Recovery for Excel-->MsiExec.exe /X{38E15A1C-9C7C-4D8B-AA7A-1DD7BE30ADBB} Season Match 2-->"C:\Program Files\Season Match 2\Uninstall.exe" Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager" Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SLOW-PCfighter-->C:\Program Files\Fighters\SLOW-PCfighter\Uninstall.exe SLOW-PCfighter-->MsiExec.exe /X{4B0FC327-BBC9-4184-BCF2-DA0FD18AF7E4} SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u TextMaker 2006 (Trial) (C:\Program Files\SoftMaker Office 2006 (Trial))-->C:\Users\***\AppData\Roaming\SoftMaker\smun3250.exe sm-un1.u32 The Mystery of the Crystal Portal-->"C:\Program Files\The Mystery of the Crystal Portal\Uninstall.exe" Ulead FotoBrennerei 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F6199F9-9BED-4B43-9E5C-8495086EE714}\setup.exe" -l0x7 Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" Ulead Photo Explorer 8.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x7 Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x7 Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0407 Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Farm-->"C:\Program Files\Virtual Farm\Uninstall.exe" Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Windows Live Fotogalerie-->MsiExec.exe /X{A1D08B90-AE1A-4885-AC29-731496FD397E} Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\omnitv.inf_0f87386d\omnitv.inf XMedia Recode 2.1.0.3-->d:\Program Files\XMedia Recode\uninst.exe Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" Youda Farmer-->"C:\Program Files\Youda Farmer\Uninstall.exe" ======Hosts File====== 127.0.0.1 localhost ::1 localhost ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Heim-PC Event Code: 7036 Message: Dienst "Windows Update" befindet sich jetzt im Status "Beendet". Record Number: 324928 Source Name: Service Control Manager Time Written: 20091226193055.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 1074 Message: Der Prozess C:\Windows\system32\shutdown.exe (HEIM-PC) hat den/das Neustart von Computer HEIM-PC für Benutzer Heim-PC\*** aus folgendem Grund initialisiert: Kein Titel für den Grund Begründungscode: 0x800000ff Herunterfahrtyp: Neustart Kommentar: Record Number: 324927 Source Name: USER32 Time Written: 20091226193044.000000-000 Event Type: Informationen User: Heim-PC\*** Computer Name: Heim-PC Event Code: 7036 Message: Dienst "Anwendungsinformationen" befindet sich jetzt im Status "Ausgeführt". Record Number: 324926 Source Name: Service Control Manager Time Written: 20091226191745.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 26 Message: Anwendungspopup: gothic3.exe - Einsprungpunkt nicht gefunden: Der Prozedureinsprungpunkt "?MakeSummeryItemGrowSnapshot@bCMemoryAdmin@@QAEXXZ" wurde in der DLL "SharedBase.dll" nicht gefunden. Record Number: 324925 Source Name: Application Popup Time Written: 20091226191317.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 7036 Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt". Record Number: 324924 Source Name: Service Control Manager Time Written: 20091226191240.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Heim-PC Event Code: 0 Message: Record Number: 57181 Source Name: Capture Device Service Time Written: 20090614083617.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 1 Message: Record Number: 57180 Source Name: Bonjour Service Time Written: 20090614083617.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 902 Message: Der Softwarelizenzierungsdienst wurde gestartet. Record Number: 57179 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090614083608.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 1005 Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0 Record Number: 57178 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090614083608.000000-000 Event Type: Informationen User: Computer Name: Heim-PC Event Code: 1003 Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen. Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f Lizenzierungsstatus= {1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]} {1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]} {1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]} {1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]} {1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]} {1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]} {1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]} {1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]} {1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]} {1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]} Record Number: 57177 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090614083608.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Heim-PC Event Code: 5024 Message: Der Windows-Firewalldienst wurde erfolgreich gestartet. Record Number: 92928 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091004074535.676967-000 Event Type: Überwachung erfolgreich User: Computer Name: Heim-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-0-0 Kontoname: - Kontodomäne: - Anmelde-ID: 0x0 Anmeldetyp: 3 Neue Anmeldung: Sicherheits-ID: S-1-5-7 Kontoname: ANONYMOUS-ANMELDUNG Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x2b33f Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x0 Prozessname: - Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: NtLmSsp Authentifizierungspaket: NTLM Übertragene Dienste: - Paketname (nur NTLM): NTLM V1 Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 92927 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091004074535.614567-000 Event Type: Überwachung erfolgreich User: Computer Name: Heim-PC Event Code: 5033 Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet. Record Number: 92926 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091004074535.021763-000 Event Type: Überwachung erfolgreich User: Computer Name: Heim-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 92925 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091004074534.896962-000 Event Type: Überwachung erfolgreich User: Computer Name: Heim-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: HEIM-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2f0 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 92924 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091004074534.896962-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;d:\Program Files\Ulead Systems\Ulead Pocket DV Show MCE\1.0;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6b02 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64 "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "HellgateEnv"=D:\Program Files\Flagship Studios\Hellgate London\ "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- 2) Firefox Seit ca. 2 Wochen habe ich ein Problem mit meinem Firefox. Er lässt mich bestimmte Seiten nicht öffnen und stürzt dann ab oder friert ein. Ich muss dann im Task-Manager den Firefox-Prozess beenden und den FF neu starten. Ich habe laut Anleitung im Internet den FF im abgesicherten Modus gestartet, alle Add-Ons und Plugins deaktiviert, schrittweise jedes wieder aktiviert … das Problem blieb bei allem bestehen. Ich hoffe, ihr könnt mir weiterhelfen. Im vor aus schon mal Danke. LG Sitara |
|
22.02.2010, 16:53
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rootkit.Win32.TDSS.d - und Firefox friert ein Hallo und
__________________ Zitat:
Zitat:
Wenn eine Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ |
|
23.02.2010, 17:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Hattest Du mal die Daemon-Tools installiert oder ein anderes Programm für virtuelle CD-Laufwerke? Mach bitte auch ein Log mit GMER und poste es.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.02.2010, 19:15
| #5 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Laut meinem Sohn hat er mal Daemon-Tools installiert. GMER-Ergebnis: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-23 19:08:00 Windows 6.0.6002 Service Pack 2 Running: txd0mgyj.exe; Driver: C:\Users\***\AppData\Local\Temp\kgtdipoc.sys ---- System - GMER 1.0.15 ---- INT 0x61 ? 86790BF8 INT 0x71 ? 86790BF8 INT 0x81 ? 86790BF8 INT 0x82 ? 88266BF8 INT 0x91 ? 88266BF8 INT 0x92 ? 88266BF8 INT 0x92 ? 88266BF8 INT 0x92 ? 88266BF8 INT 0xA1 ? 88266BF8 INT 0xA1 ? 88266BF8 INT 0xA1 ? 88266BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spiq.sys Das System kann den angegebenen Pfad nicht finden. ! .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x83E7D000] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C07000, 0x1F875A, 0xE8000020] .text USBPORT.SYS!DllUnload 845B041B 5 Bytes JMP 882661D8 .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA25BC300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x91C07300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[704] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\system32\winlogon.exe[748] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\system32\services.exe[808] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\system32\lsass.exe[820] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\system32\lsm.exe[828] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text ... .text C:\Windows\Explorer.EXE[3352] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7620B364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL} .text C:\Windows\Explorer.EXE[3352] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\system32\taskeng.exe[3400] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Program Files\Windows Defender\MSASCui.exe[3608] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Windows\RtHDVCpl.exe[3632] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text C:\Program Files\iTunes\iTunesHelper.exe[3792] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL} .text ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74917817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7496A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7491BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7490F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7490E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74948395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7491DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7490FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7490FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7499CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7493C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7490D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74906853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7490687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74912AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Windows\Explorer.EXE[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT D:\***\Ashampoo UnInstaller 3\UIWatcher.exe[3908] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [0042F858] D:\***\Ashampoo UnInstaller 3\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG) IAT C:\Program Files\Skype\Phone\Skype.exe[3996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Skype\Phone\Skype.exe[3996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Skype\Phone\Skype.exe[3996] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) IAT C:\Program Files\Skype\Phone\Skype.exe[3996] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 871241F8 Device \Driver\volmgr \Device\VolMgrControl 867921F8 Device \Driver\usbohci \Device\USBPDO-0 868EA1F8 Device \Driver\usbohci \Device\USBPDO-1 868EA1F8 Device \Driver\usbehci \Device\USBPDO-2 881EA1F8 Device \Driver\usbohci \Device\USBPDO-3 868EA1F8 Device \Driver\PCI_PNP4302 \Device\00000054 spiq.sys Device \Driver\usbohci \Device\USBPDO-4 868EA1F8 AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbehci \Device\USBPDO-5 881EA1F8 Device \Driver\usbohci \Device\USBPDO-6 868EA1F8 Device \Driver\USBSTOR \Device\00000070 887E21F8 Device \Driver\volmgr \Device\HarddiskVolume1 867921F8 Device \Driver\USBSTOR \Device\00000071 887E21F8 Device \Driver\volmgr \Device\HarddiskVolume2 867921F8 Device \Driver\cdrom \Device\CdRom0 868EB1F8 Device \Driver\USBSTOR \Device\00000072 887E21F8 Device \Driver\volmgr \Device\HarddiskVolume3 867921F8 Device \Driver\cdrom \Device\CdRom1 868EB1F8 Device \Driver\atapi \Device\Ide\IdePort0 871231F8 Device \Driver\atapi \Device\Ide\IdePort1 871231F8 Device \Driver\atapi \Device\Ide\IdePort2 871231F8 Device \Driver\atapi \Device\Ide\IdePort3 871231F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 871231F8 Device \Driver\USBSTOR \Device\00000073 887E21F8 Device \Driver\volmgr \Device\HarddiskVolume4 867921F8 Device \Driver\volmgr \Device\HarddiskVolume5 867921F8 Device \Driver\volmgr \Device\HarddiskVolume6 867921F8 Device \Driver\volmgr \Device\HarddiskVolume7 867921F8 Device \Driver\netbt \Device\NetBt_Wins_Export 88917500 Device \Driver\Smb \Device\NetbiosSmb 88939500 Device \Driver\iScsiPrt \Device\RaidPort0 882931F8 AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbohci \Device\USBFDO-0 868EA1F8 Device \Driver\sptd \Device\3910298316 spiq.sys Device \Driver\usbohci \Device\USBFDO-1 868EA1F8 Device \Driver\usbehci \Device\USBFDO-2 881EA1F8 Device \Driver\USBSTOR \Device\0000006f 887E21F8 Device \Driver\usbohci \Device\USBFDO-3 868EA1F8 Device \Driver\usbohci \Device\USBFDO-4 868EA1F8 Device \Driver\usbehci \Device\USBFDO-5 881EA1F8 Device \Driver\usbohci \Device\USBFDO-6 868EA1F8 Device \Driver\amiyu878 \Device\Scsi\amiyu8781Port5Path0Target0Lun0 882AF1F8 Device \Driver\amiyu878 \Device\Scsi\amiyu8781 882AF1F8 Device \FileSystem\cdfs \Cdfs 893C31F8 Device \Driver\00001235 -> \Driver\atapi \Device\Harddisk0\DR0 888F0E07 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1069d9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1069d9@001beec1aba6 0x76 0xBF 0x40 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1069d9@0021fcec4709 0x56 0x6A 0xDA 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1069d9@00180fd525db 0xD0 0xDA 0xE1 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1069d9@001a1617a848 0xA0 0x42 0x0C 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x68 0x1B 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x9F 0x96 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x48 0x53 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x27 0x64 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x97 0x08 0x90 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0xC6 0xA7 0x5F ... Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\0009dd1069d9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\0009dd1069d9@001beec1aba6 0x76 0xBF 0x40 0x6E ... Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\0009dd1069d9@0021fcec4709 0x56 0x6A 0xDA 0x6A ... Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\0009dd1069d9@00180fd525db 0xD0 0xDA 0xE1 0x93 ... Reg HKLM\SYSTEM\ControlSet028\Services\BTHPORT\Parameters\Keys\0009dd1069d9@001a1617a848 0xA0 0x42 0x0C 0xE4 ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x68 0x1B 0xDA ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x9F 0x96 0xEF ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x48 0x53 0xE6 ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x27 0x64 0xBB ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x97 0x08 0x90 0x68 ... Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0xC6 0xA7 0x5F ... ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Gruß Sabine |
|
24.02.2010, 20:15
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Dachte ich mir, dass die Daemontools installiert wurden  Zitat:
PartedMagic 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 90 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partition wo Windows installiert ist, meistens isses /dev/sda1 6. Benenne auf sda1 die Datei /windows/system32/drivers/atapi.sys um in atapi.bad 7. Kopiere die saubere atapi.sys in den Pfad hinein (/windows/system32/drivers) (müsste eigentlich alles ganz easy über den graphischen Dateibowser in Linux gehen) 8. Starte den Rechner neu und boote Windows 9. Die in Linux umbenannte Datei (atapi.bad in system32\drivers) bei Virustotal.com auswerten lassen und Ergebnislink posten 10. Einen neuen Durchlauf mit GMER machen und Log posten
__________________ --> Rootkit.Win32.TDSS.d - und Firefox friert ein |
|
25.02.2010, 15:33
| #7 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Habe mir die beiden Dateien runtergeladen und kam auch bis zum Linux-Bildschirm, aber ich kann die atapi.sys nicht in atapi.bad umbenennen, das lässt er mich nicht. Ws kann ich tun? LG Sabine |
|
26.02.2010, 00:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Kann nicht sein. Fehlermeldung?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2010, 06:54
| #9 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Nicht wirklich eine Fehlermeldung. In dem Fenster, in dem ich die Endung auf "bad" ändere und auf OK klicke, schreibt er "Operation not permitted" Grüße Sabine |
|
28.02.2010, 17:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Das ist eigentlich nicht möglich, der Fehlermeldung nach, hast Du dazu nicht alle Rechte. Ich habe bisher schon einige Male hier solche Anweisungen mit PartedMagic gegeben aber noch nie war das Problem wie bei Dir. Hast Du Dich wirklich komplett an die Anleitung gehalten?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2010, 17:59
| #11 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Generell nützen diesen PC mein Mann und ich und abundzu eins meiner Kinder, d.h. ich habe eigentlich alle Rechte. An die Anleitung hab ich mich komplett gehalten. Bei Parted Magic kam vorher noch ein Bildschirm in dem ich "Xvesa Start the LXDE desktop environment using xvesa" angeklickt hab, da das erst mit "Xorg ...." nicht ging. Gruß Sabine |
|
28.02.2010, 18:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Probier das bitte nochmal aus. Unter dem PartedMagic hat man normalerweise immer Schreibrechte auch auf Windows-Partitionen, deswegen vermute ich irgendeinen Bedienfehler. Hast Du eine Vista-DVD für den Fall der Fälle da? Eine ganz normale Vista-Installations-DVD, kein Recovery-Medium.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2010, 23:27
| #13 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Ich hab leider keine Vista-DVD, nur Recovery, ist ein vorinstallierter PC. Ich probiere PartedMagic morgen nochmals aus. Gruß Sabine |
|
03.03.2010, 19:17
| #14 |
| | Rootkit.Win32.TDSS.d - und Firefox friert ein Hallo, also ich hab das ganze nochmals probiert, in sda1 bekam ich immer die Meldung, dass ich nicht berechtigt bin. Ich habs jetzt in sda2 probiert, da ging das Umbenennen und einfügen der neuen Datei. Leider lässt mich der PC die atapi.bad-Datei nicht bei Virustotal hochladen, ich habe keine Berechtigung dazu :-( ... und mein Kaspersky springt an und sagt mir, dass in dieser Datei der Rootkit steckt. Soll ich trotzdem mit GMER prüfen? Gruß Sabine |
|
03.03.2010, 19:22
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Win32.TDSS.d - und Firefox friert ein Ach, nun glaub ich auch zu wissen, warum das mit sda1 nicht ging. sda1 = 1. Partition der 1. Platte sda2 = 2. Partition der 1. Platte Wahrscheinlich ist Dein Vista (also Laufwerk C auf sda2. Konntest Du denn die atapi.sys dahin kopieren, wo nun die atapi.bad liegt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rootkit.Win32.TDSS.d - und Firefox friert ein |
| 1.exe, abgesicherten modus, ashampoo uninstaller, bestimmte seiten, bho, browser, components, desktop, device driver, enigma, error, excel, fehler, firefox, flash player, fontcache, frage, gservice, gupdate, hdaudio.sys, hijack, hijackthis, home, home premium, install.exe, installation, internet security, jusched.exe, local\temp, metin2, mozilla, msiexec, msiexec.exe, nicht gefunden, nicht öffnen, programdata, realtek, registrierungsschlüssel, registry, registry cleaner, rootkit.win32.tdss.d, rundll, security, software, start menu, starten., svchost.exe, system, torrent.exe, trojan.downloader, uleadburninghelper, video converter, vista, vlc media player, windows, windows vista home, windows-explorer |
Linear-Darstellung
