|
Antiviren-, Firewall- und andere Schutzprogramme: Links öffnen sich automatischWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
18.07.2010, 18:18 | #1 |
| Links öffnen sich automatisch Wenn ich im Browser bin öffnen sich nach einer bestimmten zeit von selbst illegale seiten. Es passiert aber auch wenn ich auf eine seite gehen will,das er mich Automatisch auf eine illegale seite bringt (nich immer aber aber oft) Und es gibt da noch ein problem wenn ich auf die seite hxxp://Drei.to gehe kommt da immer so eine grafik das ich Trojaner und sonst was hätte.Es ist aber auch schon in anderen seiten passiert blos mir fallen gerade keine ein Hoffe ihr könnt mir helfen Habe auch schon mit Malwarebytes,RSIT,HJT gescannt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4323 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 18.07.2010 17:53:54 mbam-log-2010-07-18 (17-53-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 229757 Laufzeit: 1 Stunde(n), 8 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier RSIT RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-07-18 18:40:28 Microsoft® Windows Vista™ Ultimate Service Pack 1 System drive C: has 280 GB (93%) free of 300 GB Total RAM: 511 MB (17% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:40:46, on 18.07.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Users\Administrator\Downloads\RSIT.exe C:\Program Files\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing) -- End of file - 3360 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704] "C-Media Speaker Configuration"=C:\PROGRA~1\C-Media\WIN_ME\Setup.exe [2003-01-10 864256] "Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752] "AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2009-05-07 1904640] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-07-18 18:40:28 ----D---- C:\rsit 2010-07-18 17:59:37 ----D---- C:\Program Files\trend micro 2010-07-16 20:51:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-07-16 20:51:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-07-16 20:51:16 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-07-15 13:33:09 ----D---- C:\Program Files\Winamp Detect 2010-07-15 13:32:45 ----D---- C:\Users\Administrator\AppData\Roaming\Winamp 2010-07-15 13:32:45 ----D---- C:\Program Files\Winamp 2010-07-15 10:18:51 ----D---- C:\Program Files\Common Files\Skype 2010-07-11 22:20:54 ----D---- C:\Users\Administrator\AppData\Roaming\vlc 2010-07-11 22:19:45 ----D---- C:\Program Files\VideoLAN 2010-07-11 22:16:33 ----D---- C:\Users\Administrator\AppData\Roaming\FreeVideoConverter 2010-07-11 22:09:03 ----A---- C:\Windows\system32\devil.dll 2010-07-11 22:09:03 ----A---- C:\Windows\system32\avisynth.dll 2010-07-11 22:09:01 ----A---- C:\Windows\system32\yv12vfw.dll 2010-07-11 22:09:01 ----A---- C:\Windows\system32\i420vfw.dll 2010-07-11 22:09:01 ----A---- C:\Windows\system32\AVSredirect.dll 2010-07-11 12:42:35 ----D---- C:\Spiele 2010-06-23 13:07:46 ----A---- C:\Windows\uninst.exe 2010-06-21 17:35:35 ----D---- C:\Users\Administrator\AppData\Roaming\Youtube Downloader HD ======List of files/folders modified in the last 1 months====== 2010-07-18 18:40:24 ----D---- C:\Windows\Temp 2010-07-18 18:40:24 ----D---- C:\Windows\Minidump 2010-07-18 18:40:24 ----D---- C:\Windows 2010-07-18 18:18:15 ----D---- C:\Windows\Prefetch 2010-07-18 17:59:37 ----D---- C:\Program Files 2010-07-18 14:10:08 ----D---- C:\Users\Administrator\AppData\Roaming\Skype 2010-07-18 12:02:27 ----D---- C:\Windows\system32\catroot2 2010-07-17 18:15:25 ----A---- C:\Windows\DUMP5b7d.tmp 2010-07-16 20:51:18 ----D---- C:\Windows\system32\drivers 2010-07-16 12:56:53 ----D---- C:\ProgramData 2010-07-16 11:42:04 ----SHD---- C:\System Volume Information 2010-07-15 10:18:58 ----SHD---- C:\Windows\Installer 2010-07-15 10:18:55 ----D---- C:\Windows\system32\Tasks 2010-07-15 10:18:51 ----D---- C:\Program Files\Common Files 2010-07-12 15:33:29 ----D---- C:\Windows\winsxs 2010-07-12 09:17:14 ----D---- C:\Windows\System32 2010-07-12 08:55:21 ----A---- C:\Windows\win.ini 2010-07-11 22:08:57 ----RSD---- C:\Windows\Fonts 2010-07-11 13:52:10 ----D---- C:\Users\Administrator\AppData\Roaming\gtk-2.0 2010-07-11 11:53:23 ----D---- C:\Program Files\Mozilla Firefox 2010-07-10 21:42:03 ----D---- C:\Program Files\CCleaner 2010-06-19 20:40:49 ----D---- C:\Program Files\7-Zip 2010-06-19 20:36:26 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-21 145464] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-17 691696] R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2008-12-16 13976] R1 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2009-04-25 97792] R2 ACEDRV09;ACEDRV09; \??\C:\Windows\system32\drivers\ACEDRV09.sys [2009-05-26 110304] R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552] R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832] R3 LachesisFltr;Lachesis Mouse Driver; C:\Windows\system32\drivers\Lachesis.sys [2007-08-08 12032] R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752] R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520] S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S1 ntiomin;ntiomin; C:\Windows\system32\drivers\ntiomin.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752] S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2009-05-07 4352] S3 BELKIN;Belkin Wireless G USB Network Adapter; C:\Windows\system32\DRIVERS\BLKWGU.sys [] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\Windows\system32\drivers\cmaudio.sys [2002-11-18 377358] S3 cpuz130;cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672] S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] S3 fwlanusbn;FRITZ!WLAN N; C:\Windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832] S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp [] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176] S3 Mkd2kfNt;Mkd2kfNt; C:\Windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072] S3 Mkd2Nadr;Mkd2Nadr; C:\Windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 SaiKCB03;SaiKCB03; C:\Windows\system32\DRIVERS\SaiKCB03.sys [2008-10-22 106496] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys [] S3 VIAudio;VIA AC'97 Audiocontroller; C:\Windows\system32\drivers\ac97via.sys [2006-11-02 68096] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 XDva285;XDva285; \??\C:\Windows\system32\XDva285.sys [] S3 XDva321;XDva321; \??\C:\Windows\system32\XDva321.sys [] S3 XDva349;XDva349; \??\C:\Windows\system32\XDva349.sys [] S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-21 521216] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2009-05-07 368640] S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-05-06 2785582] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-07-18 18:40:50 ======Uninstall list====== Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin AVM FRITZ!WLAN-->C:\Program Files\avmwlanstick\instwcli.exe -d1 CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E} Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A} Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1} Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4} Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} osu!-->"C:\Windows\osu!\uninstall.exe" "/U:C:\Program Files\osu!\Uninstall\uninstall.xml" PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Razer Lachesis-->C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0009 -removeonly Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek AC'97 Audio-->Alcrmv.exe -r -m Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall Unterstützungsdateien für Microsoft SQL Server 2008-Setup -->MsiExec.exe /X{9AA2D735-3375-42D4-9A61-3FFEF82599D6} VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows-Soundschemas-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: ADMiN-01 Event Code: 14204 Message: Dienst "WMPNetworkSvc" wurde gestartet. Record Number: 200125 Source Name: Microsoft-Windows-WMPNSS-Service Time Written: 20100718163917.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 7036 Message: Dienst "Windows Media Player-Netzwerkfreigabedienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 200126 Source Name: Service Control Manager Time Written: 20100718163917.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 14344 Message: Ein neuer Medienserver konnte nicht initialisiert werden, da ein Fehler "0xc00d2711" in "WMCreateDeviceRegistration()" aufgetreten ist. Die Komponenten "Windows Media DRM" auf dem Computer sind möglicherweise beschädigt. Überprüfen Sie, ob die geschützten Dateien richtig in Windows Media Player wiedergegeben werden, und starten Sie dann den "WMPNetworkSvc"-Dienst neu. Record Number: 200127 Source Name: Microsoft-Windows-WMPNSS-Service Time Written: 20100718163919.000000-000 Event Type: Fehler User: Computer Name: ADMiN-01 Event Code: 14344 Message: Ein neuer Medienserver konnte nicht initialisiert werden, da ein Fehler "0xc00d2711" in "WMCreateDeviceRegistration()" aufgetreten ist. Die Komponenten "Windows Media DRM" auf dem Computer sind möglicherweise beschädigt. Überprüfen Sie, ob die geschützten Dateien richtig in Windows Media Player wiedergegeben werden, und starten Sie dann den "WMPNetworkSvc"-Dienst neu. Record Number: 200128 Source Name: Microsoft-Windows-WMPNSS-Service Time Written: 20100718163919.000000-000 Event Type: Fehler User: Computer Name: ADMiN-01 Event Code: 7036 Message: Dienst "Kryptografiedienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 200129 Source Name: Service Control Manager Time Written: 20100718164016.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: ADMiN-01 Event Code: 1033 Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden. Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Shell-InBoxGames-FreeCell-EnableGame) (Shell-InBoxGames-FreeCell-EnableGame_w) (Shell-InBoxGames-Hearts-EnableGame) (Shell-InBoxGames-Hearts-EnableGame_w) (Shell-InBoxGames-Minesweeper-EnableGame) (Shell-InBoxGames-Minesweeper-EnableGame_w) (Shell-InBoxGames-PurblePlace-EnableGame) (Shell-InBoxGames-PurblePlace-EnableGame_w) (Shell-InBoxGames-Shanghai-EnableGame) (Shell-InBoxGames-Shanghai-EnableGame_w) (Shell-InBoxGames-Solitaire-EnableGame) (Shell-InBoxGames-Solitaire-EnableGame_w) (Shell-InBoxGames-SpiderSolitaire-EnableGame) (Shell-InBoxGames-SpiderSolitaire-EnableGame_w) (Shell-PremiumInBoxGames-Chess-EnableGame) (Shell-PremiumInBoxGames-Chess-EnableGame_w) (TabletPCInkBall-EnableGame) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA) Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f SKU-ID=5e802570-4657-4e84-bfbc-6a0e531b84af Record Number: 34190 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100718163932.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 1003 Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen. Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f Lizenzierungsstatus= {1,[1f59edc8-ad79-4d96-a62d-c33ee78da2ec, 8, 0xC004F014,0x0]} {1,[30fab9cc-8614-4339-989f-7ce61fb7a5c4, 8, 0xC004F014,0x0]} {1,[33a7e8d3-e2ab-413b-96a6-27c83b21c695, 8, 0xC004F014,0x0]} {1,[56a13760-2b9c-406f-be8a-8f2ef22f10b5, 8, 0xC004F014,0x0]} {1,[5e802570-4657-4e84-bfbc-6a0e531b84af, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]} {1,[a79a48fc-70d9-4413-ab47-81cf5d08f7ee, 8, 0xC004F014,0x0]} {1,[d6a70f3f-2052-4633-a9aa-25ea0cdff672, 8, 0xC004F014,0x0]} {1,[f00fa8e9-ac0f-4f43-a259-a26c110cbbf9, 8, 0xC004F014,0x0]} {1,[f79b5e33-4a4e-451c-9e8a-55dcc9bdb89d, 8, 0xC004F014,0x0]} {1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]} Record Number: 34191 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100718163932.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 1005 Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0 Record Number: 34192 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100718163933.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 902 Message: Der Softwarelizenzierungsdienst wurde gestartet. Record Number: 34193 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100718163934.000000-000 Event Type: Informationen User: Computer Name: ADMiN-01 Event Code: 1 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 34194 Source Name: SecurityCenter Time Written: 20100718164135.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: ADMiN-01 Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 79832 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100718164044.248428-000 Event Type: Überwachung gescheitert User: Computer Name: ADMiN-01 Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 79833 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100718164044.506237-000 Event Type: Überwachung gescheitert User: Computer Name: ADMiN-01 Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 79834 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100718164044.756234-000 Event Type: Überwachung gescheitert User: Computer Name: ADMiN-01 Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 79835 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100718164045.045293-000 Event Type: Überwachung gescheitert User: Computer Name: ADMiN-01 Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 79836 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100718164045.310915-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "VS100COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 10.0\Common7\Tools\ -----------------EOF----------------- Und hier HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:40:46, on 18.07.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Users\XXX\Downloads\RSIT.exe C:\Program Files\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing) -- End of file - 3360 bytes |
22.07.2010, 14:36 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Hallo und
__________________Zitat:
Wird ja wohl eine seriöse Seite sein, wenn man da massenhaft Downloads zu Filmen findet bitte nen Vollscan mit akutalisiertem Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.07.2010, 14:36 | #3 |
| Links öffnen sich automatisch Hey cosinus
__________________Danke das du dir die zeit nimmst mir zu helfen Achja und das mit der grafik bei drei.to scheint bei jedem aufzutauchen nich nur an meine PC das habe ich festgestellt. Und aus diesem grunde werde ich nich mehr auf diese seite gehen ich versprech es Hier die logs Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4343 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 24.07.2010 15:06:31 mbam-log-2010-07-24 (15-06-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 228531 Laufzeit: 1 Stunde(n), 10 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.07.2010 15:09:36 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Administrator\Desktop Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,14 Gb Total Space | 271,64 Gb Free Space | 92,67% Space Free | Partition Type: NTFS Drive D: | 172,62 Gb Total Space | 172,52 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-01 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe File not found SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe File not found SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (XDva321) -- C:\Windows\System32\XDva321.sys File not found DRV - (XDva285) -- C:\Windows\System32\XDva285.sys File not found DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GarenaPEngine) -- C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (cpuz130) -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (BELKIN) -- C:\Windows\System32\DRIVERS\BLKWGU.sys File not found DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (SaiKCB03) -- C:\Windows\System32\drivers\SaiKCB03.sys (Saitek) DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.) DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (VIAudio) -- C:\Windows\System32\drivers\ac97via.sys (VIA Technologies, Inc.) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\Windows\System32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 97 CA 12 50 91 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 15:06:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 16:35:06 | 000,000,000 | ---D | M] [2010.07.23 17:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe () O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell - "" = AutoRun O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.24 13:44:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.24 13:44:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.24 13:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.15 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010.07.15 13:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010.07.15 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.07.11 22:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.07.11 22:09:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.07.11 22:09:03 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.07.11 22:09:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.07.11 22:09:01 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.07.11 12:42:35 | 000,000,000 | ---D | C] -- C:\Spiele [2010.07.11 12:42:35 | 000,000,000 | ---D | C] -- \Spiele [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.24 15:09:05 | 003,670,016 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat [2010.07.24 13:55:36 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.24 13:55:36 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.24 13:54:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.24 13:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.24 13:47:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms [2010.07.24 13:47:11 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf [2010.07.24 13:44:46 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 20:48:37 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.07.22 15:51:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms [2010.07.12 08:55:21 | 000,000,302 | ---- | M] () -- C:\Windows\win.ini [2010.07.11 17:40:31 | 000,015,666 | ---- | M] () -- C:\Windows\System32\shutdown.rar [2010.07.11 17:40:18 | 000,015,666 | ---- | M] () -- C:\Windows\System32\LOL.rar [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.24 13:44:46 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.15 13:33:09 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2010.07.11 22:09:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.11 17:40:31 | 000,015,666 | ---- | C] () -- C:\Windows\System32\shutdown.rar [2010.07.11 17:40:18 | 000,015,666 | ---- | C] () -- C:\Windows\System32\LOL.rar [2010.05.12 14:09:53 | 000,000,074 | ---- | C] () -- C:\Windows\Wininit.INI [2010.05.07 15:06:26 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.05.01 22:23:01 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.01.26 18:00:20 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI [2009.12.03 17:20:01 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2009.11.30 20:36:04 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2009.11.30 20:36:04 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2009.08.21 12:24:07 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2009.08.21 12:21:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.08.21 12:20:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.21 12:19:33 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.07.15 12:40:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.05.30 15:27:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.05.30 15:27:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.05.30 15:27:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.04.22 18:12:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.04.22 18:12:07 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini [2009.04.22 18:11:39 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini [2009.04.22 18:11:39 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini [2009.04.22 18:11:34 | 000,000,415 | ---- | C] () -- C:\Windows\CMISETUP.INI [2009.04.14 08:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll [2008.10.22 14:57:08 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0C.dll [2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_10.dll [2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0A.dll [2008.10.22 14:57:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCCB03_11.dll [2008.10.22 14:57:06 | 000,843,776 | ---- | C] () -- C:\Windows\System32\SaiCCB03.Dll [2008.10.22 14:57:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCCB03_07.dll [2008.10.22 14:57:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCCB03_09.dll [2008.10.22 14:57:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCCB03_0402.dll [2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1913.08.01 16:18:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.07.2010 15:09:36 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Administrator\Desktop Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 40,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,14 Gb Total Space | 271,64 Gb Free Space | 92,67% Space Free | Partition Type: NTFS Drive D: | 172,62 Gb Total Space | 172,52 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-01 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01A13F94-5C59-49AC-9B06-2341BCC122F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{06F90765-A87B-4E65-A91A-BFBCCEB9DFF5}" = lport=10243 | protocol=6 | dir=in | app=system | "{0E06CAB5-067F-4AA4-9907-0289539D7C76}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher | "{37EB1D09-3775-439E-BBFD-0CBD17357FA8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | "{5A5EECE0-EAF4-45CC-A64F-A7D6DB9D9CE1}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher | "{5DF18D78-2A72-4508-95C1-D9404CA8481E}" = lport=2869 | protocol=6 | dir=in | app=system | "{6D64F43F-997A-4451-BC95-28148624112A}" = rport=10243 | protocol=6 | dir=out | app=system | "{7D7B5B5E-D0C1-493D-B681-28F1393D7228}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8D202534-E0E1-4B06-8D03-E29786999833}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher | "{A3D09BF4-669E-4B88-87FE-144A91331997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B5E5B613-8F69-4CAA-B1FB-A76BC95865A7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | "{C4791184-1A2D-4463-AEC2-DB17F63D718D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB2D5BF9-8424-4D8A-B62D-C58546902C01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CD6D93A5-5D58-4E56-BF1D-CC80784CC07F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FE4CE62B-96BA-41F1-BC01-9CE0B4C24664}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | "{FF4FABF3-DBB5-4A79-A80C-73409F107B14}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FF2898-9680-4687-B0E8-C909FEA59BF3}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | "{1520EEC8-62C0-4E3B-9494-529CED2A616D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B700756-548E-4426-9395-23DBAFA8494E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{402C04EA-B4E7-4B5D-885B-DE481FAE1C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{45523B7F-CD84-4DA6-AA2E-EAE1F865A929}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4E30A577-D5A1-4A7B-A514-000646D51352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{60B5A7E7-6657-4B46-841C-B8F6E7001821}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{6BED4DB6-E0C4-40BB-90CE-B25C44D5FBD0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{70D064C0-2EB1-467F-B263-FB55469212B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{71B5DDD9-374E-4A8B-A529-0BA0E478533C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{78E66F98-2C7C-4207-B989-117ECFF3028B}" = protocol=6 | dir=out | app=system | "{A59BC587-9F9B-4D79-8E22-6CCAED092F58}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | "{AB89AFA9-5312-4695-ACDE-DCD509640344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C39E32BA-87CA-4B29-9F42-F40657CB2CC3}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{C7BDD3D9-92B1-4D2F-96FF-388CCAFE037D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA3B0A3F-1B22-4E38-95B9-22127E5B20BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DD2C7617-AA22-4A25-9F5B-4145C4927879}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DD9DF447-F9AD-4816-8C02-D61A641CD68D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | "{F99EDFAF-A584-4642-AF2D-1105BC95F26A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends "{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVMWLANCLI" = AVM FRITZ!WLAN "CCleaner" = CCleaner "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7) "osu!" = osu! "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "Winamp" = Winamp "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
26.07.2010, 14:51 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{0be94666-eb28-11de-a99a-0010dcc197b3}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{1d3c0a63-2ff8-11de-9d01-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{22f0e68e-712c-11de-b819-0010dcc197b3}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell - "" = AutoRun O33 - MountPoints2\{5c21a6d6-3dad-11df-9873-001f3f0c32eb}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell - "" = AutoRun O33 - MountPoints2\{c43b1a62-f461-11de-ac53-0010dcc197b3}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found [2010.07.11 17:40:31 | 000,015,666 | ---- | M] () -- C:\Windows\System32\shutdown.rar [2010.07.11 17:40:18 | 000,015,666 | ---- | M] () -- C:\Windows\System32\LOL.rar :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.07.2010, 14:36 | #5 |
| Links öffnen sich automatisch So habe ich jetzt gemacht aber ich habe einen bluescreen bekommen den ich fast immer bekomme. Ich weis nich ob das jetzt überhaupt richtig ist oder ob ich es nochmal machen muss. auf jedenfall habe ich eine desktop.ini und eine photothumb.db in meinem desktop bekommen. desktop.ini: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 [LocalizedFileNames] Norton AntiVirus.lnk=@C:\PROGRA~1\NORTON~2\Branding\muis.dll,-101 und die andere kann ich nich öffnen ist eine system datei. |
27.07.2010, 15:07 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Links öffnen sich automatisch |
27.07.2010, 15:49 | #7 |
| Links öffnen sich automatisch So habe ich gemacht nur leider hat sich keine txt geöffnet und ich habe auch Unter C: nichts gefunden nur diese komischen durchsichtigen dateien die von OTL kamen und meine standart ordner aber keine txt ich hab vergessen sie cofi.exe zu benennen So ähh was nun nochmal? sorry mfg: Valnar94 |
27.07.2010, 16:28 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Ja bitte nochmal ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
27.07.2010, 17:18 | #9 |
| Links öffnen sich automatisch So ich habs jetzt weitere 2 ,al probiert aber es klappt immer noch nich Ich habe alles getan wie du es beschrieben hast. zuerst kommt diese erste meldung die mann bestätigen muss dann kommt danach das hier: hxxp://yfrog.com/n3unbenanntirj mfg Valnar94 |
27.07.2010, 20:34 | #10 |
| Links öffnen sich automatisch Ich habs jetzt hingekriegt doch nur im abgesicherten modus aber das ist glaub ich mal egal . hier der log: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-26.04 - Administrator 27.07.2010 21:09:34.1.1 - x86 MINIMAL Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1031.18.511.173 [GMT 2:00] ausgeführt von:: c:\users\Administrator\Desktop\cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\ADMINI~1\AppData\Roaming\.# c:\users\ADMINI~1\AppData\Roaming\.#\MBX@D40@1C22748.### c:\users\ADMINI~1\AppData\Roaming\.#\MBX@D40@1C22778.### c:\users\Administrator\AppData\Roaming\.#\MBX@D40@1C22748.### c:\users\Administrator\AppData\Roaming\.#\MBX@D40@1C22778.### c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-06-27 bis 2010-07-27 )))))))))))))))))))))))))))))) . 2010-07-27 19:20 . 2010-07-27 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-27 13:27 . 2010-07-27 13:27 -------- d-----w- C:\_OTL 2010-07-27 12:22 . 2010-07-27 13:05 -------- d-----w- C:\SMBX 2010-07-26 12:06 . 2010-07-26 13:04 -------- d-----w- c:\users\Administrator\.thumbnails 2010-07-26 12:01 . 2010-07-27 16:09 -------- d-----w- c:\users\Administrator\.gimp-2.6 2010-07-26 12:01 . 2010-07-26 12:01 -------- d-----w- c:\program files\GIMP-2.0 2010-07-25 12:10 . 2010-07-25 12:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\AnvSoft 2010-07-25 12:10 . 2010-07-25 12:10 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\AnvSoft 2010-07-25 12:10 . 2010-07-25 12:10 -------- d-----w- c:\program files\AnvSoft 2010-07-24 11:44 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-24 11:44 . 2010-07-24 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-24 11:44 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-15 11:38 . 2010-07-15 11:38 6377472 ----a-w- c:\programdata\Skype\Plugins\Plugins\45493F11828C44489701861DAA3C28F2\WinampInfo.exe 2010-07-15 11:33 . 2010-07-15 11:33 -------- d-----w- c:\program files\Winamp Detect 2010-07-15 11:32 . 2010-07-24 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp 2010-07-15 11:32 . 2010-07-24 14:56 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Winamp 2010-07-15 11:32 . 2010-07-23 18:49 -------- d-----w- c:\program files\Winamp 2010-07-15 08:18 . 2010-07-15 08:18 -------- d-----w- c:\program files\Common Files\Skype 2010-07-11 20:20 . 2010-07-11 20:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc 2010-07-11 20:20 . 2010-07-11 20:22 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\vlc 2010-07-11 20:19 . 2010-07-11 20:19 -------- d-----w- c:\program files\VideoLAN 2010-07-11 20:16 . 2010-07-12 06:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\FreeVideoConverter 2010-07-11 20:16 . 2010-07-12 06:55 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\FreeVideoConverter 2010-07-11 20:09 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-07-11 20:09 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll 2010-07-11 20:09 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-07-11 20:09 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-27 16:08 . 2009-10-19 16:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\gtk-2.0 2010-07-27 16:08 . 2009-10-19 16:13 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\gtk-2.0 2010-07-27 14:30 . 2009-08-17 16:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype 2010-07-27 14:30 . 2009-08-17 16:24 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Skype 2010-07-19 18:55 . 2008-01-21 02:22 6144 ----a-w- c:\windows\system32\drivers\RDPCDD.sys 2010-07-10 19:42 . 2009-04-22 19:00 -------- d-----w- c:\program files\CCleaner 2010-06-21 15:41 . 2010-06-21 15:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Youtube Downloader HD 2010-06-21 15:41 . 2010-06-21 15:35 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Youtube Downloader HD 2010-06-19 18:40 . 2009-05-07 16:23 -------- d-----w- c:\program files\7-Zip 2010-06-15 15:37 . 2010-05-26 16:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\PhotoScape 2010-06-15 15:37 . 2010-05-26 16:51 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\PhotoScape 2010-06-08 20:54 . 2010-06-08 20:54 -------- d-----w- c:\programdata\Saitek 2010-06-08 20:53 . 2010-06-08 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf 2010-06-07 14:26 . 2009-04-22 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-07 14:24 . 2010-06-07 14:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\ijjigame 2010-06-07 14:24 . 2010-06-07 14:24 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\ijjigame 2010-06-06 14:51 . 2010-06-06 14:50 -------- d-----w- c:\program files\avmwlanstick 2010-06-06 14:35 . 2010-03-31 18:02 -------- d-----w- c:\program files\GRETECH 2010-06-06 13:23 . 2010-05-31 13:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\ICQ 2010-06-06 13:23 . 2010-05-31 13:09 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\ICQ 2010-06-05 14:12 . 2009-05-30 13:27 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-06-05 14:12 . 2009-05-30 13:27 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-06-05 14:12 . 2009-05-30 13:27 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-06-04 15:26 . 2009-04-22 16:01 69104 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-04 15:26 . 2009-04-22 16:01 69104 ----a-w- c:\users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-04 15:24 . 2010-05-25 18:46 0 ----a-w- c:\windows\system32\Access.dat 2010-05-30 20:16 . 2010-05-30 20:16 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-05-30 20:16 . 2010-05-30 20:10 -------- d-----w- c:\program files\Microsoft SQL Server 2010-05-30 20:15 . 2010-05-30 18:27 -------- d-----w- c:\program files\Microsoft.NET 2010-05-30 20:03 . 2010-05-30 20:03 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-05-30 20:03 . 2010-05-30 20:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-05-30 20:02 . 2010-05-30 20:02 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll 2010-05-30 19:59 . 2010-05-30 19:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2010-05-30 19:58 . 2010-05-30 19:58 -------- d-----w- c:\program files\Microsoft Help Viewer 2010-05-30 19:58 . 2010-05-30 19:58 -------- d-----w- c:\program files\Microsoft SDKs 2010-05-30 19:58 . 2010-05-30 19:58 -------- d-----w- c:\program files\Common Files\Merge Modules 2010-05-30 19:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-05-30 19:35 . 2010-05-22 18:21 0 ----a-w- c:\users\Administrator\AppData\Local\prvlcl.dat 2010-05-30 19:35 . 2010-05-22 18:21 0 ----a-w- c:\users\ADMINI~1\AppData\Local\prvlcl.dat 2010-05-30 19:07 . 2008-01-21 08:24 698862 ----a-w- c:\windows\system32\perfh007.dat 2010-05-30 19:07 . 2008-01-21 08:24 156186 ----a-w- c:\windows\system32\perfc007.dat 2010-05-29 13:50 . 2010-05-25 18:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\Tunngle 2010-05-29 13:50 . 2010-05-25 18:44 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Tunngle 2010-05-01 20:23 . 2010-05-01 20:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-04-30 17:27 . 2010-04-30 17:27 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2010-04-02 13:06 . 2010-04-02 13:06 2185 ----a-w- c:\program files\Common Files\unins000.dat 2010-02-10 14:18 . 2010-04-12 15:07 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe 2008-10-15 17:44 . 2008-10-15 17:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "C-Media Speaker Configuration"="c:\progra~1\C-Media\WIN_ME\Setup.exe" [2003-01-10 864256] "Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032] "AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=c:\windows\ehome\ehTray.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "C-Media Mixer"=Mixer.exe /startup R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-17 691696] R1 ntiomin;ntiomin; [x] R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-05-26 110304] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-05-07 4352] R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [x] R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088] R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832] R3 GarenaPEngine;GarenaPEngine;c:\users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp [x] R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072] R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-05-06 2785582] R3 SaiKCB03;SaiKCB03;c:\windows\system32\DRIVERS\SaiKCB03.sys [2008-10-22 106496] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x] R3 XDva321;XDva321;c:\windows\system32\XDva321.sys [x] R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x] S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ IE: Save YouTube Video FF - ProfilePath - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ung1ardf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-07-27 21:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\GarenaPEngine] "ImagePath"="\??\c:\users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,7c,63,4c,d2,94,46,45,88,a6,72,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,4c,4a,6a,c0,15,49,49,b2,55,0d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,7c,63,4c,d2,94,46,45,88,a6,72,\ [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.669" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.AAC" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.aiff" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.amf" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ASF" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.au" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.AVI" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.avr" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.caf" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\GOM.exe" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.CDA" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.far" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLAC" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLV" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.htk" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.iff" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.it" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.itz" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.KAR" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M2V" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4A" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mat" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mdz" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MID" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIDI" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIZ" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MKV" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MMM\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mod" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP1" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP2" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP3" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP4" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPEG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mtm" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSA" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.nst" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSV" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.OGG" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.okt" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.osr\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\GOM.exe" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.paf" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ptm" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.pvf" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.raw" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.rf64" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.RMI" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3m" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3z" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sd2" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sds" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sf" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stm" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stz" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.SWF" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ult" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v64\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\Project64.exe" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.VLB" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.voc" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.w64" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.SkinZip" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wav" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.webm" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.LangZip" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMA" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMV" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wsz\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wve" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xi" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xm" [HKEY_USERS\S-1-5-21-3371241850-486487569-2162642085-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xmz" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="089D9E3C110DEAE6534DBA40E5403C961E7752A7D55B88CFBCE7180C8A101E75F6E6E0707391D531DEACBDF2C7178C5D77E7E8854EE77F0CB05980B78979ED19AD711B919BA10DCBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808FEBC9E127BECC74C97A5FD6814BFAC5F487539C3B15F64898F968FAF499687692227756B3BEC13512AB6907E25814B098BF4BB8D4F393769FEE46FCAF4FBDB9379A1616F4D065DAFE7B50BC0F1C353C3B182703387C18D111739C00BC92B0C8AD4D93E2251575B5621D2FCA7B769355F719F72828CFDF5781205CBB68FE9618E91D32063428937ECF842684B4B1C950DD051506F26B832F9FB3FCC3A22C4DA44E31791393208C802E6BEC36A92C94CE32EA08C90AFFE3755B9E2F325F2092A3250AE0F4D4804A306B78277E58523E6DDB91C1FA197A4AE2F7D6F652B054C37C6B3AA896A3B70084E0B4FE3C4B41DA459F756F27F623FF60D5366B8A471649B52BB9FE502DA076F15D2E9D831C171FA9843E2E6AE2628A0DB19CE798E64EBA5876CA2FD2B864284F6D91B1E77E21C12C2C6DC4D568E7EF0697FB228869D4259019B529D1C3363A7F5B9AEEB0A615FC6E18361EEC05AA3E2EA0C22B951720BEBB973CC8632EBEE6A7762F571001DC0A9E3CE9205DBDEBEA2779A2F9458C92EC791F436EDEF4CAB96449745519188087E9BD1153F3C80389108566F952521D58CCEEF357CF887A6278AF2F5A09EA8C2BEC08793C018BD40C67FC27E8DE988700B198DF64F9561AF4BDBDD63E8A617C396EA423CA04A23488A9F347B3FF7A3334CFB46A9F734335BE52C996FA9D1841D671A27BEEA5054855A10D68762C92B1308E8EB0279E46A810FD6397ED36831AA43B1ADD11CCF0AF3675B26CB25F9EA4C2FB39EB650DC093E139725F8CD597587F4F6A2B0A98E0ECF19F17570A548C45FE215D684E5742372701119CAF136399778132895F8F7C11C072769A4F7182A0CF9295E2B9D29E2C05A48A3E68C357B7D7E17B1456519161F80B27C1C24F2265CFEF0D4ECCB1D85123925AA3F622FCF22EA7309043F2693E2842E7B0DA784549AB0CFAC13B8125C14A877E3CE27235BB4567E4A1B48F554B54A9A8931719BE356820FABE723F2CC34F76FDA9086B258268E746659380489A93CDB9BC7E5AC996218DA6EBBBA4CCE292B23F1859D2315A99272A210B8ED741475B77B15DC504E54CE4362E126CFF068F88A5BB27E5F74BA177A96146AF66D10C9DAC75CA1C0ED0AB4BDC932FA5154B0CC841E21AF75EC9405F3B040600760FB3ED371EBF4DEF8A10AA03D09C94A2E0146D1175CAA9507B9F8A930F09FA8CB798A96BD108BAF037D48AAA6C491D7C79DB99776F45E9662EEC348" . Zeit der Fertigstellung: 2010-07-27 21:25:51 ComboFix-quarantined-files.txt 2010-07-27 19:25 Vor Suchlauf: 16 Verzeichnis(se), 293.064.323.072 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 292.950.495.232 Bytes frei - - End Of File - - C1CDD8DD292D17679F39CEC3ABC82951 Mfg Valnar94 |
29.07.2010, 13:37 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.07.2010, 16:05 | #12 |
| Links öffnen sich automatisch Alles klar GMER hat nicht funktioniert. OSAM Log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:00:40 on 29.07.2010 OS: Windows Vista Ultimate Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ALSNDMGR.CPL" - ? - C:\Windows\system32\ALSNDMGR.CPL (File signed by Microsoft | File found, but it contains no detailed information) "Lachesis.cpl" - "Razer Inc." - C:\Windows\system32\Lachesis.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV05.sys "ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys "ATITool Overclocking Utility" (ATITool) - ? - C:\Windows\System32\DRIVERS\ATITool.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "Belkin Wireless G USB Network Adapter" (BELKIN) - ? - C:\Windows\System32\DRIVERS\BLKWGU.sys (File not found) "catchme" (catchme) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys (File not found) "cpuz130" (cpuz130) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "GarenaPEngine" (GarenaPEngine) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\NGKF007.tmp (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Mkd2kfNt" (Mkd2kfNt) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2kfNt.sys "Mkd2Nadr" (Mkd2Nadr) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Nadr.sys "ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys (File not found) "SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) "XDva285" (XDva285) - ? - C:\Windows\system32\XDva285.sys (File not found) "XDva321" (XDva321) - ? - C:\Windows\system32\XDva321.sys (File not found) "XDva349" (XDva349) - ? - C:\Windows\system32\XDva349.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {7070D8E0-650A-46b3-B03C-9497582E6A74} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes.exe /AddRegistration {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} "Windows Ultimate Extras" - "Microsoft Corporation" - %SystemRoot%\system32\soundschemes2.exe /AddRegistration -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "C-Media Speaker Configuration" - ? - C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER "Lachesis" - ? - C:\Program Files\Razer\Lachesis\razerhid.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Ati External Event Utility" (Ati External Event Utility) - ? - C:\Windows\system32\Ati2evxx.exe (File not found) "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "UPnPService" (UPnPService) - ? - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Bootkit Remover kommt gleich Mfg Valnar94 |
29.07.2010, 16:09 | #13 |
| Links öffnen sich automatisch Bootkit Remover Log: .\debug.cpp(238) : Debug log started at 29.07.2010 - 15:06:13 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001), 32-bit .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x82438000 0x003aa000 "\SystemRoot\system32\ntoskrnl.exe" .\debug.cpp(256) : 0x82405000 0x00033000 "\SystemRoot\system32\hal.dll" .\debug.cpp(256) : 0x82c0e000 0x00008000 "\SystemRoot\system32\kdcom.dll" .\debug.cpp(256) : 0x82c16000 0x00011000 "\SystemRoot\system32\PSHED.dll" .\debug.cpp(256) : 0x82c27000 0x00008000 "\SystemRoot\system32\BOOTVID.dll" .\debug.cpp(256) : 0x82c2f000 0x00041000 "\SystemRoot\system32\CLFS.SYS" .\debug.cpp(256) : 0x82c70000 0x000e0000 "\SystemRoot\system32\CI.dll" .\debug.cpp(256) : 0x82d50000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys" .\debug.cpp(256) : 0x82dcc000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS" .\debug.cpp(256) : 0x82dd9000 0x000f3000 "\SystemRoot\System32\Drivers\spvr.sys" .\debug.cpp(256) : 0x82ecc000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS" .\debug.cpp(256) : 0x82ed5000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS" .\debug.cpp(256) : 0x82efb000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys" .\debug.cpp(256) : 0x82f41000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys" .\debug.cpp(256) : 0x82f49000 0x00027000 "\SystemRoot\system32\drivers\pci.sys" .\debug.cpp(256) : 0x82f70000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys" .\debug.cpp(256) : 0x82f7f000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys" .\debug.cpp(256) : 0x82f8e000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys" .\debug.cpp(256) : 0x82fd8000 0x00008000 "\SystemRoot\system32\drivers\viaide.sys" .\debug.cpp(256) : 0x82fe0000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS" .\debug.cpp(256) : 0x82fee000 0x00008000 "\SystemRoot\system32\DRIVERS\videX32.sys" .\debug.cpp(256) : 0x8640c000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys" .\debug.cpp(256) : 0x8641c000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys" .\debug.cpp(256) : 0x86424000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS" .\debug.cpp(256) : 0x86442000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys" .\debug.cpp(256) : 0x86474000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys" .\debug.cpp(256) : 0x86484000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys" .\debug.cpp(256) : 0x864f5000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys" .\debug.cpp(256) : 0x86600000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys" .\debug.cpp(256) : 0x8662b000 0x0003a000 "\SystemRoot\system32\drivers\NETIO.SYS" .\debug.cpp(256) : 0x86665000 0x000e9000 "\SystemRoot\System32\drivers\tcpip.sys" .\debug.cpp(256) : 0x8674e000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys" .\debug.cpp(256) : 0x86808000 0x0010f000 "\SystemRoot\System32\Drivers\Ntfs.sys" .\debug.cpp(256) : 0x86917000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys" .\debug.cpp(256) : 0x86950000 0x00010000 "\SystemRoot\system32\DRIVERS\viaagp.sys" .\debug.cpp(256) : 0x86960000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys" .\debug.cpp(256) : 0x86968000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys" .\debug.cpp(256) : 0x86977000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys" .\debug.cpp(256) : 0x8699e000 0x00024000 "\SystemRoot\System32\DRIVERS\fvevol.sys" .\debug.cpp(256) : 0x869c2000 0x00011000 "\SystemRoot\system32\drivers\disk.sys" .\debug.cpp(256) : 0x869d3000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS" .\debug.cpp(256) : 0x869f4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys" .\debug.cpp(256) : 0x86a2e000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys" .\debug.cpp(256) : 0x86a39000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0x86a42000 0x0000f000 "\SystemRoot\system32\DRIVERS\amdk7.sys" .\debug.cpp(256) : 0x8b40c000 0x00788000 "\SystemRoot\system32\DRIVERS\atikmdag.sys" .\debug.cpp(256) : 0x86a51000 0x0009f000 "\SystemRoot\System32\drivers\dxgkrnl.sys" .\debug.cpp(256) : 0x8bb94000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys" .\debug.cpp(256) : 0x8bba1000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys" .\debug.cpp(256) : 0x8bbb0000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0x8bbbb000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0x86af0000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0x86aff000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0x8c000000 0x003fa000 "\SystemRoot\system32\drivers\RTKVAC.SYS" .\debug.cpp(256) : 0x86b17000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0x86b44000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0x86b69000 0x0002a000 "\SystemRoot\system32\drivers\ks.sys" .\debug.cpp(256) : 0x8b400000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys" .\debug.cpp(256) : 0x86b93000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0x86bad000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0x86bb7000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys" .\debug.cpp(256) : 0x86bcf000 0x0002e000 "\SystemRoot\system32\DRIVERS\msiscsi.sys" .\debug.cpp(256) : 0x86769000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys" .\debug.cpp(256) : 0x867aa000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0x867b5000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0x867cc000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0x867d7000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0x8d800000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0x8d80f000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0x8d823000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys" .\debug.cpp(256) : 0x8d838000 0x00089000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0x8d8c1000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0x8d8d1000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0x8d8dc000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0x8d8e7000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0x8d8e9000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0x8d8f3000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys" .\debug.cpp(256) : 0x8d900000 0x00034000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0x8d934000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys" .\debug.cpp(256) : 0x8d93e000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0x8d94f000 0x0005f000 "\??\C:\Windows\system32\drivers\ACEDRV05.sys" .\debug.cpp(256) : 0x8d9ae000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x8d9b7000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0x8d9be000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x8d9e1000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0x8d9e8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0x8d9f4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS" .\debug.cpp(256) : 0x8da15000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x8da1d000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys" .\debug.cpp(256) : 0x8da34000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x8da36000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0x8da3f000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0x8da4f000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys" .\debug.cpp(256) : 0x8da58000 0x00003000 "\SystemRoot\system32\drivers\Lachesis.sys" .\debug.cpp(256) : 0x8da5b000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0x8da63000 0x00084000 "\SystemRoot\system32\DRIVERS\xnacc.sys" .\debug.cpp(256) : 0x8dae7000 0x0001e000 "\SystemRoot\system32\DRIVERS\SaiKCB03.sys" .\debug.cpp(256) : 0x8db05000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys" .\debug.cpp(256) : 0x8db0d000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x8db18000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x8db26000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x8db2f000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys" .\debug.cpp(256) : 0x8db45000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys" .\debug.cpp(256) : 0x8db59000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x8db8b000 0x00048000 "\SystemRoot\system32\drivers\afd.sys" .\debug.cpp(256) : 0x8dbd3000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys" .\debug.cpp(256) : 0x8dbe9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x8d9c5000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x91409000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x91445000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys" .\debug.cpp(256) : 0x9144f000 0x0005a000 "\SystemRoot\system32\drivers\csc.sys" .\debug.cpp(256) : 0x914a9000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys" .\debug.cpp(256) : 0x914cc000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys" .\debug.cpp(256) : 0x914d9000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys" .\debug.cpp(256) : 0x914e4000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0x914ec000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys" .\debug.cpp(256) : 0x98860000 0x00202000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x914fd000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x91507000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys" .\debug.cpp(256) : 0x98a80000 0x00009000 "\SystemRoot\System32\TSDDD.dll" .\debug.cpp(256) : 0x98aa0000 0x0000e000 "\SystemRoot\System32\cdd.dll" .\debug.cpp(256) : 0x91516000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys" .\debug.cpp(256) : 0x91531000 0x00063000 "\??\C:\Windows\system32\drivers\ACEDRV09.sys" .\debug.cpp(256) : 0x91594000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys" .\debug.cpp(256) : 0x915a4000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys" .\debug.cpp(256) : 0x915ce000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x915d8000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys" .\debug.cpp(256) : 0x915eb000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys" .\debug.cpp(256) : 0x91658000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys" .\debug.cpp(256) : 0x91675000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys" .\debug.cpp(256) : 0x9168e000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys" .\debug.cpp(256) : 0x916a3000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0x916c2000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys" .\debug.cpp(256) : 0x916fb000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys" .\debug.cpp(256) : 0x91713000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys" .\debug.cpp(256) : 0x9173a000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x91788000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys" .\debug.cpp(256) : 0x9178f000 0x00002000 "\SystemRoot\System32\drivers\enodpl.sys" .\debug.cpp(256) : 0x85802000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys" .\debug.cpp(256) : 0x858e0000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS" .\debug.cpp(256) : 0x858ea000 0x00002000 "\SystemRoot\System32\drivers\tandpl.sys" .\debug.cpp(256) : 0x858ec000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys" .\debug.cpp(256) : 0x858f8000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys" .\debug.cpp(256) : 0x8590e000 0x000af000 "\SystemRoot\system32\drivers\spsys.sys" .\debug.cpp(256) : 0x859d2000 0x0006c000 "\SystemRoot\system32\DRIVERS\fwlanusbn.sys" .\debug.cpp(256) : 0x779a0000 0x00127000 "\Windows\System32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_200j______________________1.36____#5&32d12b21&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_000C#5&1e91b199&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&272279af&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a09437f&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_00#7&5f88c4d&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H352A_______________TS01____#5&32d12b21&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vanessa" .\debug.cpp(400) : Destination="\Device\vanessa" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10#3&2b8e0b4b&0&40#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice" .\debug.cpp(400) : Destination="\Device\WMIAdminDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6C311D6F-8441-4905-A34E-C838ED666FD0}" .\debug.cpp(400) : Destination="\Device\NDMP3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7806E9A4-4D7A-4998-90D0-B612D26CA943}" .\debug.cpp(400) : Destination="\Device\NDMP14" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_01#7&3a1fcea2&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1" .\debug.cpp(400) : Destination="\Device\ParallelVdm0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35378AAD-9B98-4AFB-B8A2-00F422070983}" .\debug.cpp(400) : Destination="\Device\NDMP15" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice" .\debug.cpp(400) : Destination="\Device\SpDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination="\Device\Serial0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth" .\debug.cpp(400) : Destination="\Device\PEAuth" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&ad0f764&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2" .\debug.cpp(400) : Destination="\Device\Serial1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10#3&2b8e0b4b&0&40#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H352A_______________TS01____#5&32d12b21&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{05F4D1FA-EF57-496D-89A5-883FA6894F7F}" .\debug.cpp(400) : Destination="\Device\NDMP6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched" .\debug.cpp(400) : Destination="\Device\Psched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0738&PID_CB03#0D1E79F6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_6#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\0000004e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000055" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B2E638DD-F820-418F-B7A4-A2B58F3832B9}" .\debug.cpp(400) : Destination="\Device\NDMP5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature80800425Offset100000Length4948FFF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\0000004b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_00#7&3b7a8112&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{3b0bc249-97f2-49c7-a5b4-8af34040e48d}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination="\Device\USBFDO-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_30381462&REV_82#3&2b8e0b4b&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\0000004c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{479F004D-A34C-4997-9916-437EB7990B04}" .\debug.cpp(400) : Destination="\Device\NDMP4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_00#7&3b7a8112&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000073" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d8aa809&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:" .\debug.cpp(400) : Destination="\clfs" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_01&Col01#7&38f233b6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0738&PID_CB03#0D1E79F6#{ec87f1e3-c13b-4100-b5f7-8b84d54260cb}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{eb70da2e-2f65-11de-af1c-0010dcc197b3}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination="\Device\Secdrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination="\Device\00000060" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AB82D02A-6E16-4600-AEA3-9DF121F95266}" .\debug.cpp(400) : Destination="\Device\NDMP2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{07C5FAB3-13C2-42C2-BFFA-D15DF0A9383D}" .\debug.cpp(400) : Destination="\Device\NDMP1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_01&Col02#7&38f233b6&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD5000AAKB-00H8A0___________________05.04E05#5&20177a7c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_200j______________________1.36____#5&32d12b21&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T1L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A54B7DE-120A-43C4-B237-14A153AFE435}" .\debug.cpp(400) : Destination="\Device\NDMP13" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\0000005f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C316&MI_00#7&5f88c4d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\0000006d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4151&SUBSYS_2075148C&REV_00#4&79e4966&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&2f4e3638&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&304458ae&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381462&REV_80#3&2b8e0b4b&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi" .\debug.cpp(400) : Destination="\Device\Nsi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl" .\debug.cpp(400) : Destination="\Device\PartmgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec40-2f54-11de-95bd-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice" .\debug.cpp(400) : Destination="\Device\NXTIPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000003f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:" .\debug.cpp(400) : Destination="\Device\Floppy0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000007b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\enodpl" .\debug.cpp(400) : Destination="\Device\enodpl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev" .\debug.cpp(400) : Destination="\Device\WFP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NDMP9" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATHWLAN" .\debug.cpp(400) : Destination="\Device\ATHWLAN" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6" .\debug.cpp(400) : Destination="\Device\WANARPV6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}" .\debug.cpp(400) : Destination="\Device\00000078" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C316#5&1e91b199&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-5" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0005#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\0000007b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1532&PID_000C&MI_01#7&3a1fcea2&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000074" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{441234F5-DEAA-43CB-A47A-1F1E3DC6F2BC}" .\debug.cpp(400) : Destination="\Device\NDMP7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination="\Device\AscKmd" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH" .\debug.cpp(400) : Destination="\Device\NDMP8" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination="\Device\Parallel0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec3d-2f54-11de-95bd-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&12c4429e&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\FloppyPDO0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice" .\debug.cpp(400) : Destination="\Device\MPS" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#MED8928#5&1910b099&0&UID268435456#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}" .\debug.cpp(400) : Destination="\Device\00000077" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4151&SUBSYS_2075148C&REV_00#4&79e4966&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV05" .\debug.cpp(400) : Destination="\Device\ACEDRV05" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination="\Device\00000060" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\VolMgrControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature80800425Offset4949100000Length2B27900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\USBPDO-7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\tandpl" .\debug.cpp(400) : Destination="\Device\tandpl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0738&PID_CB03&IG_00#7&bd3598c&0&0000#{a7aaaad0-99ff-45a1-87f5-2cfaef10f6a0}" .\debug.cpp(400) : Destination="\Device\00000076" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6" .\debug.cpp(400) : Destination="\Device\NDMP10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a09437f&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec41-2f54-11de-95bd-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\CdRom1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{180F0C5B-E52F-42D0-9872-09CAE6FF6621}" .\debug.cpp(400) : Destination="\Device\NDMP11" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_057C&PID_8401#001F3F0C32EB#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\USBPDO-7" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv" .\debug.cpp(400) : Destination="\Device\SstpDrv" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000048" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\RaidPort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1532&PID_000C&MI_00#6&7e71b08&0&0000#{d2f9ad00-6ae9-11d5-88f8-0080c8ef5b74}" .\debug.cpp(400) : Destination="\Device\00000071" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}" .\debug.cpp(400) : Destination="\Device\00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4600ec42-2f54-11de-95bd-806e6f6e6963}" .\debug.cpp(400) : Destination="\Device\Floppy0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{737A20C3-2927-422C-9420-698FD1EDC3D1}" .\debug.cpp(400) : Destination="\Device\NDMP12" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle" .\debug.cpp(400) : Destination="\Device\WfpAle" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV09" .\debug.cpp(400) : Destination="\Device\ACEDRV09" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#MED8928#5&1910b099&0&UID268435456#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}" .\debug.cpp(400) : Destination="\Device\00000077" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&12c4429e&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\FloppyPDO0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_38221462&REV_50#3&2b8e0b4b&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3&2b8e0b4b&0#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination="\Device\00000061" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done; Mfg Valnar94 |
29.07.2010, 16:18 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Links öffnen sich automatisch Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.07.2010, 19:31 | #15 |
| Links öffnen sich automatisch Also SUPERAntiSpyware hat 7 Funde gemacht. Und Malwarebytes hab ich vergessen zu patchen Aber ich werde es wiederholen. hier der log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/29/2010 at 08:23 PM Application Version : 4.41.1000 Core Rules Database Version : 5285 Trace Rules Database Version: 3097 Scan type : Complete Scan Total Scan Time : 01:30:43 Memory items scanned : 493 Memory threats detected : 0 Registry items scanned : 8177 Registry threats detected : 4 File items scanned : 106533 File threats detected : 3 Rogue.AntivirusSoft HKU\.DEFAULT\Software\avsoft HKU\S-1-5-18\Software\avsoft Malware.Trace HKU\.DEFAULT\SOFTWARE\AVSUITE HKU\S-1-5-18\SOFTWARE\AVSUITE Trojan.Agent/Gen-FraudTool[Tiny] C:\QOOBOX\QUARANTINE\C\USERS\ADMINI~1\APPDATA\ROAMING\.#\MBX@D40@1C22778.###.VIR Application.PowerReg Scheduler C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\ASCOMP SOFTWARE\CLEANING SUITE\RESTORE\POWERREG SCHEDULER V3.EXE Adware.Tracking Cookie cdn5.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SHBP5FR9 ] Mfg Valnar94 |
Themen zu Links öffnen sich automatisch |
acedrv05.sys, browser, defender, device driver, downloader, error, fehler, flash player, hijack, hijackthis, install.exe, installation, local\temp, locker, mozilla, msiexec.exe, notepad.exe, object, problem, proxy, realtek, registry, richtlinie, rundll, security, server, sich automatisch, skype.exe, software, sptd.sys, starten, stick, studio, svchost.exe, system, trojaner, usb, visual studio, von selbst, windows-sicherheitscenterdienst, wscript.exe, youtube downloader |