| |
| |||||||
Log-Analyse und Auswertung: Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauerndWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2010, 16:31
| #1 |
 |  Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Wäre Super wenn mir jemand mit der Auswertung helfen könnte....hab selbst leider kein Plan davon. Seit ein paar Tagen öffnen sich immer wieder Fenster mit Werbung von Browsergames usw. Vielen dank im vorraus HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:23:54, on 23.07.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ClamWin\bin\ClamTray.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ClamWin] "C:\Programme\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6195 bytes |
|
23.07.2010, 18:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Hallo und
__________________ Zitat:
 Wir sind bei SP2 und IE8! Bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
23.07.2010, 19:44
| #3 |
| | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4340 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 23.07.2010 20:33:08 mbam-log-2010-07-23 (20-33-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 203401 Laufzeit: 40 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\_restore{DB5DA6E7-DCD1-4851-8FDE-3C22E0C0F4CF}\RP165\A0030316.exe (Malware.Tool) -> Quarantined and deleted successfully. und jetzt noch die OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2010 20:36:11 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,00 Mb Total Physical Memory | 216,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,41 Gb Total Space | 5,94 Gb Free Space | 24,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\ClamWin\bin\ClamTray.exe (alch) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH) ========== Driver Services (SafeList) ========== DRV - (smserial) -- C:\WINDOWS\System32\DRIVERS\smserial.sys File not found DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\WINDOWS\system32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.bayer04.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 21:38:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 21:38:20 | 000,000,000 | ---D | M] [2009.10.27 12:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.07.22 20:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\mytjlkac.default\extensions [2010.07.22 16:57:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\mytjlkac.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.26 22:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\mytjlkac.default\extensions\battlefieldheroespatcher@ea.com [2010.07.22 20:41:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.20 20:32:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.23 18:41:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.23 18:41:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.23 18:41:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.23 18:41:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.23 18:41:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.20 19:48:01 | 000,412,178 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14242 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [ClamWin] C:\Programme\ClamWin\bin\ClamTray.exe (alch) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.25 16:42:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{120b13a2-b8cb-11de-a234-00c0a8c3a8be}\Shell - "" = AutoRun O33 - MountPoints2\{120b13a2-b8cb-11de-a234-00c0a8c3a8be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{120b13a2-b8cb-11de-a234-00c0a8c3a8be}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{120b13a5-b8cb-11de-a234-00c0a8c3a8be}\Shell - "" = AutoRun O33 - MountPoints2\{120b13a5-b8cb-11de-a234-00c0a8c3a8be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{120b13a5-b8cb-11de-a234-00c0a8c3a8be}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{1ca55f92-b0ed-11de-a22b-00c0a8c3a8be}\Shell - "" = AutoRun O33 - MountPoints2\{1ca55f92-b0ed-11de-a22b-00c0a8c3a8be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a7b832a8-b0e3-11de-a22a-00c0a8c3a8be}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2006.06.01 21:06:00 | 000,023,040 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{a7b832a8-b0e3-11de-a22a-00c0a8c3a8be}\Shell\configure\command - "" = C:\WINDOWS\System32\setup.exe -- [2006.06.01 21:06:00 | 000,023,040 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{a7b832a8-b0e3-11de-a22a-00c0a8c3a8be}\Shell\install\command - "" = C:\WINDOWS\System32\setup.exe -- [2006.06.01 21:06:00 | 000,023,040 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 11:05:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.07.23 11:05:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.23 11:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.23 11:05:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.23 11:05:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.23 10:54:11 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.07.20 20:41:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.07.20 20:41:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.07.20 20:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.20 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.07.20 20:32:02 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.20 20:32:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.07.20 20:32:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.07.20 20:32:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.15 19:28:48 | 001,448,535 | ---- | C] (Macromedia, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\WaldSpiel.exe [2010.07.01 09:48:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yahoo! [2010.07.01 09:48:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Yahoo [2010.07.01 09:45:43 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo! [2010.06.26 23:25:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster [2010.06.26 23:14:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Battlefield Heroes [2010.06.26 23:00:42 | 000,000,000 | ---D | C] -- C:\Programme\EA Games [56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 17:23:34 | 000,002,447 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk [2010.07.23 17:16:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.07.23 17:06:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.07.23 17:06:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.23 17:06:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.23 15:00:03 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.07.23 15:00:03 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.07.23 14:59:44 | 002,643,710 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.07.23 12:51:11 | 000,394,626 | ---- | M] () -- C:\temp.raw [2010.07.23 11:05:28 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.20 20:36:29 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.07.20 19:48:01 | 000,412,178 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.07.18 16:36:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.10 17:40:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.07.06 14:29:29 | 000,022,691 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\BC_2017_SoSe_08.pdf [2010.06.28 22:49:08 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.06.28 22:48:47 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.06.26 23:13:59 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys [2010.06.26 23:13:36 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe [2010.06.26 14:55:22 | 000,022,691 | ---- | M] () -- C:\BC_2017_SoSe_08.pdf [2010.06.24 23:00:10 | 001,032,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.24 23:00:10 | 000,461,624 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.24 23:00:10 | 000,443,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.24 23:00:10 | 000,085,360 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.24 23:00:10 | 000,072,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.24 19:26:44 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [56 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 11:05:28 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 10:54:11 | 000,002,447 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.lnk [2010.07.06 14:29:28 | 000,022,691 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\BC_2017_SoSe_08.pdf [2010.06.26 23:26:13 | 000,215,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.06.26 23:13:59 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.06.26 23:13:59 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys [2010.06.26 23:13:38 | 000,215,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010.06.26 23:13:36 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe [2010.06.26 23:13:36 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2010.06.24 19:27:12 | 000,022,691 | ---- | C] () -- C:\BC_2017_SoSe_08.pdf [2010.06.24 19:26:44 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2010.05.10 18:08:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.11.04 01:48:02 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2009.10.12 16:07:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Editor.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D282699C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 20:36:11 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,00 Mb Total Physical Memory | 216,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 5,94 Gb Free Space | 24,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-PC
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Anno 1701\Anno1701.exe" = C:\Programme\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- File not found
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7211EA6A-AB0F-432D-915E-F13166F2FB0B}" = OffiSync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E6618B7-F401-46DE-98CA-E5B5B9C07BCD}" = ArcGIS ArcReader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B635AA-4BBD-4F25-8DCE-6C74F9A9AD19}" = Kosmos Wald- und Forstlexikon
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EA68992B-273F-4692-B24E-FDE423760A2B}" = Geogrid®-Viewer
"{EE29E740-2BE2-4467-86D9-9EB27A326964}" = Top25 V3 Viewer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"bwin Poker_is1" = bwin Poker
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.2.1
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{A3B635AA-4BBD-4F25-8DCE-6C74F9A9AD19}" = Kosmos Wald- und Forstlexikon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"PunkBusterSvc" = PunkBuster Services
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2010 14:41:37 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0028f941.
Error - 22.07.2010 03:47:54 | Computer Name = HOME-PC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.07.2010 03:47:54 | Computer Name = HOME-PC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 22.07.2010 07:22:08 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00020003.
Error - 22.07.2010 09:59:58 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x002ab673.
Error - 23.07.2010 02:26:52 | Computer Name = HOME-PC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 23.07.2010 04:38:32 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 23.07.2010 06:50:51 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 23.07.2010 06:55:16 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x002a42a9.
Error - 23.07.2010 06:57:41 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung anstoss3.exe, Version 1.1.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0023025b.
[ System Events ]
Error - 26.05.2010 15:07:18 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 14.06.2010 09:07:00 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842761
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "C:\Dokumente
und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\3XJ8BT5R.TNV\XL4KYTWM.JQZ\offisync_a44cb2da6024b8b4_0001.0000_85c9d933acb9dd30\adxloader.dll.manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.06.2010 09:07:00 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842810
Description = Syntaxfehler in der Manifest- oder Richtliniendatei "C:\Dokumente
und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\3XJ8BT5R.TNV\XL4KYTWM.JQZ\offisync_a44cb2da6024b8b4_0001.0000_85c9d933acb9dd30\adxloader.dll.manifest"
in Zeile 2.
Error - 14.06.2010 09:07:00 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Dokumente und Einstellungen\Administrator\Lokale
Einstellungen\Apps\2.0\3XJ8BT5R.TNV\XL4KYTWM.JQZ\offisync_a44cb2da6024b8b4_0001.0000_85c9d933acb9dd30\adxloader.dll.manifest
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
< End of report >
|
|
23.07.2010, 20:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.07.2010, 08:34
| #5 |
| | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 09:31:51 on 24.07.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.7 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "1-Klick-Wartung.job" "TuneUp Software GmbH" C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe File exists || "WGASetup.job" "Microsoft Corporation" C:\WINDOWS\system32\KB905474\wgasetup.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "ac3filter.cpl" C:\WINDOWS\system32\ac3filter.cpl File exists |||||| "BCMWLCPL.CPL" "Broadcom Corporation" C:\WINDOWS\system32\BCMWLCPL.CPL File exists |||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "ECSEPM" "Sony Ericsson Mobile Communications AB" C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl File exists |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL File exists |||||| "QuickTime" "Apple Computer, Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PnkBstrK" (PnkBstrK) C:\WINDOWS\system32\drivers\PnkBstrK.sys File found, but it contains no detailed information |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists "smserial" (smserial) C:\WINDOWS\System32\DRIVERS\smserial.sys File not found "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" c:\WINDOWS\system32\mscoree.dll File exists |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists |||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL File exists |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll File exists |||||| {A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" "Sony Ericsson Mobile Communications AB" C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll File exists {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" File not found | COM-object registry key not found |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Programme\WinRAR\rarext.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBarLayout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||| "ICQ6" "ICQ, LLC." C:\Programme\ICQ6.5\ICQ.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists %UserProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||| "ATICCC" "ATI Technologies Inc." "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay File exists |||| "Broadcom Wireless Manager UI" "Broadcom Corporation" C:\WINDOWS\system32\WLTRAY File exists |||||| "ClamWin" "alch" "C:\Programme\ClamWin\bin\ClamTray.exe" --logon File exists |||| "GrooveMonitor" "Microsoft Corporation" "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" File exists |||| "QuickTime Task" "Apple Computer, Inc." "C:\Programme\QuickTime\qttask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists Network Providers HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order |||||| "Broadcom Logon Provider" "Broadcom Corporation" C:\WINDOWS\System32\BCMLogon.dll File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\WINDOWS\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists |||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists |||||| "Broadcom Wireless LAN Tray Service" (wltrysvc) C:\WINDOWS\System32\wltrysvc.exe File found, but it contains no detailed information |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "PnkBstrA" (PnkBstrA) C:\WINDOWS\system32\PnkBstrA.exe File found, but it contains no detailed information |||||| "PnkBstrB" (PnkBstrB) C:\WINDOWS\system32\PnkBstrB.exe File found, but it contains no detailed information |||||| "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) "TuneUp Software GmbH" C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe File exists |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
24.07.2010, 08:37
| #6 |
| | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:31:51 on 24.07.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.7 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "1-Klick-Wartung.job" "TuneUp Software GmbH" C:\Programme\TuneUpUtilities2006\SystemOptimizer.exe File exists || "WGASetup.job" "Microsoft Corporation" C:\WINDOWS\system32\KB905474\wgasetup.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "ac3filter.cpl" C:\WINDOWS\system32\ac3filter.cpl File exists |||||| "BCMWLCPL.CPL" "Broadcom Corporation" C:\WINDOWS\system32\BCMWLCPL.CPL File exists |||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "ECSEPM" "Sony Ericsson Mobile Communications AB" C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl File exists |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL File exists |||||| "QuickTime" "Apple Computer, Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PnkBstrK" (PnkBstrK) C:\WINDOWS\system32\drivers\PnkBstrK.sys File found, but it contains no detailed information |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists "smserial" (smserial) C:\WINDOWS\System32\DRIVERS\smserial.sys File not found "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists |||||| {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" c:\WINDOWS\system32\mscoree.dll File exists |||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists |||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL File exists |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists |||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll File exists |||||| {A5110426-177D-4e08-AB3F-785F10B4439C} "Sony Ericsson Datei-Manager" "Sony Ericsson Mobile Communications AB" C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll File exists {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" File not found | COM-object registry key not found |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Programme\WinRAR\rarext.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBarLayout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||| "ICQ6" "ICQ, LLC." C:\Programme\ICQ6.5\ICQ.exe File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists %UserProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||| "ATICCC" "ATI Technologies Inc." "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay File exists |||| "Broadcom Wireless Manager UI" "Broadcom Corporation" C:\WINDOWS\system32\WLTRAY File exists |||||| "ClamWin" "alch" "C:\Programme\ClamWin\bin\ClamTray.exe" --logon File exists |||| "GrooveMonitor" "Microsoft Corporation" "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" File exists |||| "QuickTime Task" "Apple Computer, Inc." "C:\Programme\QuickTime\qttask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists Network Providers HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order |||||| "Broadcom Logon Provider" "Broadcom Corporation" C:\WINDOWS\System32\BCMLogon.dll File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\WINDOWS\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists |||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists |||||| "Broadcom Wireless LAN Tray Service" (wltrysvc) C:\WINDOWS\System32\wltrysvc.exe File found, but it contains no detailed information |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "PnkBstrA" (PnkBstrA) C:\WINDOWS\system32\PnkBstrA.exe File found, but it contains no detailed information |||||| "PnkBstrB" (PnkBstrB) C:\WINDOWS\system32\PnkBstrB.exe File found, but it contains no detailed information |||||| "TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) "TuneUp Software GmbH" C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe File exists |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
24.07.2010, 10:04
| #7 |
| | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd .\debug.cpp(238) : Debug log started at 24.07.2010 - 09:00:39 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : esage lab - main .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x0020c000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806e3000 0x00020d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf79d2000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf78e2000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf73a2000 0x0002f000 "ACPI.sys" .\debug.cpp(256) : 0xf79d4000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf7391000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf74d2000 0x00009000 "isapnp.sys" .\debug.cpp(256) : 0xf74e2000 0x0000f000 "ohci1394.sys" .\debug.cpp(256) : 0xf74f2000 0x0000d000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS" .\debug.cpp(256) : 0xf78e6000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf78ea000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf7a9a000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf7752000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf7502000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf7372000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf79d6000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf734c000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf78ee000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf7a9b000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf775a000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf7a9c000 0x00001000 "amdide.sys" .\debug.cpp(256) : 0xf7512000 0x0000e000 "VolSnap.sys" .\debug.cpp(256) : 0xf7334000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf7522000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf7532000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf7314000 0x00020000 "fltMgr.sys" .\debug.cpp(256) : 0xf7302000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf7542000 0x00009000 "PxHelp20.sys" .\debug.cpp(256) : 0xf72eb000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf725e000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf7231000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf7216000 0x0001b000 "Mup.sys" .\debug.cpp(256) : 0xf71ea000 0x00004000 "\SystemRoot\system32\DRIVERS\tunmp.sys" .\debug.cpp(256) : 0xf7642000 0x0000a000 "\SystemRoot\system32\DRIVERS\processr.sys" .\debug.cpp(256) : 0xf71e6000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf6783000 0x00186000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys" .\debug.cpp(256) : 0xf676f000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf77b2000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys" .\debug.cpp(256) : 0xf674c000 0x00023000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf77ba000 0x00007000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf7652000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf7662000 0x0000d000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf7672000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf6729000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf6704000 0x00025000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xf7682000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf77c2000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf77ca000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf668c000 0x00078000 "\SystemRoot\system32\DRIVERS\ar5211.sys" .\debug.cpp(256) : 0xf7692000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys" .\debug.cpp(256) : 0xf667b000 0x00011000 "\SystemRoot\system32\DRIVERS\sdbus.sys" .\debug.cpp(256) : 0xf6667000 0x00014000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys" .\debug.cpp(256) : 0xf7c09000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf76a2000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf71de000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf6650000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf76b2000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf76c2000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf77d2000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf663f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf76d2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf77da000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf77e2000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf660e000 0x00031000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf76e2000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf7a20000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf65da000 0x00034000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf6cde000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf7702000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xf6979000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xf7a28000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xedd67000 0x0046c000 "\SystemRoot\system32\drivers\RtkHDAud.sys" .\debug.cpp(256) : 0xedd45000 0x00022000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xf7712000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xf7a4e000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf7b27000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf7a50000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xf7882000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf7a52000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf7a54000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xf788a000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xf7892000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf79c6000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xeda06000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xed9ae000 0x00058000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xed986000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xed965000 0x00021000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xf7562000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xed8f8000 0x00038000 "\SystemRoot\system32\DRIVERS\tcpip6.sys" .\debug.cpp(256) : 0xed8d6000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xf78a2000 0x00008000 "\SystemRoot\system32\DRIVERS\Ip6Fw.sys" .\debug.cpp(256) : 0xf7572000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xed8ab000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xf7582000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys" .\debug.cpp(256) : 0xed814000 0x0006f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xf7592000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xf76f2000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0xb7e77000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0xecc80000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS" .\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xb8438000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xb818c000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf7b73000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf012000 0x00043000 "\SystemRoot\System32\ati2dvag.dll" .\debug.cpp(256) : 0xbf055000 0x00045000 "\SystemRoot\System32\ati2cqag.dll" .\debug.cpp(256) : 0xbf09a000 0x00036000 "\SystemRoot\System32\atikvmag.dll" .\debug.cpp(256) : 0xbf0d0000 0x00292000 "\SystemRoot\System32\ati3duag.dll" .\debug.cpp(256) : 0xbf362000 0x00158000 "\SystemRoot\System32\ativvaxx.dll" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xed89f000 0x00004000 "\SystemRoot\system32\DRIVERS\AegisP.sys" .\debug.cpp(256) : 0xb5cb1000 0x00016000 "\SystemRoot\system32\DRIVERS\nwlnkipx.sys" .\debug.cpp(256) : 0xed3b0000 0x00010000 "\SystemRoot\system32\DRIVERS\nwlnknb.sys" .\debug.cpp(256) : 0xb970f000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xb5c39000 0x00028000 "\SystemRoot\system32\DRIVERS\nwrdr.sys" .\debug.cpp(256) : 0xb5be5000 0x0002c000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xb5ba8000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xb82c2000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xb82f2000 0x0000e000 "\SystemRoot\system32\DRIVERS\nwlnkspx.sys" .\debug.cpp(256) : 0xb59d0000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xed400000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf786a000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xb59cc000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xb5831000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xb497f000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHV2060BH_______________________00000029#5&1a45ebbd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4373&SUBSYS_10B81734&REV_80#3&13c0b0c5&0&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_093a&Pid_2510#6&30538674&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000075" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000031" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4082N_______________CW02____#304d36305437324e303220382020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP2T0L0-10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000044" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_17340000&REV_1003#4&22f7a6fe&0&0101#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EB7ECC0D-CE4E-40B6-8202-E55404079AF3}" .\debug.cpp(400) : Destination="\Device\{EB7ECC0D-CE4E-40B6-8202-E55404079AF3}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_10B81734&REV_10#4&fcf0450&0&28A4#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{E35A5BA1-33CC-4BAC-9FFA-6D0614ED8D34}" .\debug.cpp(400) : Destination="\Device\AegisP_{E35A5BA1-33CC-4BAC-9FFA-6D0614ED8D34}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000002f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination="\Device\NDProxy" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0" .\debug.cpp(400) : Destination="\Device\Tun0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip6" .\debug.cpp(400) : Destination="\Device\Ip6" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4375&SUBSYS_10B81734&REV_80#3&13c0b0c5&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8c3a9f3d-a9ee-11de-8091-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#50055f1b30d49#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000064" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{201BDF32-4EBA-4856-B7A1-DD53874CA57B}" .\debug.cpp(400) : Destination="\Device\{201BDF32-4EBA-4856-B7A1-DD53874CA57B}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&cfcfe0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{103AF803-FC66-401F-BE09-DA789D94478C}" .\debug.cpp(400) : Destination="\Device\{103AF803-FC66-401F-BE09-DA789D94478C}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_17340000&REV_1003#4&22f7a6fe&0&0101#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2DA33D6F-96AF-4007-BE61-9BC5B89ADAF9}" .\debug.cpp(400) : Destination="\Device\{2DA33D6F-96AF-4007-BE61-9BC5B89ADAF9}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E35A5BA1-33CC-4BAC-9FFA-6D0614ED8D34}" .\debug.cpp(400) : Destination="\Device\{E35A5BA1-33CC-4BAC-9FFA-6D0614ED8D34}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{201BDF32-4EBA-4856-B7A1-DD53874CA57B}" .\debug.cpp(400) : Destination="\Device\AegisP_{201BDF32-4EBA-4856-B7A1-DD53874CA57B}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000037" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPX" .\debug.cpp(400) : Destination="\Device\NdisWanIpx" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7ac60c42-a9e8-11de-a21c-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD63E01FAOffset7E00Length61A78E800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination="\Device\USBFDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4374&SUBSYS_10B81734&REV_80#3&13c0b0c5&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_00F7&SUBSYS_10B81734&REV_02#4&fcf0450&0&20A4#{6bdd1fc1-810f-11d0-bec7-08002be2092f}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_17340000&REV_1003#4&22f7a6fe&0&0101#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000042" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E981D680-9C86-495C-963B-1EE6101FDEF3}" .\debug.cpp(400) : Destination="\Device\{E981D680-9C86-495C-963B-1EE6101FDEF3}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_093a&Pid_2510#6&30538674&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000075" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394" .\debug.cpp(400) : Destination="\Device\ARP1394" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5975&SUBSYS_10B81734&REV_00#4&2c0d4f31&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4082N_______________CW02____#304d36305437324e303220382020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP2T0L0-10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&fab2443&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000060" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPX#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000030" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000002e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{97125313-6808-407D-A76C-24F1A0606EBB}" .\debug.cpp(400) : Destination="\Device\{97125313-6808-407D-A76C-24F1A0606EBB}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000045" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_72#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000041" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000005" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_17340000&REV_1003#4&22f7a6fe&0&0101#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP" .\debug.cpp(400) : Destination="\Device\AegisP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&47a0f18&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0" .\debug.cpp(400) : Destination="\Device\1394BUS0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4082N_______________CW02____#304d36305437324e303220382020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP2T0L0-10" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_72#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000040" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0861&SUBSYS_17340000&REV_1003#4&22f7a6fe&0&0101#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A6C0B53B-BDD7-4F0F-91A4-9B7C3101FC43}" .\debug.cpp(400) : Destination="\Device\{A6C0B53B-BDD7-4F0F-91A4-9B7C3101FC43}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination="\Device\NdisTapi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2168C577-E098-437C-8788-81D08EB5B3D2}" .\debug.cpp(400) : Destination="\Device\{2168C577-E098-437C-8788-81D08EB5B3D2}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CB66AB21-DB03-48DF-9405-C1D30D608771}" .\debug.cpp(400) : Destination="\Device\{CB66AB21-DB03-48DF-9405-C1D30D608771}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B89EB8DC-3E92-4EE7-AA49-CFF6C8332C1C}" .\debug.cpp(400) : Destination="\Device\{B89EB8DC-3E92-4EE7-AA49-CFF6C8332C1C}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip6fw" .\debug.cpp(400) : Destination="\Device\Ip6fw" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_093a&Pid_2510#5&10adda5e&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&fab2443&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000061" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001A&SUBSYS_2052168C&REV_01#4&fcf0450&0&18A4#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2aa590ac&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000039" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(451) : ********************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 7e2d793e655aa56e54045c9032f66f00 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 55 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1217) : remover.exe fix <device_name> .\boot_cleaner.cpp(1220) : .\boot_cleaner.cpp(1242) : Done; |
|
26.07.2010, 14:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Auswertung meines HijackThis Logs - Werbefenster öffnen sich andauernd |
| adobe, auswertung, bho, dateien, excel, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, hotkey, icq, internet, internet explorer, micro, microsoft, mozilla, plug-in, programme, software, super, system, werbefenster, werbung, windows, windows xp, winsock, wireless, wireless lan |
Linear-Darstellung
