| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32/krypt.ftqWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.08.2010, 11:20
| #1 | |
 |  win32/krypt.ftq hi, ich hab den win32/kryptik.ftq. Nod32 kann den nicht löschen. #1 CCleaner erledigt. #2 Malwarebytes Zitat:
[QUOTE] OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.08.2010 12:14:27 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\+++\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 123,41 Gb Free Space | 66,24% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: +++-PC Current User Name: +++ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\+++\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\+++\AppData\Roaming\Qeca\ozvyc.exe (Zhjln Orftvii Fockjn) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Programme\ASUS\ASUS Direct Console\LCMP.exe (ASUSTeK COMPUTER INC.) PRC - C:\Programme\ASUS\ASUS Direct Console\D3DCheck.exe (ASUSTeK COMPUTER INC.) ========== Modules (SafeList) ========== MOD - C:\Users\+++\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) ========== Driver Services (SafeList) ========== DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found DRV:64bit: - (C) -- C:\Windows\SysNative\Drivers\C.sys File not found DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (pfmfs_359) -- C:\Windows\SysNative\drivers\pfmfs_359.sys (Pismo Technic Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (CSN5PD82x64) -- C:\Windows\SysNative\drivers\CSN5PD82x64.sys (Colasoft Co., Ltd.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (Ltn_hyd7700pc_64) -- C:\Windows\SysNative\drivers\Ltn_hyd7700pc_64.sys (Liteon) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 64 69 1F F6 DB CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 12:48:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 23:14:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.23 18:39:37 | 000,000,000 | ---D | M] [2010.01.23 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\mozilla\Extensions [2010.07.25 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\h6z1sowi.Standard-Benutzer\extensions [2010.04.13 19:37:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.06.25 21:27:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.25 21:27:05 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.25 21:27:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.25 21:27:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.25 21:27:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [ChkMail] C:\Programme\ChkMail\ChkMail\ChkMail.exe (ChkMail) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [zDirectMessenger] C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE (ASUSTeK COMPUTER INC.) O4 - HKCU..\Run: [{7BE871DD-2212-0724-3A57-59287BACF4C8}] C:\Users\+++\AppData\Roaming\Qeca\ozvyc.exe (Zhjln Orftvii Fockjn) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h#xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} x+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h+xp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A6 72-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.01 12:03:53 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Roaming\Malwarebytes [2010.08.01 12:03:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.01 12:03:46 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.01 12:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.01 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.30 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\2010_07_20_Philipps Unfallort [2010.07.30 17:26:35 | 000,000,000 | ---D | C] -- C:\HDW20_TMP [2010.07.30 17:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2010.07.30 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Local\Panasonic [2010.07.30 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2010.07.29 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Roaming\Digital+++ [2010.07.29 14:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital+++ [2010.07.29 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\+++\.jivex [2010.07.28 12:42:08 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\2010_07_27_Schimmel Phil Zimmer [2010.07.21 09:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real [2010.07.21 09:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2010.07.14 19:21:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.07.13 15:59:26 | 000,218,624 | ---- | C] (Digital+++ co.,ltd) -- C:\Windows\SysWow64\SetupOnis22Free.dll ========== Files - Modified Within 30 Days ========== [2010.08.01 12:14:07 | 002,621,440 | -HS- | M] () -- C:\Users\+++\NTUSER.DAT [2010.08.01 12:09:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.01 12:03:50 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 11:34:47 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.01 11:34:47 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.01 11:32:22 | 001,905,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.01 11:32:22 | 000,814,198 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.01 11:32:22 | 000,747,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.01 11:32:22 | 000,193,500 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.01 11:32:22 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.01 11:27:36 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine+++.job [2010.08.01 11:27:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2010.08.01 11:27:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.01 11:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.01 11:27:17 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2010.08.01 00:07:39 | 008,954,806 | -H-- | M] () -- C:\Users\+++\AppData\Local\IconCache.db [2010.07.30 20:39:32 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.07.30 20:39:32 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT [2010.07.29 14:01:46 | 000,000,001 | R--- | M] () -- C:\Users\+++\serverport [2010.07.13 15:59:26 | 000,218,624 | ---- | M] (Digital+++ co.,ltd) -- C:\Windows\SysWow64\SetupOnis22Free.dll ========== Files Created - No Company Name ========== [2010.08.01 12:03:50 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.30 20:39:32 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2010.07.29 13:47:45 | 000,000,001 | R--- | C] () -- C:\Users\+++\serverport [2010.06.18 14:25:44 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.12 17:55:43 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.05 11:36:45 | 001,774,432 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.25 16:51:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.12.10 15:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.29 16:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.05.29 16:47:06 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvid+++.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== LOP Check ========== [2010.07.31 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Adduso [2010.03.04 00:04:44 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\ASCOMP Software [2010.02.05 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Colasoft Packet Builder [2010.01.24 01:46:07 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\DAEMON Tools Lite [2010.01.24 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\DAEMON Tools Pro [2010.07.29 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Digital+++ [2010.02.24 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\KillProcess [2010.02.13 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Paltalk [2010.06.01 09:35:50 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Qeca [2010.01.29 05:38:52 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Shark007 [2010.05.19 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TeamViewer [2010.07.31 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\uTorrent [2010.01.27 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Win7codecs [2010.01.25 01:51:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Wireshark [2010.06.27 10:51:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:242231A9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B9D8E22 < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.08.2010 12:14:27 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\+++\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 123,41 Gb Free Space | 66,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: +++-PC
Current User Name: +++
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CE4F361A-8C13-441C-A21A-DDC0FBA6FEED}" = ESET NOD32 Antivirus
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F75FFCEC-4807-319D-A186-5117EDFE8115}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"{FC3853AF-7CCB-407D-809D-31BAA078D6FD}" = Microsoft UrlScan Filter v3.1
"0B63C37025C2F467B0BAF5BC9C10E853F201C510" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (10/03/2007 5.0.0004.5)
"5411046CC762A9020A8AB7BD31710ECCA6E432C2" = Windows-Treiberpaket - Alps Touch Pad Driver (09/12/2006 7.100.1301.2)
"MatlabR2009b" = MATLAB R2009b
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"ProInst" = Intel PROSet Wireless
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR archiver
"x64 Components_is1" = x64 Components v2.3.7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}" = ASUS Direct Console
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1EC1D18A-AA03-4909-BE7F-2E86112A64CE}" = Onis 2.2 Free Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{d1e6113e-f1ae-4824-b300-09ad6c458521}" = Nero 9 Trial
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVI Splitter_is1" = AVI Splitter
"CCleaner" = CCleaner
"Colasoft Packet Builder 1.0_is1" = Colasoft Packet Builder 1.0
"HijackThis" = HijackThis 2.0.2
"KillProcess" = KillProcess 2.42
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.SingleImage" = Microsoft Office Professional 2010
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Secure Eraser_is1" = Secure Eraser v3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.5
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Menu Layout Demo" = Menu Layout Demo
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2010 01:39:00 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 13.07.2010 01:45:09 | Computer Name = +++-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.07.2010 02:18:22 | Computer Name = +++-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 15b8 Startzeit: 01cb224e0e7a6001 Endzeit: 4 Anwendungspfad: C:\Windows\system32\SndVol.exe
Berichts-ID:
621b6ad7-8e41-11df-890a-001bfceefd82
Error - 16.07.2010 03:08:21 | Computer Name = +++-PC | Source = MsiInstaller | ID = 11704
Description =
Error - 16.07.2010 03:09:05 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 16.07.2010 05:36:51 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 16.07.2010 11:09:16 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 27.07.2010 12:13:56 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 30.07.2010 13:09:16 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
Error - 31.07.2010 17:59:23 | Computer Name = +++-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
cdrbsdrv. System Error: Das System kann die angegebene Datei nicht finden. .
[ Media Center Events ]
Error - 27.04.2010 13:58:48 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:58:48 - Fehler beim Herstellen der Internetverbindung. 19:58:48
- Serververbindung konnte nicht hergestellt werden..
Error - 27.04.2010 13:59:09 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:58:53 - Fehler beim Herstellen der Internetverbindung. 19:58:53
- Serververbindung konnte nicht hergestellt werden..
Error - 27.04.2010 14:59:15 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:59:15 - Fehler beim Herstellen der Internetverbindung. 20:59:15
- Serververbindung konnte nicht hergestellt werden..
Error - 27.04.2010 14:59:28 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:59:20 - Fehler beim Herstellen der Internetverbindung. 20:59:20
- Serververbindung konnte nicht hergestellt werden..
Error - 29.04.2010 16:25:13 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 22:25:13 - Fehler beim Herstellen der Internetverbindung. 22:25:13
- Serververbindung konnte nicht hergestellt werden..
Error - 29.04.2010 16:26:23 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 22:25:19 - Fehler beim Herstellen der Internetverbindung. 22:25:19
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:09:04 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:09:04 - Fehler beim Herstellen der Internetverbindung. 19:09:04
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:09:55 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:09:09 - Fehler beim Herstellen der Internetverbindung. 19:09:09
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 14:10:27 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:10:27 - Fehler beim Herstellen der Internetverbindung. 20:10:27
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 14:10:48 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:10:33 - Fehler beim Herstellen der Internetverbindung. 20:10:33
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.05.2010 06:08:25 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 14.05.2010 08:38:28 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 14.05.2010 08:41:23 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 14.05.2010 08:41:23 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 14.05.2010 11:02:02 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 14.05.2010 11:02:02 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 14.05.2010 11:02:05 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 14.05.2010 12:44:45 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
Error - 14.05.2010 12:44:45 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
Error - 14.05.2010 12:44:48 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
Vielen Dank wenn man mir hilft. Gruß, Neus23 |
|
01.08.2010, 13:54
| #2 |
| | win32/krypt.ftq Malewarebytes hat den Virus nicht gefunden, weil der Virus anscheinend zu aktuell für MWB ist. Nod32 erkennt den Virus schon, kann ihn aber nicht löschen.
__________________Der Virus läuft in meinem Task Manager mit folgendem Pfad mit: 01.08.2010 14:29:09 Prüfung der Systemstartdateien Datei C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe Variante von Win32/Kryptik.FTQ Trojaner Fehler beim Löschen Combofit funzt bei mir nicht, weil ich unter 64bit bin. Also scheint es wohl noch kein Mittel zur Entfernung des Win32/Kryptik.FTQ zu geben? Auch Suchmaschinen finden noch keine Threads über Kryptik.FTQ Der Virus erscheint mir als hochaktuell |
|
01.08.2010, 14:12
| #3 |
| /// Helfer-Team  | win32/krypt.ftq C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe
__________________Datei bei Virustotal prüfen lassen, ob es sich hier um kein false positve handelt. |
|
01.08.2010, 14:39
| #4 |
| | win32/krypt.ftq Also ich habe diese Datei im Task Manager beendet: C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe Und dann mit SecureEraser mehrfach überschreiben lassen und somit sicher gelöscht. Aus diesem Grund kann ich nicht mehr über VirusTotal auf Falsivität überprüfen. Ob ich nun 100% malware frei bin weiß ich nicht. Fehlt für die Beurteilung noch ein Log? |
|
01.08.2010, 15:05
| #6 |
| | win32/krypt.ftq info.txt [PHP]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-01 16:00:32
======Uninstall list======
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
µTorrent-->"C:\Program Files (x86)\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft WebCam Companion 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7B937101-FD85-4CA9-9176-ADA6492314AF}\Setup.exe" -l0x7
ASUS Direct Console-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}\Setup.exe" -l0x9
ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
AVI Splitter-->"C:\Program Files (x86)\avisplit\unins000.exe"
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
ChkMail-->C:\Program Files (x86)\InstallShield Installation Information\{250F0996-1830-40C8-9B1D-6874D808DD95}\setup.EXE -runfromtemp -l0x0009 -removeonly
Colasoft Packet Builder 1.0-->"C:\Program Files (x86)\Colasoft Packet Builder 1.0\unins000.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Crystal Reports Basic German Language Pack for Visual Studio 2008-->MsiExec.exe /X{3924C3E7-C440-4B23-9740-9A9EC0545F21}
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
KillProcess 2.42-->C:\Program Files (x86)\KillProcess\uninst.exe
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft Document Explorer 2008 Language Pack - DEU-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - DEU\install.exe
Microsoft Document Explorer 2008 Language Pack - DEU-->MsiExec.exe /X{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office Access MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0407-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0407-0000-0000000FF1CE} /uninstall {0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}
Microsoft Office Single Image 2010 (Beta)-->MsiExec.exe /X{20140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (German) 2007-->MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft SQL Server Compact 3.5 for Devices DEU-->MsiExec.exe /I{1C3ADB5F-750E-4453-AC98-B75C5323845C}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Express Edition - DEU-->C:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - DEU\setup.exe
Microsoft Visual C++ 2008 Express Edition - DEU-->MsiExec.exe /X{B571B309-5E65-3DCE-8DE7-205DE2D366C3}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - DEU-->c:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - DEU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Trial-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Onis 2.2 Free Edition-->MsiExec.exe /I{1EC1D18A-AA03-4909-BE7F-2E86112A64CE}
QuickTime Alternative 3.1.0-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
RICOH R5U8xx Media Driver ver.3.62.02-->"C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0007 anything -removeonly
Secure Eraser v3.1-->"C:\Program Files (x86)\ASCOMP Software\Secure Eraser\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{701D1499-1FE5-4E8E-9E09-562423116373}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{76CB26F9-C8AD-403B-8461-168B18C2FE31}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{7CDAA76C-5DB2-431F-A921-14A106BD8FA3}" "1031" "0"
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {D2313FB6-9E59-4846-9910-C0990A01D20D} /qb+ REBOOTPROMPT=""
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Veetle TV 0.9.17-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU\install.exe
VLC media player 1.0.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{DA7F48EF-5F56-45FE-9169-3B8159A7A323}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
WinPcap 4.1.1-->C:\Program Files (x86)\WinPcap\uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
Wireshark 1.2.5-->"C:\Program Files\Wireshark\uninstall.exe"
Xvid 1.2.2 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"
======System event log======
Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peernetzwerk-Gruppenzuordnung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36665
Source Name: Service Control Manager
Time Written: 20100328142410.547806-000
Event Type: Informationen
User:
Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peer Name Resolution-Protokoll" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36664
Source Name: Service Control Manager
Time Written: 20100328142409.949771-000
Event Type: Informationen
User:
Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peernetzwerkidentitäts-Manager" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36663
Source Name: Service Control Manager
Time Written: 20100328142409.439742-000
Event Type: Informationen
User:
Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Heimnetzgruppen-Listener" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36662
Source Name: Service Control Manager
Time Written: 20100328142409.223730-000
Event Type: Informationen
User:
Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Heimnetzgruppen-Anbieter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36661
Source Name: Service Control Manager
Time Written: 20100328142408.975716-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPDriverNotFound
Antwort: Nicht verfügbar
CAB-Datei-ID: 0
Problemsignatur:
P1: x64
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:
Angefügte Dateien:
C:\Windows\Temp\DMIC5AE.tmp.log.xml
Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d4a99e8e3cb284c21dcc14fa73286c8c8f3f5f25_cab_076dc63b
Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: ad8b685f-079e-11df-a084-c36bdc664168
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100122213955.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100122213907.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100122213903.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 2
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100122213859.000000-000
Event Type: Informationen
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.
Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100122213858.922102-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: Eine sicherheitsaktivierte lokale Gruppe wurde geändert.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 37L4247E29-32$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Gruppe:
Sicherheits-ID: S-1-5-32-551
Gruppenname: Sicherungs-Operatoren
Gruppendomäne: Builtin
Geänderte Attribute:
SAM-Kontoname: -
SID-Verlauf: -
Weitere Informationen:
Berechtigungen: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.692063-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: Eine sicherheitsaktivierte lokale Gruppe wurde erstellt.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 37L4247E29-32$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Neue Gruppe:
Sicherheits-ID: S-1-5-32-551
Gruppenname: Sicherungs-Operatoren
Gruppendomäne: Builtin
Attribute:
SAM-Kontoname: Sicherungs-Operatoren
SID-Verlauf: -
Weitere Informationen:
Berechtigungen: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.676463-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
Anzahl von Elementen: 0
Richtlinienkennung: 0x32c41
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.208462-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 0
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x4
Prozessname:
Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213833.665658-000
Event Type: Überwachung erfolgreich
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wird gestartet.
Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213833.540858-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES\MATLAB\R2009B\RUNTIME\WIN64;C:\PROGRAM FILES\MATLAB\R2009B\BIN;C:\PROGRAM FILES (X86)\QUICKTIME ALTERNATIVE\QTSYSTEM;;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"VS90COMNTOOLS"=c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\
-----------------EOF-----------------
log.txt [PHP] RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by +++ at 2010-08-01 16:00:26 Microsoft Windows 7 Professional System drive C: has 126 GB (66%) free of 191 GB Total RAM: 4095 MB (53% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:00:30, on 01.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\+++\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\+++.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = +++://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = +++://search.conduit.com?SearchSource=10&ctid=CT2431245 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = +++://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = +++://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +++://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = +++://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - +++://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET +++ Server (E+++Srv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\E+++Srv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ShowAnalyzerMaster - Unknown owner - C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8065 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachine+++.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-09 6937216] "ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-19 170624] "HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016] "zDirectMessenger"=C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE [2007-09-12 988160] "ChkMail"=C:\Program Files\ChkMail\ChkMail\ChkMail.exe [2007-07-13 741376] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoDriveTypeAutoRun"=95 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-01 14:26:01 ----D---- C:\32788R22FWJFW 2010-08-01 12:03:53 ----D---- C:\Users\+++\AppData\Roaming\Malwarebytes 2010-08-01 12:03:47 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-08-01 12:03:46 ----D---- C:\ProgramData\Malwarebytes 2010-08-01 12:03:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-07-30 17:26:35 ----D---- C:\HDW20_TMP 2010-07-30 17:07:32 ----D---- C:\ProgramData\Panasonic 2010-07-30 17:02:07 ----D---- C:\Program Files (x86)\Common Files\Panasonic 2010-07-29 14:07:53 ----D---- C:\Users\+++\AppData\Roaming\Digital+++ 2010-07-29 14:04:13 ----D---- C:\Program Files (x86)\Digital+++ 2010-07-21 09:58:08 ----D---- C:\Windows\SysWOW64\Adobe 2010-07-21 09:58:08 ----D---- C:\Program Files (x86)\Common Files\Real 2010-07-13 15:59:26 ----A---- C:\Windows\SysWOW64\SetupOnis22Free.dll ======List of files/folders modified in the last 1 months====== 2010-08-01 16:00:30 ----D---- C:\Windows\Prefetch 2010-08-01 16:00:30 ----D---- C:\Program Files (x86)\Trend Micro 2010-08-01 16:00:29 ----D---- C:\Windows\Temp 2010-08-01 15:56:33 ----D---- C:\Windows 2010-08-01 14:49:10 ----D---- C:\Windows\tracing 2010-08-01 14:42:29 ----D---- C:\Windows\System32 2010-08-01 14:42:28 ----D---- C:\Windows\inf 2010-08-01 14:32:55 ----D---- C:\Windows\SysWOW64\drivers 2010-08-01 13:57:00 ----D---- C:\Users\+++\AppData\Roaming\mIRC 2010-08-01 12:03:46 ----D---- C:\ProgramData 2010-08-01 12:03:46 ----D---- C:\Program Files (x86) 2010-07-31 23:44:53 ----SHD---- C:\System Volume Information 2010-07-31 23:44:52 ----D---- C:\Windows\SysWOW64 2010-07-31 23:23:55 ----D---- C:\Users\+++\AppData\Roaming\uTorrent 2010-07-30 20:39:32 ----A---- C:\Windows\BRWMARK.INI 2010-07-30 17:02:07 ----D---- C:\Program Files (x86)\Common Files 2010-07-30 17:01:53 ----SHD---- C:\Windows\Installer 2010-07-30 17:01:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-07-30 17:01:43 ----D---- C:\Windows\winsxs 2010-07-25 12:48:21 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-07-22 22:57:27 ----D---- C:\Windows\debug 2010-07-21 09:58:08 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-07-16 09:08:27 ----D---- C:\Windows\SysWOW64\en-US 2010-07-16 09:08:27 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-07-16 09:08:26 ----D---- C:\Windows\Microsoft.NET 2010-07-09 21:41:26 ----D---- C:\Users\+++\AppData\Roaming\vlc ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [] R1 pfmfs_359;pfmfs_359; C:\Windows\system32\Drivers\pfmfs_359.sys [] R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [] R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [] R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [] R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [] R3 Ltn_hyd7700pc_64;TV tuner device ; C:\Windows\System32\Drivers\Ltn_hyd7700pc_64.sys [] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [] R3 netw5v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64-Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [] R3 smserial;smserial; C:\Windows\system32\DRIVERS\SmSerl64.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [] R3 vpcbus;Virtual PC-Hostbusdienst; C:\Windows\system32\DRIVERS\vpchbus.sys [] R3 vpcusb;USB-Virtualisierungsconnectordienst; C:\Windows\system32\DRIVERS\vpcusb.sys [] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [] S3 C;C NDIS Protocol Driver; C:\Windows\System32\Drivers\C.sys [] S3 CSN5PD82x64;CSN5PD82x64 NDIS Protocol Driver; C:\Windows\System32\Drivers\CSN5PD82x64.sys [] S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [] S3 vpcuxd;USB-Virtualisierungsstubdienst; C:\Windows\system32\DRIVERS\vpcuxd.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152] R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-07-21 96824] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 1420560] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 831760] R2 SQLBrowser;SQL Server-Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-23 135664] S2 ShowAnalyzerMaster;ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 E+++Srv;ESET +++ Server; C:\Program Files\ESET\ESET NOD32 Antivirus\E+++Srv.exe [2009-11-16 23296] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-08 4466688] -----------------EOF----------------- |
|
01.08.2010, 15:37
| #7 |
| /// Helfer-Team | win32/krypt.ftq Sehe im Log bis auf ein paar unnötige Einträge nichts. Hast du noch Probleme? eScan laden und ausführen wie in Anleitung beschrieben. Poste das Log. http://www.modernboard.de/viren-wuer...nd-tricks.html |
|
01.08.2010, 16:24
| #8 |
| | win32/krypt.ftq eScan hat tatsächlich noch Infektionen gefunden. Der Scan ist nicht ganz fertig und durchsucht schon länger den Matlab Ordner. Hier schonmal das Log PHP-Code: |
|
01.08.2010, 17:14
| #9 |
| /// Helfer-Team | win32/krypt.ftq Ok, Spyware und ein Malware wurde desinfiziert. Bitte nochmal Online Scan mit Eset. Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
|
|
01.08.2010, 20:43
| #10 | |
| | win32/krypt.ftq Eset Scan hat 3 weitere Infektionen gefunden. Eset Log: Zitat:
|
|
01.08.2010, 21:28
| #11 |
| /// Helfer-Team | win32/krypt.ftq Lade dir Gmer. Ausführen wie in Anleitung beschrieben. Poste das Log. Kann ich mir heute aber nicht mehr ansehen. http://www.trojaner-board.de/74908-a...t-scanner.html |
|
02.08.2010, 09:07
| #12 |
| | win32/krypt.ftq Hallo, weil ich windows 64 bit habe erhalte ich folgende fehlermeldung von gmer: "C:\Windows\system32\config\system: The system cannot find the file specified." Es konnten nur ADS, Services, Registry und Files überprüft werden, alle anderen Häkchen konnten nicht ausgewählt werden. In Services, Registry und Files wurde keine "System modification" gefunden. Es wurde aber auch kein Log erstellt. |
|
02.08.2010, 17:51
| #13 |
| /// Helfer-Team | win32/krypt.ftq Versuche es mal damit. http://ht4u.net/download-details/347/1167/ |
|
02.08.2010, 20:07
| #14 |
| | win32/krypt.ftq Wird auch nicht besser. Lässt sich eingeschränkt scannen und fertig kein Log an. Ich habe heute mal einen Trend Micro Online Scan gemacht. Der hat keinen Fund gemeldet. |
|
02.08.2010, 21:18
| #15 |
| /// Helfer-Team | win32/krypt.ftq Wie sieht es mittlerweile mit den Problemen aus? |
|
| Themen zu win32/krypt.ftq |
| .dll, 64-bit, 7-zip, alternate, antivirus, bho, c:\windows\system32\rundll32.exe, components, document, egui.exe, ekrn.exe, eraser, error, eset nod32, excel, explorer, extras.txt, fehler, firefox, firefox.exe, flash player, format, gfnexsrv.exe, hijack, hijackthis, install.exe, langs, location, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, msiinstaller, nvidia, object, office 2007, oldtimer, otl scan, otl.exe, otl.txt, plug-in, programdata, programme, realtek, registry, rundll, saver, searchplugins, security, security update, senden, shark, shell32.dll, shortcut, software, sptd.sys, studio, system error, syswow64, usb 2.0, visual studio, vlc media player, webcheck |
Linear-Darstellung
