| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Generic Host Process for Win32 Services" Fehlermeldung - Win32.Blaster ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.08.2010, 00:26
| #3 |
 |  "Generic Host Process for Win32 Services" Fehlermeldung - Win32.Blaster ? So, hab hier die Logfiles:
__________________OTL: Code:
ATTFilter OTL logfile created on: 04.08.2010 18:31:37 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 447,00 Mb Total Physical Memory | 200,00 Mb Available Physical Memory | 45,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 32,00 Gb Total Space | 22,95 Gb Free Space | 71,72% Space Free | Partition Type: NTFS Drive D: | 42,55 Gb Total Space | 4,28 Gb Free Space | 10,06% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe () PRC - C:\WINDOWS\system32\lxdncoms.exe ( ) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe (NVIDIA Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( ) SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe () SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MAUSBML) Service for M-Audio Conectiv (WDM) -- C:\WINDOWS\system32\drivers\mausbcv.sys (Avid Technology, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (XE103Sp50) -- C:\WINDOWS\system32\drivers\XE103Sp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (NETFWDSL) -- C:\WINDOWS\system32\drivers\NETFWDSL.SYS (AVM Berlin) DRV - (NETDSL) -- C:\WINDOWS\system32\drivers\netdsl.sys (Microsoft Corporation) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.08.03 13:10:16 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FaxCenterServer] C:\Programme\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [lxdnamon] C:\Programme\Lexmark 2600 Series\lxdnamon.exe () O4 - HKLM..\Run: [lxdnmon.exe] C:\Programme\Lexmark 2600 Series\lxdnmon.exe () O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.11 08:49:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8cdb48e6-632d-11df-a72a-000c764b33d9}\Shell - "" = AutoRun O33 - MountPoints2\{8cdb48e6-632d-11df-a72a-000c764b33d9}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.04 18:29:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.04 17:23:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.04 11:52:08 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.03 18:12:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ElevatedDiagnostics [2010.08.03 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2010.08.03 13:10:34 | 000,000,000 | ---D | C] -- C:\ERDNT [2010.08.03 11:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010.08.03 11:16:26 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.08.03 10:48:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.08.03 10:47:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.08.03 10:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.08.02 03:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.08.02 02:45:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.07.29 08:48:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.27 17:45:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\DVDVideoSoft [2010.07.27 17:44:52 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.07.26 21:03:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\TubeBox! [2010.07.26 21:02:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TubeBox [2010.07.26 21:02:14 | 000,000,000 | ---D | C] -- C:\Programme\Jens Lorek [2010.07.26 09:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\PLANING [2010.07.26 09:56:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Frigate True Type [2010.07.26 09:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\OpenType [2010.07.26 09:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\DIGITALIS [2010.07.26 09:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Adobe Type 1 [2010.07.25 19:05:26 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\NVIDIA Shared [2010.07.25 19:05:26 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.07.25 18:37:33 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvumpu.exe [2010.07.25 18:34:50 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuaudio.exe [2010.07.25 18:17:48 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2010.07.23 09:13:34 | 000,356,864 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2010.07.23 09:13:34 | 000,244,224 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioConectivControlPanelApplet.cpl [2010.07.23 09:13:34 | 000,131,712 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\mausbcv.sys [2010.07.23 09:13:33 | 002,424,084 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\madiousb.dll [2010.07.23 09:13:33 | 000,021,504 | ---- | C] (Avid Technology, Inc.) -- C:\WINDOWS\System32\mausbasio.dll [2010.07.23 09:13:33 | 000,016,512 | ---- | C] (M-Audio) -- C:\WINDOWS\System32\madfu.sys [2010.07.23 09:13:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield [2010.07.21 17:05:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\M-Audio [2010.07.21 17:04:42 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys [2010.07.21 17:04:42 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2010.07.21 17:02:29 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll [2010.07.21 17:02:28 | 000,000,000 | ---D | C] -- C:\Programme\M-Audio [2010.07.15 08:28:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google [2010.07.10 08:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.07.07 09:10:48 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.03.04 19:41:37 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll [2010.03.04 19:41:37 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll [2010.03.04 19:41:36 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll [2010.03.04 19:41:36 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll [2010.03.04 19:41:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll [2010.03.04 19:41:35 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll [2010.03.04 19:41:35 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll [2010.03.04 19:41:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll [2010.03.04 19:41:34 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll [2010.03.04 19:41:32 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll [2010.03.04 19:41:32 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.04 18:29:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.04 17:56:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.04 17:27:55 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.04 17:27:25 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.08.04 17:27:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.04 17:27:11 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 17:26:19 | 004,456,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.08.04 17:26:19 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.04 12:52:59 | 004,240,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.04 10:22:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.08.04 06:05:37 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.08.03 18:54:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.03 13:10:16 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.03 11:16:26 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.08.03 10:26:32 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.03 10:26:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.02 16:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.01 23:57:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.01 16:33:08 | 000,237,568 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.27 18:01:03 | 000,496,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.27 17:44:57 | 000,001,048 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Audio CD to MP3 Converter.lnk [2010.07.26 21:03:05 | 000,173,280 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.26 21:02:47 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tube Box.lnk [2010.07.25 19:06:21 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.25 19:06:21 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.25 19:06:21 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.25 19:06:21 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.25 19:06:20 | 001,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.25 18:17:52 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\EVEREST Home Edition.lnk [2010.07.21 17:44:52 | 000,000,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\tintsnft.sys [2010.07.21 17:02:32 | 000,000,646 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Torq.lnk [2010.07.15 10:58:06 | 000,361,216 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.04 18:30:41 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\f1gvzoe9.exe [2010.08.04 12:53:34 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys [2010.08.03 11:17:57 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.07.27 17:44:57 | 000,001,048 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Audio CD to MP3 Converter.lnk [2010.07.26 21:02:15 | 000,002,321 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tube Box.lnk [2010.07.25 19:04:36 | 000,004,624 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu [2010.07.25 18:17:52 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\EVEREST Home Edition.lnk [2010.07.21 17:44:52 | 000,000,080 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\tintsnft.sys [2010.07.21 17:02:32 | 000,000,646 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Torq.lnk [2010.03.23 17:23:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.03.04 19:46:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll [2010.03.04 19:46:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll [2010.03.04 19:44:56 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll [2010.03.04 19:44:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll [2010.03.04 19:44:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll [2010.03.04 19:44:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL [2010.03.04 19:44:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL [2010.03.04 19:44:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll [2010.03.04 19:44:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL [2010.03.04 19:41:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini [2010.03.04 19:41:38 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll [2010.03.04 19:41:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll [2010.02.14 09:19:39 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2010.02.14 09:19:39 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\IniFile1.ini [2010.02.12 21:14:22 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.10.22 07:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.10.22 07:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.10.22 07:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.10.22 07:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 07:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.10.22 07:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.10.22 07:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll ========== LOP Check ========== [2010.02.14 10:06:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.02.12 21:13:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.06.17 10:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm [2010.03.06 06:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.04.02 08:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite [2010.08.03 18:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ElevatedDiagnostics [2010.03.04 12:13:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ! [2010.03.04 20:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lexmark Productivity Studio [2010.07.21 17:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\M-Audio [2010.07.19 08:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mibeu [2010.04.02 08:01:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Propellerhead Software [2010.07.02 11:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qosase [2010.07.22 07:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Taymul [2010.07.26 21:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TubeBox [2010.03.06 06:49:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software [2010.08.04 17:27:25 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2010.08.04 06:05:37 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 18:31:37 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
447,00 Mb Total Physical Memory | 200,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,00 Gb Total Space | 22,95 Gb Free Space | 71,72% Space Free | Partition Type: NTFS
Drive D: | 42,55 Gb Total Space | 4,28 Gb Free Space | 10,06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Programme\VDOWNLOADER\VDownloader.exe" = C:\Programme\VDOWNLOADER\VDownloader.exe:*:Enabled:VDownloader -- File not found
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\StCenter.exe" = C:\Programme\FRITZ!DSL\StCenter.exe:*:Enabled:FRITZ!DSL Startcenter -- (AVM Berlin)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira GmbH)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\Programme\Lexmark 2600 Series\lxdnmon.exe" = C:\Programme\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Programme\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe" = C:\Programme\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: -- ()
"C:\Programme\Lexmark 2600 Series\lxdnlscn.exe" = C:\Programme\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()
"C:\Programme\Lexmark 2600 Series\frun.exe" = C:\Programme\Lexmark 2600 Series\frun.exe:*:Enabled:Printing Application -- ()
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36F6C1EA-66E7-4A87-8638-AE7D6715D67B}" = Conectiv
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{98D2FCB4-832A-470D-9E39-58F30CBEF365}" = NETGEAR XET1001 Powerline Encryption Utility
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3
"FRITZ!DSL" = AVM FRITZ!DSL
"ie8" = Windows Internet Explorer 8
"InstallShield_{98D2FCB4-832A-470D-9E39-58F30CBEF365}" = NETGEAR XET1001 Powerline Encryption Utility
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Torq_is1" = Torq Torq 1.5.2 (Build 009) - 8 July 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR Archivierer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2010 06:52:10 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 07:08:02 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 07:34:19 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 07:47:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 08:00:17 | Computer Name = *** | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x800705aa.
Error - 04.08.2010 08:28:25 | Computer Name = *** | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 04.08.2010 10:09:16 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 10:26:48 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 13:57:50 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
Error - 04.08.2010 17:51:58 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a3934.
[ System Events ]
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = NetBT | ID = 4311
Description = Initialisierung fehlgeschlagen, da der Treiber nicht erstellt werden
konnte.
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = NetBT | ID = 4311
Description = Initialisierung fehlgeschlagen, da der Treiber nicht erstellt werden
konnte.
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = NetBT | ID = 4311
Description = Initialisierung fehlgeschlagen, da der Treiber nicht erstellt werden
konnte.
Error - 04.08.2010 17:27:25 | Computer Name = *** | Source = NetBT | ID = 4311
Description = Initialisierung fehlgeschlagen, da der Treiber nicht erstellt werden
konnte.
Error - 04.08.2010 17:29:22 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxdnCATSCustConnectService.
Error - 04.08.2010 17:29:22 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 04.08.2010 18:11:10 | Computer Name = *** | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 04.08.2010 18:30:41 | Computer Name = *** | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report >
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-04 19:17:23
Windows 5.1.2600 Service Pack 3
Running: f1gvzoe9.exe; Driver: C:\DOKUME~1\***~1\LOKALE~1\Temp\kxnyypog.sys
---- System - GMER 1.0.15 ----
SSDT F7BCDC66 ZwCreateKey
SSDT F7BCDC5C ZwCreateThread
SSDT F7BCDC6B ZwDeleteKey
SSDT F7BCDC75 ZwDeleteValueKey
SSDT spxz.sys ZwEnumerateKey [0xF738CDA4]
SSDT spxz.sys ZwEnumerateValueKey [0xF738D132]
SSDT F7BCDC7A ZwLoadKey
SSDT spxz.sys ZwOpenKey [0xF73740C0]
SSDT F7BCDC48 ZwOpenProcess
SSDT F7BCDC4D ZwOpenThread
SSDT spxz.sys ZwQueryKey [0xF738D20A]
SSDT spxz.sys ZwQueryValueKey [0xF738D08A]
SSDT F7BCDC84 ZwReplaceKey
SSDT F7BCDC7F ZwRestoreKey
SSDT F7BCDC70 ZwSetValueKey
SSDT F7BCDC57 ZwTerminateProcess
INT 0x62 ? 842D7BF8
INT 0x63 ? 83FCCF00
INT 0x73 ? 83FCCF00
INT 0x82 ? 842D7BF8
INT 0x83 ? 83FCCF00
---- Kernel code sections - GMER 1.0.15 ----
? spxz.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload ED71C8AC 5 Bytes JMP 83FCC4E0
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xEE569A0C]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xED113360, 0x24BB1D, 0xE8000020]
.text ajh5wua4.SYS ED0C6386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ajh5wua4.SYS ED0C63AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ajh5wua4.SYS ED0C63C4 3 Bytes [00, 80, 02]
.text ajh5wua4.SYS ED0C63C9 1 Byte [30]
.text ajh5wua4.SYS ED0C63C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.rsrc C:\WINDOWS\system32\DRIVERS\kbdclass.sys entry point in ".rsrc" section [0xED7CAE14]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[2620] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 019E000A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 842D51F8
Device \Driver\sptd \Device\3268078802 spxz.sys
Device \Driver\usbohci \Device\USBPDO-0 83EF8500
Device \Driver\PCI_PNP1302 \Device\00000045 spxz.sys
Device \Driver\usbohci \Device\USBPDO-1 83EF8500
Device \Driver\usbehci \Device\USBPDO-2 83FD0318
Device \Driver\Ftdisk \Device\HarddiskVolume1 842D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 842D91F8
Device \Driver\Cdrom \Device\CdRom0 83E4B500
Device \Driver\Cdrom \Device\CdRom1 83E4B500
Device \Driver\Cdrom \Device\CdRom2 83E4B500
Device \Driver\usbohci \Device\USBFDO-0 83EF8500
Device \Driver\usbohci \Device\USBFDO-1 83EF8500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83EE5500
Device \Driver\usbehci \Device\USBFDO-2 83FD0318
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83EE5500
Device \Driver\Ftdisk \Device\FtControl 842D91F8
Device \Driver\ajh5wua4 \Device\Scsi\ajh5wua41Port1Path0Target0Lun0 83F0D500
Device \Driver\ajh5wua4 \Device\Scsi\ajh5wua41 83F0D500
Device \FileSystem\Cdfs \Cdfs 83FA9500
Device -> \Driver\nvatabus \Device\Harddisk0\DR0 840FAEC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x7A 0xE1 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x6D 0x0E 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0xEB 0x01 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x7A 0xE1 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x6D 0x0E 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0xEB 0x01 0x37 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\nvatabus.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Geändert von Maschi (05.08.2010 um 01:01 Uhr) |
| Themen zu "Generic Host Process for Win32 Services" Fehlermeldung - Win32.Blaster ? |
| ad-aware, ad.yieldmanager, amd athlon, antivir, avira, awareness, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, desktop, dsl, frage, generic host, generic host process, helper, hijack, hijack this, hijackthis, home, igdctrl.exe, internet, launch, neu aufgesetzt, nicht installiert, plug-in, problem, rundll, scan, sched.exe, senden, software, spyware.spyeyes, svchost.exe, trojan, updates, virus, win32, win32.blaster, windows updates, windows xp, wuauclt.exe |
Baum-Darstellung