|
Plagegeister aller Art und deren Bekämpfung: win32.autorun.tmpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.08.2010, 15:07 | #1 |
| win32.autorun.tmp Hallo, ich hab das gleich Problem wie: http://www.trojaner-board.de/86870-w...n-tmp-tun.html Auch bei mit hat firefox vor 2-3 Tagen angefangen, Werbefenster zu öffnen. Ich schätze, dass die Infektion von einem USB-Stick kommt. Ich habe das Thema oben gelesen allerdings kann ich mir selber nicht helfen, weil ich mich mit dem ganzen Prozedere nicht auskenne und nichts falsch machen will. Ich bitte um Hilfe |
19.08.2010, 10:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
19.08.2010, 12:29 | #3 |
| win32.autorun.tmp Hier der Log von Malwarebytes
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4447 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19.08.2010 13:26:32 mbam-log-2010-08-19 (13-26-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 270160 Laufzeit: 1 Stunde(n), 5 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\***\Anwendungsdaten\gnja.exe (Heuristics.Shuriken) -> No action taken. Hier die 2 OTL Reports:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.08.2010 13:31:30 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,27 Gb Total Space | 17,82 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Drive D: | 141,60 Gb Total Space | 137,98 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive E: | 8,21 Gb Total Space | 2,95 Gb Free Space | 35,91% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Hercules\Hercules Dualpix Chat and Show\CamService.exe (Guillemot Corporation S.A.) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) PRC - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) PRC - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe (Nokia.) PRC - C:\Programme\Home Cinema\PowerCinema\PCMService.exe () PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll (Kaspersky Lab) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe (Nokia.) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia) DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia) DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia) DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Cap7134) MEDION (7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors) DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "RWTH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1305784&SearchSource=3&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1305784&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 22:49:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.26 22:49:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.18 12:56:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.02 07:31:36 | 000,000,000 | ---D | M] [2008.08.26 10:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2009.02.04 17:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\y180nz4u.default\extensions [2008.11.13 00:37:32 | 000,000,870 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\y180nz4u.default\searchplugins\conduit.xml [2010.01.16 02:13:15 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\y180nz4u.default\searchplugins\youtube-videosuche.xml [2010.08.16 17:04:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.20 16:48:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.04 18:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.01.23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.12 17:03:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 17:03:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 17:03:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 17:03:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 17:03:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.01 18:53:33 | 000,249,967 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 8710 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CamserviceHD] C:\Programme\Hercules\Hercules Dualpix Chat and Show\Camservice.exe (Guillemot Corporation S.A.) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Alles mit BitComet downloaden - C:\Programme\BitComet\BitComet.exe (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client) O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - C:\Programme\BitComet\BitComet.exe (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client) O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm () O8 - Extra context menu item: Mit BitComet &downloaden - C:\Programme\BitComet\BitComet.exe (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe) - C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe (Tsbrl. Tjtlt Gct) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.15 00:16:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell - "" = AutoRun O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun\command - "" = M:\SVABICE\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\explore\command - "" = M:\SVABICE\\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\open\command - "" = M:\SVABICE\\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\AutoRun\command - "" = L:\muza\sguza.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\explore\command - "" = L:\muza\\sguza.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\open\command - "" = L:\muza\\sguza.exe -- File not found O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.19 13:29:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.08.19 12:17:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.08.19 12:17:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.19 12:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.19 12:17:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.19 12:17:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.19 12:15:35 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Jo\Desktop\mbam-setup.exe [2010.08.18 13:20:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.08.18 12:52:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dokumente [2010.08.18 12:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SafeNet Sentinel [2010.08.18 12:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\.spss [2010.08.18 12:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel [2010.08.18 12:48:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2010.08.18 12:47:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS [2010.08.18 12:47:22 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SPSS [2010.08.18 12:47:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SPSSInc [2010.08.18 12:46:46 | 000,000,000 | ---D | C] -- C:\Programme\SPSSInc [2010.08.15 14:30:53 | 000,099,840 | RHS- | C] (Tsbrl. Tjtlt Gct) -- C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe [2010.08.04 18:40:11 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.04 18:39:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.04 18:39:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.04 18:39:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.04 17:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\Softplicity [2010.08.04 17:40:03 | 000,000,000 | ---D | C] -- C:\Programme\TotalMailConverter [2010.08.03 19:11:36 | 000,000,000 | ---D | C] -- C:\Programme\ABC Amber PDF Converter [2010.08.03 19:06:08 | 000,609,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCTL32.OCX [2010.08.03 19:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Birdie EML to PDF Converter Trial [2010.08.03 18:59:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jo\Desktop\Dokumente und Einstellungen [2010.07.21 23:45:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Jo\*.tmp files -> C:\Dokumente und Einstellungen\Jo\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.19 13:31:11 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.08.19 13:30:04 | 011,272,192 | -H-- | M] () -- C:\Dokumente und Einstellungen\Jo\NTUSER.DAT [2010.08.19 13:29:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jo\Desktop\OTL.exe [2010.08.19 13:22:45 | 073,011,488 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.08.19 12:40:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.19 12:17:30 | 003,040,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010.08.19 12:17:29 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.19 12:15:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Jo\Desktop\mbam-setup.exe [2010.08.19 11:27:50 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.19 11:27:46 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.19 11:26:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.19 11:26:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.19 02:03:07 | 000,981,632 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.08.19 02:03:07 | 000,288,020 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010.08.19 02:02:53 | 001,576,306 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.18 17:50:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.18 16:15:35 | 000,230,253 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Lebenslauf.pdf [2010.08.18 15:46:13 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.18 12:46:26 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz [2010.08.18 12:46:26 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll [2010.08.18 12:46:26 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2010.08.18 12:46:26 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2010.08.18 12:46:26 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm [2010.08.18 12:36:03 | 000,111,693 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Projektstudie KuGeo SPSS-Maske (für Datenauswertung).sav [2010.08.17 20:20:18 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.08.14 23:54:15 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.14 16:47:36 | 000,723,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.14 16:47:36 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.14 16:47:36 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 16:47:36 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.14 16:47:36 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.13 14:06:24 | 000,099,840 | RHS- | M] (Tsbrl. Tjtlt Gct) -- C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe [2010.08.11 12:58:30 | 000,000,156 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Arbeitsplatz.lnk [2010.08.10 13:58:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.04 17:42:21 | 000,099,119 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Kopie E-Mail-Anfrage (19.06.2010 21 45 51).pdf [2010.08.04 17:42:21 | 000,098,079 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Kopie E-Mail-Anfrage (12.07.2010 11 05 31).pdf [2010.08.04 17:40:04 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MailConverter.lnk [2010.07.27 10:25:16 | 000,019,276 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Projektbericht-Gruppen_Stand 26.07.2010.docx [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\Jo\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.19 12:17:29 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.18 16:15:35 | 000,230,253 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Lebenslauf.pdf [2010.08.18 12:46:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz [2010.08.18 12:46:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2010.08.18 12:46:26 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz [2010.08.18 12:46:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2010.08.18 12:46:25 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm [2010.08.18 12:36:02 | 000,111,693 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Projektstudie KuGeo SPSS-Maske (für Datenauswertung).sav [2010.08.04 17:42:21 | 000,099,119 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Kopie E-Mail-Anfrage (19.06.2010 21 45 51).pdf [2010.08.04 17:42:21 | 000,098,079 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Kopie E-Mail-Anfrage (12.07.2010 11 05 31).pdf [2010.08.04 17:40:04 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MailConverter.lnk [2010.07.27 10:01:01 | 000,019,276 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Projektbericht-Gruppen_Stand 26.07.2010.docx [2010.07.05 17:30:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.02.24 22:38:20 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.06.16 00:31:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.04.11 17:10:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.12.19 01:08:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.11.22 00:01:55 | 000,021,240 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll [2008.11.22 00:01:55 | 000,013,560 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll [2008.11.21 23:14:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.11.02 01:32:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2008.10.16 18:30:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008.10.07 14:57:27 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2008.10.07 14:57:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.09.17 09:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.09.17 09:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.09.17 09:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.09.17 09:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.09.17 09:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.07.21 19:15:19 | 000,010,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NMM-MetaData.db [2008.07.06 15:54:56 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.17 18:49:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2008.06.17 18:41:34 | 000,004,895 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2006.07.31 07:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini [2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [1998.10.11 02:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll < End of report > UND 2.:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.08.2010 13:31:30 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,27 Gb Total Space | 17,82 Gb Free Space | 12,02% Space Free | Partition Type: NTFS Drive D: | 141,60 Gb Total Space | 137,98 Gb Free Space | 97,44% Space Free | Partition Type: NTFS Drive E: | 8,21 Gb Total Space | 2,95 Gb Free Space | 35,91% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "24455:TCP" = 24455:TCP:*:Enabled:BitComet 24455 TCP "24455:UDP" = 24455:UDP:*:Enabled:BitComet 24455 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\BitComet\BitComet.exe" = C:\Programme\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client) "C:\Programme\Steam\steamapps\***\day of defeat source\hl2.exe" = C:\Programme\Steam\steamapps\***\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found "C:\Jos Best\Spiele\Battlefield 1942\BF1942.exe" = C:\Jos Best\Spiele\Battlefield 1942\BF1942.exe:*:Disabled:BF1942 -- () "C:\Jos Best\Spiele\AoE2\age2_x1.exe" = C:\Jos Best\Spiele\AoE2\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Jos Best\Spiele\Quake 3\quake3.exe" = C:\Jos Best\Spiele\Quake 3\quake3.exe:*:Disabled:quake3 -- () "C:\Programme\Steam\steam.exe" = C:\Programme\Steam\steam.exe:*:Enabled:steam -- (Valve Corporation) "C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation) "C:\Programme\EA Games\Command and Conquer Generäle\game.dat" = C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game -- () "C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found "C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found "C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled: -- File not found "C:\Programme\Hercules\Hercules Dualpix Chat and Show\ControlUI.exe" = C:\Programme\Hercules\Hercules Dualpix Chat and Show\ControlUI.exe:*:Enabled:Hercules Xtra Controller Main Application -- (Guillemot Corporation S.A.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Jo\Desktop\blobby volley\volley.exe" = C:\Dokumente und Einstellungen\Jo\Desktop\blobby volley\volley.exe:*:Disabled:volley -- File not found "C:\Dokumente und Einstellungen\Jo\Desktop\Neuer Ordner\stronghold 1\Stronghold.exe" = C:\Dokumente und Einstellungen\Jo\Desktop\Neuer Ordner\stronghold 1\Stronghold.exe:*:Enabled:Stronghold -- File not found "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket) "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.) "C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.) "C:\Programme\SPSSInc\PASWStatistics18\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.) "C:\Programme\Steam\steamapps\***\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\fww-rb@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.5 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device "{7B63B2922B174135AFC0E1377DD81EC2}" = "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1CE4680-F9EA-400D-BE71-70995522BD82}_is1" = Voodoo Skript 1.6.9 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules Dualpix Chat and Show "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BitComet" = BitComet 1.03 "CCleaner" = CCleaner (remove only) "C-Media Audio Driver" = C-Media High Definition Audio Driver "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Setup.divx.com" = DivX-Setup "ENTERPRISER" = Microsoft Office Enterprise 2007 "Google Updater" = Google Updater "HPOCR" = OCR Software by I.R.I.S 7.0 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0 "LANGMaster eduExplorer" = LANGMaster eduExplorer "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "NVIDIA Drivers" = NVIDIA Drivers "PCFriendly" = PCFriendly "RealPlayer 6.0" = RealPlayer "Siedler3Deinstall" = Siedler3 "SopCast" = SopCast 3.2.4 "Steam App 10" = Counter-Strike "Total Mail Converter_is1" = TotalMailConverter "VLC media player" = VideoLAN VLC media player 0.8.6i "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.4.7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "X10Hardware" = X10 Hardware(TM) "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.08.2010 16:54:45 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5. Error - 14.08.2010 14:25:49 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung strane.exe, Version 5.5.0.925, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 14.08.2010 14:25:56 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung strane.exe, Version 5.5.0.925, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 14.08.2010 14:26:09 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung strane.exe, Version 5.5.0.925, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 16.08.2010 07:34:32 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AcroRd32.exe, Version 9.3.3.177, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 16.08.2010 07:35:45 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6541.5000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 16.08.2010 07:36:10 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6541.5000, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 16.08.2010 07:44:27 | Computer Name = *** | Source = Microsoft Office 12 | ID = 5000 Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6541.5000, P3 ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 18.08.2010 15:54:51 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Zattoo.exe, Version 0.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 18.08.2010 17:35:39 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung DivX Plus Player.exe, Version 10.2.0.31, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ OSession Events ] Error - 30.06.2008 06:42:18 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1340 seconds with 120 seconds of active time. This session ended with a crash. Error - 21.07.2008 07:20:11 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4762 seconds with 1980 seconds of active time. This session ended with a crash. Error - 25.07.2008 12:23:28 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 150 seconds with 120 seconds of active time. This session ended with a crash. Error - 15.11.2009 17:42:14 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16157 seconds with 3840 seconds of active time. This session ended with a crash. Error - 02.07.2010 10:06:29 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3360 seconds with 900 seconds of active time. This session ended with a crash. Error - 02.07.2010 10:07:06 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.07.2010 10:07:14 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.07.2010 10:07:18 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 16.07.2010 05:37:41 | Computer Name = *** | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 16.08.2010 07:25:58 | Computer Name = *** | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden. Error - 16.08.2010 07:38:38 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.08.2010 07:45:50 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
19.08.2010, 17:15 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe) - C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe (Tsbrl. Tjtlt Gct) O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell - "" = AutoRun O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\AutoRun\command - "" = M:\SVABICE\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\explore\command - "" = M:\SVABICE\\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\Shell\open\command - "" = M:\SVABICE\\\\\\ZABICE.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\AutoRun\command - "" = L:\muza\sguza.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\explore\command - "" = L:\muza\\sguza.exe -- File not found O33 - MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\Shell\open\command - "" = L:\muza\\sguza.exe -- File not found O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found [2010.08.18 12:46:26 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz [2010.08.18 12:46:26 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll [2010.08.18 12:46:26 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2010.08.18 12:46:26 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2010.08.18 12:46:26 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm :Files C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
19.08.2010, 17:44 | #5 |
| win32.autorun.tmp Vielen Dank soweit! Falls ich das verstanden habe, hat sich der OTL Fix um die gnja.exe gekümmert (Die bei diesem Scan zum ersten mal aufgetaucht ist). Der Urheber für die dauernden Werbeeinblendungen in Firefox ist aber glaube ich dieser verflixte Registereintrag, der auch bei Malwarebytes aufgetaucht ist. Aber hier erst mal das Logfile: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe deleted successfully. C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff0f-e343-11de-b4f6-0013d32ef907}\ not found. File L:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. File M:\SVABICE\\\\\ZABICE.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. File M:\SVABICE\\\\\\ZABICE.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c05ff10-e343-11de-b4f6-0013d32ef907}\ not found. File M:\SVABICE\\\\\\ZABICE.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. File L:\muza\sguza.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. File L:\muza\\sguza.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408d7f9-d34a-11de-b4c2-0013d32ef907}\ not found. File L:\muza\\sguza.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. File J:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found. File L:\LaunchU3.exe not found. C:\WINDOWS\system32\sysprs7.tgz moved successfully. C:\WINDOWS\system32\sysprs7.dll moved successfully. C:\WINDOWS\system32\lsprst7.tgz moved successfully. C:\WINDOWS\system32\lsprst7.dll moved successfully. C:\WINDOWS\system32\servdat.slm moved successfully. ========== FILES ========== File\Folder C:\Dokumente und Einstellungen\Jo\Anwendungsdaten\gnja.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Gast ->Temp folder emptied: 2872726 bytes ->Temporary Internet Files folder emptied: 239749 bytes ->FireFox cache emptied: 83296961 bytes ->Flash cache emptied: 950 bytes User: Jo ->Temp folder emptied: 734040 bytes ->Temporary Internet Files folder emptied: 87032 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 70868255 bytes ->Flash cache emptied: 4112 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 98199260 bytes User: Nokia N73 Bilder %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134333 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 27038142 bytes Total Files Cleaned = 272,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08192010_183540 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
19.08.2010, 18:52 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> win32.autorun.tmp |
19.08.2010, 20:28 | #7 |
| win32.autorun.tmp Combofix Logfile: Code:
ATTFilter ComboFix 10-08-18.04 - Jo 19.08.2010 21:12:42.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1553 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Jo\Desktop\cofi.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((( Dateien erstellt von 2010-07-19 bis 2010-08-19 )))))))))))))))))))))))))))))) . 2010-08-19 16:35 . 2010-08-19 16:35 -------- d-----w- C:\_OTL 2010-08-19 10:17 . 2010-08-19 10:17 -------- d-----w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Malwarebytes 2010-08-19 10:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 10:17 . 2010-08-19 11:26 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-08-19 10:17 . 2010-08-19 10:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-19 10:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-18 10:52 . 2010-08-18 10:52 -------- d-----w- c:\dokumente und einstellungen\Jo\Eigene Dokumente 2010-08-18 10:51 . 2010-08-18 10:51 -------- d-----w- c:\dokumente und einstellungen\Jo\.spss 2010-08-18 10:48 . 2010-08-18 10:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel 2010-08-18 10:47 . 2010-08-18 10:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SPSS 2010-08-18 10:47 . 2010-08-18 10:47 -------- d-----w- c:\programme\Gemeinsame Dateien\SPSS 2010-08-18 10:47 . 2010-08-18 10:47 -------- d-----w- c:\programme\Gemeinsame Dateien\SPSSInc 2010-08-18 10:46 . 2010-08-18 10:46 -------- d-----w- c:\programme\SPSSInc 2010-08-04 16:40 . 2010-08-04 16:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2010-08-04 15:40 . 2010-08-04 15:40 -------- d-----w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Softplicity 2010-08-04 15:40 . 2010-08-04 15:40 -------- d-----w- c:\programme\TotalMailConverter 2010-08-03 17:11 . 2010-08-03 17:17 -------- d-----w- c:\programme\ABC Amber PDF Converter 2010-08-03 17:06 . 2010-08-03 17:16 -------- d-----w- c:\programme\Birdie EML to PDF Converter Trial 2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-19 19:21 . 2008-08-29 13:41 -------- d-----w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Skype 2010-08-19 19:19 . 2008-06-14 22:30 3051040 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-08-19 19:18 . 2008-06-14 22:30 73219360 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-08-19 19:17 . 2008-06-14 22:30 984728 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-08-19 19:17 . 2008-06-14 22:30 289124 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-08-19 19:00 . 2008-06-14 22:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2010-08-19 18:55 . 2009-04-05 11:13 74088 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-08-19 18:46 . 2008-08-19 15:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-08-19 18:45 . 2008-09-28 17:47 -------- d-----w- c:\programme\CCleaner 2010-08-19 18:32 . 2008-10-27 10:01 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-08-19 13:43 . 2009-04-05 16:06 -------- d-----w- c:\programme\Steam 2010-08-18 22:31 . 2008-06-29 10:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater 2010-08-18 10:51 . 2010-08-18 10:48 190 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-08-18 10:48 . 2010-08-18 10:48 1024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll 2010-08-18 10:48 . 2010-08-18 10:48 1024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll 2010-08-18 10:48 . 2010-08-18 10:48 1024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth2.dll 2010-08-18 10:48 . 2010-08-18 10:48 1024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\clauth1.dll 2010-08-18 10:48 . 2010-08-18 10:48 162 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll 2010-08-18 10:48 . 2010-08-18 10:48 16 ---h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\tuzmghn.dll 2010-08-16 11:03 . 2008-11-22 11:39 1 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-14 14:47 . 2004-08-04 12:00 48156 ----a-w- c:\windows\system32\perfc007.dat 2010-08-14 14:47 . 2004-08-04 12:00 316594 ----a-w- c:\windows\system32\perfh007.dat 2010-08-11 12:24 . 2008-06-15 16:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-04 16:39 . 2008-11-16 19:30 -------- d-----w- c:\programme\Java 2010-08-04 14:02 . 2009-12-18 13:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-08-04 14:00 . 2010-08-04 14:00 1260 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_D55AEDAA438CBCB4893AB4D8C1814FEE.dll 2010-08-04 14:00 . 2010-08-04 14:00 46 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_AB4C301D509FA7340894BD4267B3EB63.dll 2010-08-04 14:00 . 2010-08-04 14:00 154 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll 2010-08-04 14:00 . 2010-08-04 14:00 27 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll 2010-08-04 14:00 . 2010-08-04 14:00 2582 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_4533601806092B240A00E1EB6977A89A.dll 2010-08-03 13:56 . 2010-08-03 13:56 61440 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-515c2627-n\decora-sse.dll 2010-08-03 13:56 . 2010-08-03 13:56 503808 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-762849bd-n\msvcp71.dll 2010-08-03 13:56 . 2010-08-03 13:56 499712 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-762849bd-n\jmc.dll 2010-08-03 13:56 . 2010-08-03 13:56 348160 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-762849bd-n\msvcr71.dll 2010-08-03 13:56 . 2010-08-03 13:56 12800 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-515c2627-n\decora-d3d.dll 2010-07-21 21:45 . 2008-08-29 13:39 -------- d-----r- c:\programme\Skype 2010-07-21 21:44 . 2008-08-29 13:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype 2010-07-17 03:00 . 2010-04-20 14:48 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-09 09:21 . 2010-07-09 08:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton 2010-07-09 08:52 . 2010-07-09 08:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec 2010-07-09 08:52 . 2010-07-09 08:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NortonInstaller 2010-07-09 08:31 . 2008-07-06 14:01 -------- d-----w- c:\programme\EA Games 2010-07-09 06:00 . 2010-03-21 00:31 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-09 05:53 . 2010-07-09 05:53 56765 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-09 05:53 . 2010-03-21 00:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX 2010-07-09 05:53 . 2008-07-06 16:53 -------- d-----w- c:\programme\DivX 2010-07-09 05:53 . 2010-07-09 05:53 57715 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe 2010-07-09 05:53 . 2010-07-09 05:53 54153 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe 2010-07-09 05:52 . 2010-05-16 13:23 1062184 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll 2010-07-09 05:52 . 2010-05-16 13:23 895256 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe 2010-06-30 12:28 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:10 . 2004-08-04 12:00 672768 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:10 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-06-14 22:13 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-05 01:49 . 2010-06-05 01:49 56997 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe 2010-06-05 01:49 . 2010-06-05 01:49 53600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe 2010-06-05 01:48 . 2010-06-05 01:48 54128 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe 2010-06-05 01:48 . 2010-06-05 01:48 54644 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe 2010-06-05 01:48 . 2010-06-05 01:48 54101 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-24 16:10 . 2010-05-24 16:10 503808 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25e3c557-n\msvcp71.dll 2010-05-24 16:10 . 2010-05-24 16:10 499712 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25e3c557-n\jmc.dll 2010-05-24 16:10 . 2010-05-24 16:10 348160 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25e3c557-n\msvcr71.dll 2010-05-24 16:10 . 2010-05-24 16:10 61440 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-730ff659-n\decora-sse.dll 2010-05-24 16:10 . 2010-05-24 16:10 12800 ----a-w- c:\dokumente und einstellungen\Jo\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-730ff659-n\decora-d3d.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Skype"="c:\programme\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 61952] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "nwiz"="nwiz.exe" [2008-09-17 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2004-02-04 61440] "CamserviceHD"="c:\programme\Hercules\Hercules Dualpix Chat and Show\Camservice.exe" [2007-12-11 73728] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-02-15 141608] "DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\BitComet\\BitComet.exe"= "c:\\Jos Best\\Spiele\\Battlefield 1942\\BF1942.exe"= "c:\\Jos Best\\Spiele\\AoE2\\age2_x1.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Jos Best\\Spiele\\Quake 3\\quake3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Steam\\steam.exe"= "c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Programme\\EA Games\\Command and Conquer Generäle\\game.dat"= "c:\\Programme\\Hercules\\Hercules Dualpix Chat and Show\\ControlUI.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\SopCast\\adv\\SopAdver.exe"= "c:\\Programme\\SopCast\\SopCast.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\SPSSInc\\PASWStatistics18\\paswstat.exe"= "c:\\Programme\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"= "c:\\Programme\\SPSSInc\\PASWStatistics18\\paswstat.com"= "c:\\Programme\\Steam\\steamapps\\fww-rb@web.de\\counter-strike\\hl.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24455:TCP"= 24455:TCP:BitComet 24455 TCP "24455:UDP"= 24455:UDP:BitComet 24455 UDP R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [07.10.2008 14:57 882688] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12.05.2005 14:39 1287296] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04.04.2007 14:58 24344] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [10.01.2010 06:18 135664] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [19.12.2008 15:48 16512] S3 camfilt2;Hercules Filter Driver;c:\windows\system32\drivers\camfilt2.sys [16.01.2009 19:58 98304] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.06.2009 00:31 691696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners 2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-08-19 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-29 18:01] 2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-01-10 04:18] 2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2010-01-10 04:18] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Alles mit BitComet downloaden - c:\programme\BitComet\BitComet.exe/AddAllLink.htm IE: Alle &Videos mit BitComet &d&ownloaden - c:\programme\BitComet\BitComet.exe/AddVideo.htm IE: Hinzufügen zu Kaspersky Anti-Banner IE: Mit BitComet &downloaden - c:\programme\BitComet\BitComet.exe/AddLink.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\dokumente und einstellungen\Jo\Anwendungsdaten\Mozilla\Firefox\Profiles\y180nz4u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1305784&SearchSource=3&q= FF - prefs.js: browser.startup.homepage - hxxp://www.wg-gesucht.de/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1305784&SearchSource=2&q= FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-08-19 21:19 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1614895754-484061587-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:1b,52,85,d5,e0,39,57,5d,0a,2e,45,62,f6,0c,5b,7a,75,65,61,aa,a8, 1c,d6,f2,c9,ac,50,92,5c,31,c6,ed,7d,3e,d6,6d,ba,96,4b,a7,83,3e,75,9d,3b,a7,\ "rkeysecu"=hex:af,c3,8d,4f,12,5f,ab,66,c7,9b,28,97,74,13,80,86 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1088) c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(1144) c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll - - - - - - - > 'explorer.exe'(3648) c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDll32.exe c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE c:\windows\system32\RUNDLL32.EXE c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe c:\programme\iPod\bin\iPodService.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-08-19 21:27:14 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-08-19 19:27 Vor Suchlauf: 11 Verzeichnis(se), 19.272.577.024 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 19.118.522.368 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 7567893F92E3C599FB9CB4D85AF5332D |
19.08.2010, 21:21 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.08.2010, 15:21 | #9 |
| win32.autorun.tmp Ich hab GMER ausgeführt. Dabei kam irgendwas riesiges raus, das ich hier in dem Umfang (~500.000 Zeichen) nicht posten kann. Seit ich aber GMER ausgeführt habe, ist meine Prozessorauslastung bei konstant 100%, Firefox startet nicht mehr und der PC hat Probleme eine Netzwerkadresse zu beziehen. Und OSAM bleibt immer an der selben Stelle (mdnsNSP.dll) stehen. Normal? EDIT: Ich hab einen Neustart gemacht, danach läuft wieder alles normal. Wenns ohne GMER-Endloslog auch geht, ist hier der OSAM-Log: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:55:22 on 20.08.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "AppleSoftwareUpdate.job" "Apple Inc." C:\Programme\Apple Software Update\SoftwareUpdate.exe File exists |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "Google Software Updater.job" "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists Control Panel Objects %SystemRoot%\system32 || "DivXControlPanelApplet.cpl" "DivX, Inc." C:\WINDOWS\system32\DivXControlPanelApplet.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists |||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists |||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists |||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "Advanced SCSI Programming Interface Driver" (ASPI) "Adaptec" C:\WINDOWS\System32\DRIVERS\ASPI32.sys File exists "catchme" (catchme) C:\cofi\catchme.sys File not found "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found |||||| "Hercules Filter Driver" (camfilt2) "Guillemot Corporation" C:\WINDOWS\System32\Drivers\camfilt2.sys File exists "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found |||||| "Kl1" (kl1) "Kaspersky Lab" C:\WINDOWS\System32\drivers\kl1.sys File exists |||||| "Klif" (klif) "Kaspersky Lab" C:\WINDOWS\system32\drivers\klif.sys File exists "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found |||||| "Padus ASPI Shell" (pfc) "Padus, Inc." C:\WINDOWS\System32\drivers\pfc.sys File exists "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKCU\Software\Classes\Folder\shellex\ColumnHandlers {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" File not found | COM-object registry key not found HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists |||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll File exists |||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" File not found | COM-object registry key not found {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" File not found | COM-object registry key not found {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" File not found | COM-object registry key not found |||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Program Files\Real\RealPlayer\rpshell.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" "Kaspersky Lab" C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll File exists |||||| {280CFDE1-1354-4431-92F3-03073BA593FB} "TotalConverter Context Menu Shell Extension" C:\Programme\TotalMailConverter\axTotalConverter.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBarLayout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists |||||| {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists |||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists |||| {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab "Microsoft Corporation" C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll File exists |||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx File exists |||| {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab "Microsoft" C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll File exists |||| {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" hxxp://go.microsoft.com/fwlink/?linkid=39204 "Microsoft Corporation" C:\WINDOWS\system32\LegitCheckControl.DLL File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions "BitComet" res://C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 File not found |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists |||||| {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" "Kaspersky Lab" C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists %UserProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\Jo\Startmenü\Programme\Autostart\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "Skype" "Skype Technologies S.A." "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized File exists |||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||||| "AVP" "Kaspersky Lab" "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" File exists |||||| "CamserviceHD" "Guillemot Corporation S.A." C:\Programme\Hercules\Hercules Dualpix Chat and Show\Camservice.exe /startup File exists || "DivXUpdate" "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists |||| "iTunesHelper" "Apple Inc." "C:\Programme\iTunes\iTunesHelper.exe" File exists |||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists "PCMService" "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" File exists |||| "PCSuiteTrayApplication" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup File exists |||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists Services HKLM\SYSTEM\CurrentControlSet\Services "Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists |||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists |||||| "Kaspersky Internet Security 7.0" (AVP) "Kaspersky Lab" C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\WINDOWS\system32\HPZinw12.dll File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\WINDOWS\system32\HPZipm12.dll File exists |||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe File exists |||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists Winlogon HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "klogon" "Kaspersky Lab" C:\WINDOWS\system32\klogon.dll File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Seaside (20.08.2010 um 15:56 Uhr) |
20.08.2010, 16:00 | #10 |
| win32.autorun.tmp bootkit remover sagt: Unknown boot code hast been found on some of your physical disks. |
22.08.2010, 17:43 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Das GMER-Log bitte zippen und hier anhängen. Bei OSAM bitte diese Online-Auswertung überspringen und nur das reine Log posten. Vom Bootkit Remover bitte einen Screenshot machen und hier posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.08.2010, 20:26 | #12 |
| win32.autorun.tmp OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:19:36 on 22.08.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Hercules Filter Driver" (camfilt2) - "Guillemot Corporation" - C:\WINDOWS\System32\Drivers\camfilt2.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\System32\drivers\kl1.sys "Klif" (klif) - "Kaspersky Lab" - C:\WINDOWS\system32\drivers\klif.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll {280CFDE1-1354-4431-92F3-03073BA593FB} "TotalConverter Context Menu Shell Extension" - ? - C:\Programme\TotalMailConverter\axTotalConverter.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204 -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "BitComet" - ? - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (File not found) {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für Web-Anti-Virus" - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Jo\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVP" - "Kaspersky Lab" - "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" "CamserviceHD" - "Guillemot Corporation S.A." - C:\Programme\Hercules\Hercules Dualpix Chat and Show\Camservice.exe /startup "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PCMService" - ? - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" "PCSuiteTrayApplication" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Kaspersky Internet Security 7.0" (AVP) - "Kaspersky Lab" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
23.08.2010, 12:16 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.08.2010, 21:26 | #14 |
| win32.autorun.tmp MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000003fc Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 ohci1394.sys 0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA0C8000 isapnp.sys 0xBA670000 PCIIde.sys 0xBA328000 \WINDOWS\System32\Drivers\PCIIDEX.SYS 0xBA5AC000 intelide.sys 0xBA0D8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xB9F30000 atapi.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9F10000 fltmgr.sys 0xB9EFE000 sr.sys 0xBA118000 PxHelp20.sys 0xB9EE7000 KSecDD.sys 0xB9E5A000 Ntfs.sys 0xB9E2D000 NDIS.sys 0xB9E13000 Mup.sys 0xB9DF6000 kl1.sys 0xBA338000 \WINDOWS\system32\drivers\TDI.SYS 0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA590000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB97D4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB97C0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9798000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xBA480000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9774000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA488000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB971E000 \SystemRoot\system32\DRIVERS\Cap7134.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xB96FB000 \SystemRoot\system32\DRIVERS\ks.sys 0xB9623000 \SystemRoot\system32\DRIVERS\3xHybrid.sys 0xBA594000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0xBA1F8000 \SystemRoot\system32\DRIVERS\fetnd5b.sys 0xBA490000 \SystemRoot\system32\DRIVERS\fdc.sys 0xBA208000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA598000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB960F000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA218000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA498000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA228000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA59C000 \SystemRoot\system32\drivers\pfc.sys 0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys 0xBA4A8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xBA4B0000 \SystemRoot\system32\DRIVERS\klim5.sys 0xBA6DB000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9DD2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB95F8000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB9527000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA348000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA370000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA298000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5E0000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB94C9000 \SystemRoot\system32\DRIVERS\update.sys 0xB9DCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB7228000 \SystemRoot\system32\drivers\cmudax.sys 0xB7204000 \SystemRoot\system32\drivers\portcls.sys 0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys 0xBA2E8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7D5000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA398000 \SystemRoot\System32\drivers\vga.sys 0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3A0000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3A8000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA560000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB71A9000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB7128000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB7100000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB70DA000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB70A2000 \SystemRoot\system32\DRIVERS\tcpip6.sys 0xB7080000 \SystemRoot\System32\drivers\afd.sys 0xBA308000 \SystemRoot\system32\drivers\ip6fw.sys 0xBA318000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA158000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB6FB5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB6F45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA168000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB6F12000 \??\C:\WINDOWS\system32\drivers\klif.sys 0xBA188000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA3B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xB6EC6000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB6EAE000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB71DC000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3B8000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA75E000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xB6ACF000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xB9558000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xB7200000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB6A47000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xB68DA000 \SystemRoot\system32\drivers\wdmaud.sys 0xB6BBD000 \SystemRoot\system32\drivers\sysaudio.sys 0xB669F000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xBA5DE000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB6490000 \SystemRoot\system32\DRIVERS\srv.sys 0xB63E8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB6527000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xB54BD000 \SystemRoot\System32\Drivers\HTTP.sys 0xB524C000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 45): 0 System Idle Process 4 System 972 C:\WINDOWS\system32\smss.exe 1060 csrss.exe 1088 C:\WINDOWS\system32\winlogon.exe 1132 C:\WINDOWS\system32\services.exe 1144 C:\WINDOWS\system32\lsass.exe 1324 C:\WINDOWS\system32\svchost.exe 1416 svchost.exe 1544 C:\WINDOWS\system32\svchost.exe 1780 svchost.exe 1888 svchost.exe 164 C:\WINDOWS\system32\spoolsv.exe 1024 C:\WINDOWS\explorer.exe 1376 svchost.exe 1520 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1532 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe 1600 C:\Programme\Bonjour\mDNSResponder.exe 1772 C:\Programme\Java\jre6\bin\jqs.exe 244 C:\WINDOWS\system32\svchost.exe 408 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE 436 C:\WINDOWS\system32\rundll32.exe 444 C:\Programme\Home Cinema\PowerCinema\PCMService.exe 456 C:\Programme\Hercules\Hercules Dualpix Chat and Show\CamService.exe 472 C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe 484 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe 492 C:\Programme\iTunes\iTunesHelper.exe 548 C:\Programme\DivX\DivX Update\DivXUpdate.exe 568 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 1288 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe 580 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe 592 C:\Programme\Skype\Phone\Skype.exe 704 C:\WINDOWS\system32\nvsvc32.exe 1012 C:\WINDOWS\system32\svchost.exe 1828 C:\WINDOWS\system32\svchost.exe 1948 wdfmgr.exe 2260 C:\WINDOWS\system32\wuauclt.exe 3140 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 3184 C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe 3624 C:\WINDOWS\system32\wscntfy.exe 2700 C:\Programme\iPod\bin\iPodService.exe 2332 alg.exe 3892 C:\Programme\Mozilla Thunderbird\thunderbird.exe 1396 C:\Programme\Mozilla Firefox\firefox.exe 3496 C:\Dokumente und Einstellungen\Jo\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000025`11143400 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000048`77a01e00 (FAT32) PhysicalDrive0 Model Number: WDCWD3200JD-00KLB0, Rev: 08.05J08 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
24.08.2010, 11:18 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.autorun.tmp Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu win32.autorun.tmp |
bitte um hilfe, falsch, firefox, gefangen, infektion, nichts, problem, schätze, tagen, thema, usb-stick, werbefenster, win, win32.autorun.tmp |