| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.08.2010, 10:44
| #1 |
 |  Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe Hallo Trojaner-Board  Nach dem booten kommt für ca. 5 sek eine Fehlermeldung der Autochk.exe habe antimalware und avira antivir schon laufen gelassen ohne funde... habe nun mal von GMER ein log erstellen lassen, kann damit aber nicht viel anfangen  wäre mal jmd. so nett und schaut darüber? danke schön  Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 10:46:04
Windows 5.1.2600 Service Pack 3
Running: hj920plt.exe; Driver: C:\DOKUME~1\I\LOKALE~1\Temp\kwpyykod.sys
---- System - GMER 1.0.15 ----
SSDT F7CC52EE ZwCreateKey
SSDT F7CC52E4 ZwCreateThread
SSDT F7CC52F3 ZwDeleteKey
SSDT F7CC52FD ZwDeleteValueKey
SSDT spyo.sys ZwEnumerateKey [0xF7401DA4]
SSDT spyo.sys ZwEnumerateValueKey [0xF7402132]
SSDT F7CC5302 ZwLoadKey
SSDT spyo.sys ZwOpenKey [0xF73E90C0]
SSDT F7CC52D0 ZwOpenProcess
SSDT F7CC52D5 ZwOpenThread
SSDT spyo.sys ZwQueryKey [0xF740220A]
SSDT spyo.sys ZwQueryValueKey [0xF740208A]
SSDT F7CC530C ZwReplaceKey
SSDT F7CC5307 ZwRestoreKey
SSDT F7CC52F8 ZwSetValueKey
SSDT F7CC52DF ZwTerminateProcess
INT 0x62 ? 8676BBF8
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x63 ? 863ABF00
INT 0x82 ? 8676BBF8
---- Kernel code sections - GMER 1.0.15 ----
? spyo.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F6FBB8AC 5 Bytes JMP 863AB4E0
.text aql7o5r5.SYS F6E81386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aql7o5r5.SYS F6E813AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aql7o5r5.SYS F6E813C4 3 Bytes [00, 80, 02]
.text aql7o5r5.SYS F6E813C9 1 Byte [30]
.text aql7o5r5.SYS F6E813C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73EA042] spyo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73EA13E] spyo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73EA0C0] spyo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73EA800] spyo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73EA6D6] spyo.sys
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aql7o5r5.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73F9B90] spyo.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8676A1F8
Device \FileSystem\Fastfat \FatCdrom 8650B500
Device \Driver\usbuhci \Device\USBPDO-0 8643C500
Device \Driver\PCI_PNP3508 \Device\00000044 spyo.sys
Device \Driver\PCI_PNP3508 \Device\00000044 spyo.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 867DC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 867DC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 867DC1F8
Device \Driver\usbuhci \Device\USBPDO-1 8643C500
Device \Driver\usbuhci \Device\USBPDO-2 8643C500
Device \Driver\usbuhci \Device\USBPDO-3 8643C500
Device \Driver\sptd \Device\282176008 spyo.sys
Device \Driver\usbehci \Device\USBPDO-4 863E3500
Device \Driver\usbstor \Device\00000070 86429500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676C1F8
Device \Driver\Cdrom \Device\CdRom0 8651B500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676C1F8
Device \Driver\Cdrom \Device\CdRom1 8651B500
Device \Driver\atapi \Device\Ide\IdePort0 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8651B500
Device \Driver\NetBT \Device\NetBt_Wins_Export 863FA500
Device \Driver\NetBT \Device\NetbiosSmb 863FA500
Device \Driver\usbuhci \Device\USBFDO-0 8643C500
Device \Driver\usbstor \Device\0000006c 86429500
Device \Driver\usbstor \Device\0000006d 86429500
Device \Driver\usbuhci \Device\USBFDO-1 8643C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 863E9500
Device \Driver\usbstor \Device\0000006e 86429500
Device \Driver\usbuhci \Device\USBFDO-2 8643C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 863E9500
Device \Driver\usbstor \Device\0000006f 86429500
Device \Driver\usbuhci \Device\USBFDO-3 8643C500
Device \Driver\usbehci \Device\USBFDO-4 863E3500
Device \Driver\Ftdisk \Device\FtControl 8676C1F8
Device \Driver\aql7o5r5 \Device\Scsi\aql7o5r51Port2Path0Target0Lun0 86528500
Device \Driver\aql7o5r5 \Device\Scsi\aql7o5r51 86528500
Device \FileSystem\Fastfat \Fat 8650B500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8642B500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
---- EOF - GMER 1.0.15 ----
|
|
24.08.2010, 11:06
| #2 |
| /// Malware-holic   |  Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe CD-Emulatoren mit DeFogger deaktivieren
__________________Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren nutzen. Lade Automatischen Neustart deaktivieren nun die genaue fehlermeldung aufschreiben mit stop fehler etc. und posten. |
|
24.08.2010, 12:58
| #3 |
| | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe Danke für die schnelle antwort
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:24 on 24/08/2010 (I)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 13:39:08
Windows 5.1.2600 Service Pack 3
Running: hj920plt.exe; Driver: C:\DOKUME~1\I\LOKALE~1\Temp\kwpyykod.sys
---- System - GMER 1.0.15 ----
SSDT F7C4F0FE ZwCreateKey
SSDT F7C4F0F4 ZwCreateThread
SSDT F7C4F103 ZwDeleteKey
SSDT F7C4F10D ZwDeleteValueKey
SSDT F7C4F112 ZwLoadKey
SSDT F7C4F0E0 ZwOpenProcess
SSDT F7C4F0E5 ZwOpenThread
SSDT F7C4F11C ZwReplaceKey
SSDT F7C4F117 ZwRestoreKey
SSDT F7C4F108 ZwSetValueKey
SSDT F7C4F0EF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs F3940400
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 13:53:45
Windows 5.1.2600 Service Pack 3
Running: hj920plt.exe; Driver: C:\DOKUME~1\I\LOKALE~1\Temp\kwpyykod.sys
---- System - GMER 1.0.15 ----
SSDT F7C4F0FE ZwCreateKey
SSDT F7C4F0F4 ZwCreateThread
SSDT F7C4F103 ZwDeleteKey
SSDT F7C4F10D ZwDeleteValueKey
SSDT F7C4F112 ZwLoadKey
SSDT F7C4F0E0 ZwOpenProcess
SSDT F7C4F0E5 ZwOpenThread
SSDT F7C4F11C ZwReplaceKey
SSDT F7C4F117 ZwRestoreKey
SSDT F7C4F108 ZwSetValueKey
SSDT F7C4F0EF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0x19 0xFF 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x17 0x27 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x36 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x03 0xF2 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x99 0xBD 0xF5 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE0 0x41 0xB9 0x49 ...
---- EOF - GMER 1.0.15 ----
|
|
24.08.2010, 13:10
| #4 |
| /// Malware-holic | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe ok jetzt brauch ich noch die fehlermeldung die beim sys start auf dem blue screen zu sehen ist |
|
24.08.2010, 18:27
| #5 |
| | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe \SystemRoot\Windows\System32\Autochk.exe program not found - skipping Autocheck dazu ist vieleicht noch zu sagen das nach jedem start unten rechts die treiber (einfach) installiert... ich schätze mal das hängt damit zusammen!? danke im vorraus |
|
24.08.2010, 19:05
| #6 |
| /// Malware-holic | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs |
|
24.08.2010, 19:39
| #7 |
| | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exeCode:
ATTFilter OTL Extras logfile created on: 24.08.2010 20:15:45 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\I\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 454,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 58,30 Gb Free Space | 78,55% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 32,02 Gb Free Space | 46,84% Space Free | Partition Type: NTFS
Drive E: | 6,45 Gb Total Space | 0,54 Gb Free Space | 8,41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: *
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1644491937-1500820517-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Programme\Adobe CS4\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"D:\Programme\rapimgr.exe" = D:\Programme\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\wcescomm.exe" = D:\Programme\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\WCESMgr.exe" = D:\Programme\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Programme\rapimgr.exe" = D:\Programme\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\wcescomm.exe" = D:\Programme\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\WCESMgr.exe" = D:\Programme\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Programme\River Past Video Cleaner\Video Cleaner Pro\VideoCleanerPro.exe" = D:\Programme\River Past Video Cleaner\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro -- File not found
"D:\Programme\River Past Video Cleaner Pro 7.7.16\Video Cleaner Pro\VideoCleaner.exe" = D:\Programme\River Past Video Cleaner Pro 7.7.16\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"C-Media Audio" = C-Media 3D Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"HDD-Booster_is1" = HDD-Booster v1.1
"MakeMKV" = MakeMKV v1.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Microsoft.Net.Client.3.5.LangPack.deu" = Microsoft .NET Framework Client Profile Language Pack - DEU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PocketMan" = PocketMan
"RadLight Ogg Media DirectShow filter" = RadLight Ogg Media DirectShow filter (remove only)
"RadLight PVA DirectShow filter" = RadLight PVA DirectShow filter (remove only)
"RealAlt_is1" = Real Alternative 1.8.0
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"WBFS Manager 3.0" = WBFS Manager 3.0
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1644491937-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9036
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2010 14:42:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.07.2010 05:02:59 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 updatecopier.exe, P2 1.0.0.0, P3 4b9e75c0, P4
system, P5 2.0.0.0, P6 4889de7a, P7 39f4, P8 394, P9 system.componentmodel.win32,
P10 NIL.
Error - 01.07.2010 05:03:54 | Computer Name = *** | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 updatecopier.exe, P2 1.0.0.0, P3 4b9e75c0, P4
system, P5 2.0.0.0, P6 4889de7a, P7 39f4, P8 394, P9 system.componentmodel.win32,
P10 NIL.
Error - 09.07.2010 04:44:08 | Computer Name = *** | Source = ESENT | ID = 490
Description = svchost (1000) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 09.07.2010 04:44:08 | Computer Name = *** | Source = ESENT | ID = 470
Description = Catalog Database (1000) Datenbank C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
Error - 17.07.2010 05:17:34 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 17.07.2010 05:17:34 | Computer Name = *** | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 19.07.2010 11:11:25 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.5969, Fehleradresse 0x00069460.
Error - 31.07.2010 14:58:32 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.07.2010 15:10:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TaskMan.exe, Version 1.7.7.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 20.08.2010 13:12:22 | Computer Name = *** | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Adapters wurde ermittelt.
Error - 20.08.2010 13:12:29 | Computer Name = *** | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Adapters wurde ermittelt.
Error - 21.08.2010 07:36:33 | Computer Name = OMNIA-8EA3725EB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 22.08.2010 05:54:41 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.08.2010 05:14:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 23.08.2010 08:34:38 | Computer Name = *** | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Adapters wurde ermittelt.
Error - 24.08.2010 04:19:48 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.08.2010 07:26:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.08.2010 13:21:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.08.2010 13:22:51 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Code:
ATTFilter OTL logfile created on: 24.08.2010 20:15:45 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\I\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 454,00 Mb Available Physical Memory | 44,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,22 Gb Total Space | 58,30 Gb Free Space | 78,55% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 32,02 Gb Free Space | 46,84% Space Free | Partition Type: NTFS Drive E: | 6,45 Gb Total Space | 0,54 Gb Free Space | 8,41% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ********* Current User Name: * Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\I\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) PRC - D:\Programme\wcescomm.exe (Microsoft Corporation) PRC - D:\Programme\rapimgr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\I\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.) DRV - (PRISM_A00) -- C:\WINDOWS\system32\drivers\PRISMA00.sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-1644491937-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1644491937-1500820517-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 21:32:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.25 21:32:31 | 000,000,000 | ---D | M] [2009.12.29 02:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Extensions [2010.08.24 18:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions [2010.05.27 16:15:17 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.06.28 16:49:27 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2010.08.19 16:01:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.09 14:57:23 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2010.08.19 16:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\extensions\nasanightlaunch@example.com [2010.08.24 18:50:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.06 13:33:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.14 12:46:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.14 12:46:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.14 12:46:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.14 12:46:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.14 12:46:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager) O4 - HKU\S-1-5-21-1644491937-1500820517-839522115-1003..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1644491937-1500820517-839522115-1003..\Run: [H/PC Connection Agent] D:\Programme\wcescomm.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\I\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\I\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.29 01:50:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{72c79f91-9b23-11df-a019-001c4afbb59c}\Shell - "" = AutoRun O33 - MountPoints2\{72c79f91-9b23-11df-a019-001c4afbb59c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{72c79f91-9b23-11df-a019-001c4afbb59c}\Shell\Open\command - "" = RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svchost.exe O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\Daemon Tool Lite\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - D:\Programme\Wcescomm.exe (Microsoft Corporation) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1DFFB787-735E-371B-9C43-1321C10B4335} - .NET Framework ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010.08.24 20:13:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\I\Desktop\OTL.exe [2010.08.19 17:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.07.30 12:44:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\I\Lokale Einstellungen\Anwendungsdaten\Help [2010.07.30 12:44:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Help [2010.07.30 12:42:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.07.28 20:32:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Adobe Mini Bridge CS5 [2010.07.28 20:32:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.07.26 12:07:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.24 20:13:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\I\Desktop\OTL.exe [2010.08.24 19:22:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.24 19:22:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.24 19:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.24 19:22:31 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2010.08.24 19:21:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\I\ntuser.ini [2010.08.24 19:21:49 | 005,242,880 | -H-- | M] () -- C:\Dokumente und Einstellungen\I\NTUSER.DAT [2010.08.24 13:24:31 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\I\defogger_reenable [2010.08.24 13:19:10 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Desktop\Defogger.exe [2010.08.24 10:23:14 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Desktop\hj920plt.exe [2010.08.23 17:25:02 | 002,771,155 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Desktop\Roller.jpg [2010.08.21 02:00:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-***-***-*.job [2010.08.14 19:22:14 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.05 21:12:13 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Desktop\MakeMKV.lnk [2010.07.31 20:22:22 | 000,000,571 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.28 20:27:03 | 000,991,579 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Desktop\***.jpg [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.24 13:24:18 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\I\defogger_reenable [2010.08.24 13:19:10 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Desktop\Defogger.exe [2010.08.24 10:23:13 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Desktop\hj920plt.exe [2010.08.23 17:23:03 | 002,771,155 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Desktop\Roller.jpg [2010.08.22 12:49:08 | 005,243,383 | ---- | C] () -- C:\WINDOWS\System32\001-keri_hilson_-_i_like-ministry.mp3 [2010.08.05 21:12:13 | 000,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Desktop\MakeMKV.lnk [2010.07.28 20:26:57 | 000,991,579 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Desktop\***.jpg [2010.07.07 10:28:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.05.16 22:30:00 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\$_hpcst$.hpc [2010.01.07 20:14:07 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010.01.07 20:14:07 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010.01.07 20:14:03 | 000,134,699 | ---- | C] () -- C:\WINDOWS\Cmuda.ini [2010.01.07 20:14:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2010.01.07 20:14:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2010.01.07 20:14:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2009.12.29 16:16:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009.12.29 13:05:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\I\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004.10.20 15:47:14 | 000,380,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\PRISMA00.sys [2003.09.16 17:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2003.09.16 17:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2003.09.16 17:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll ========== LOP Check ========== [2010.06.30 01:12:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2009.12.29 19:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner [2010.06.30 01:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2010.07.09 11:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\River Past G5 [2010.07.31 21:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2009.12.29 19:26:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{66E2F539-12B6-4870-A500-7689CDE75C5E} [2010.01.03 22:37:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275} [2010.01.28 19:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\ASCOMP Software [2010.01.24 23:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\DAEMON Tools [2010.06.30 01:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\DAEMON Tools Lite [2010.07.14 11:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Foxit Software [2010.07.01 11:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\HandBrake [2010.08.24 19:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\ICQ [2010.07.06 10:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\River Past G5 [2010.07.28 20:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.01.03 22:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Uniblue ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.19 17:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Adobe [2010.07.28 20:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Adobe Mini Bridge CS5 [2010.01.28 19:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\ASCOMP Software [2010.07.06 22:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\AVS4YOU [2010.01.24 23:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\DAEMON Tools [2010.06.30 01:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\DAEMON Tools Lite [2010.07.06 11:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\DivX [2010.08.12 21:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\dvdcss [2010.07.14 11:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Foxit Software [2010.07.01 11:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\HandBrake [2010.07.30 12:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Help [2010.08.24 19:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\ICQ [2009.12.29 02:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Identities [2009.12.29 02:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Macromedia [2010.05.14 00:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Malwarebytes [2010.08.09 16:07:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Microsoft [2009.12.29 02:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Mozilla [2010.07.06 11:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Real [2010.07.06 10:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\River Past G5 [2010.07.28 20:32:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2009.12.29 14:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Sun [2010.01.03 22:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Uniblue [2010.08.24 13:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\vlc [2010.01.09 14:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Winamp [2009.12.29 02:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2009.12.29 19:39:45 | 070,702,750 | ---- | M] () -- C:\Dokumente und Einstellungen\I\Anwendungsdaten\Uniblue\DriverScanner\Download\pci_ven_10de_dev_03446_14_11_7540.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.05.06 13:42:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.05.06 13:42:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.05.06 13:42:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.05.06 13:42:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.12.29 02:34:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.12.29 02:34:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.12.29 02:34:48 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 04:22:09 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2008.04.14 04:22:09 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010.03.09 13:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll [9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report >  |
|
24.08.2010, 19:49
| #8 |
| /// Malware-holic | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKU\S-1-5-21-1644491937-1500820517-839522115-1003..\Run: [AdobeBridge] File not found O33 - MountPoints2\{72c79f91-9b23-11df-a019-001c4afbb59c}\Shell\Open\command - "" = RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svchost.exe :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
25.08.2010, 14:12
| #9 |
| | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe Hier die OTL log Code:
ATTFilter All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-1500820517-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c79f91-9b23-11df-a019-001c4afbb59c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72c79f91-9b23-11df-a019-001c4afbb59c}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svchost.exe not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 41620 bytes
User: I
->Flash cache emptied: 38437 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: *
->Temp folder emptied: 129505770 bytes
->Temporary Internet Files folder emptied: 4115585 bytes
->Java cache emptied: 27656906 bytes
->FireFox cache emptied: 37385036 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 395640 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 5346695 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38644896 bytes
RecycleBin emptied: 64192932 bytes
Total Files Cleaned = 295,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08252010_000912
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter ComboFix 10-08-24.0A - I 25.08.2010 15:00:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.720 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dir\install
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-25 bis 2010-08-25 ))))))))))))))))))))))))))))))
.
2010-08-24 22:09 . 2010-08-24 22:09 -------- d-----w- C:\_OTL
2010-08-19 15:39 . 2010-08-19 15:39 -------- d-----w- c:\windows\system32\Adobe
2010-07-30 10:44 . 2010-07-30 10:44 -------- d-----w- c:\dokumente und einstellungen\I\Lokale Einstellungen\Anwendungsdaten\Help
2010-07-30 10:42 . 2010-07-31 19:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-07-28 18:32 . 2010-07-28 18:32 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\Adobe Mini Bridge CS5
2010-07-28 18:32 . 2010-07-28 18:32 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 17:25 . 2009-12-29 00:50 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\ICQ
2010-08-24 11:52 . 2009-12-29 10:50 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\vlc
2010-08-12 19:54 . 2010-01-14 11:16 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\dvdcss
2010-07-14 09:46 . 2010-07-14 09:46 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\Foxit Software
2010-07-09 09:09 . 2010-07-06 08:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\River Past G5
2010-07-09 09:09 . 2010-07-06 08:50 -------- d-----w- c:\programme\Gemeinsame Dateien\River Past
2010-07-09 09:08 . 2010-07-06 09:00 -------- d-----w- c:\programme\River Past
2010-07-09 09:05 . 2010-07-06 09:19 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-09 08:49 . 2010-07-06 09:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-07-09 08:49 . 2010-07-06 09:07 -------- d-----w- c:\programme\DivX
2010-07-09 08:47 . 2010-07-06 20:32 -------- d-----w- c:\programme\AVS4YOU
2010-07-09 08:47 . 2010-07-06 20:31 -------- d-----w- c:\programme\Gemeinsame Dateien\AVSMedia
2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\dokumente und einstellungen\*\Anwendungsdaten\AVS4YOU
2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU
2010-07-06 10:12 . 2010-07-06 09:07 -------- d-----w- c:\programme\Google
2010-07-06 09:20 . 2010-07-06 09:19 -------- d-----w- c:\dokumente und einstellungen\*\Anwendungsdaten\DivX
2010-07-06 09:00 . 2010-07-06 09:00 37270 ----a-w- c:\windows\system32\OggDSUninst.exe
2010-07-06 08:50 . 2010-07-06 08:50 -------- d-----w- c:\dokumente und einstellungen\*\Anwendungsdaten\River Past G5
2010-07-02 19:58 . 2006-02-28 12:00 81114 ----a-w- c:\windows\system32\perfc007.dat
2010-07-02 19:58 . 2006-02-28 12:00 451980 ----a-w- c:\windows\system32\perfh007.dat
2010-07-01 09:10 . 2010-07-01 09:10 -------- d-----w- c:\dokumente und einstellungen\*\Anwendungsdaten\HandBrake
2010-06-30 11:34 . 2006-02-28 12:00 24064 ----a-w- c:\windows\system32\ctfmon.exe
2010-06-29 23:48 . 2010-06-29 23:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
2010-06-29 23:48 . 2009-12-29 00:10 69240 ----a-w- c:\dokumente und einstellungen\I\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-29 23:39 . 2010-01-24 21:47 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-06-29 23:36 . 2010-06-29 23:36 -------- d-----w- c:\programme\Adobe Media Player
2010-06-29 23:34 . 2010-06-29 23:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe AIR
2010-06-29 23:31 . 2010-06-29 23:31 -------- d-----w- c:\programme\Adobe Cs5
2010-06-29 23:26 . 2010-06-29 23:11 -------- d-----w- c:\dokumente und einstellungen\I\Anwendungsdaten\DAEMON Tools Lite
2010-06-29 23:12 . 2010-01-24 21:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-29 23:12 . 2010-06-29 23:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2010-06-14 14:31 . 2009-12-28 23:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
------- Sigcheck -------
[-] 2010-06-30 11:34 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-06-30 11:34 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[7] 2006-02-28 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-06-30 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\programme\Daemon Tool Lite\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:50 1289000 ----a-w- d:\programme\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\programme\rapimgr.exe"= d:\programme\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programme\wcescomm.exe"= d:\programme\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programme\WCESMgr.exe"= d:\programme\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.12.2009 02:17 108289]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [29.12.2009 02:08 265088]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [29.12.2009 02:08 4352]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [20.10.2004 15:47 380736]
S3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.01.2010 23:37 691696]
.
Inhalt des "geplante Tasks" Ordners
2010-08-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-OMNIA-8EA3725EB-I.job
- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-29 01:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\I\Anwendungsdaten\Mozilla\Firefox\Profiles\gbv3pqcg.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\River Past\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\programme\River Past\Real Alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-25 15:03
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-08-25 15:05:09
ComboFix-quarantined-files.txt 2010-08-25 13:05
Vor Suchlauf: 12 Verzeichnis(se), 62.692.999.168 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 62.708.568.064 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - A29E63A55CFED6CF4B3A58BEF1A93E85
 |
|
25.08.2010, 14:49
| #10 |
| /// Malware-holic | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe hatt sich am problem was geendert? |
|
25.08.2010, 15:09
| #11 |
| | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe nein leider nicht... habe nun folgendes versucht 1. Start -> Ausführen: cmd eingeben -> ok 2. fsutil dirty query <DRIVE>: eingeben -> enter hxxp://www.winhelpline.info/forum/al...til#post223046 3. Meldung war Nicht fehlerhaft 4. chkntfs /d hxxp://forum.hijackthis.de/showthrea...t=10521&page=2 5. Computer neu Starten und freuen das es so liebe Menschen wie euch gibt. und jetzt kommt diese meldung nicht mehr... für die hilfe |
|
25.08.2010, 15:24
| #12 |
| /// Malware-holic | Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe jo, malware reste waren ja trotzdem drauf. lösche combofix und otl. |
|
| Themen zu Bei Start blauer Bildschirm für 5 sek. .../Systemroot/.../Autochk.exe |
| antimalware, antivir, avira, bildschirm, blauer bildschirm, booten, cdrom, code, controlset002, datei, driver, fehlermeldung, gmer, hal.dll, i8042prt.sys, ide, log, microsoft, programme, registry, scan, services, start, system, system32, temp, tool, trojaner-board, usbport.sys, write |
Linear-Darstellung
