| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Abbild fehlerhaft - zig malWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2010, 21:47
| #1 |
| |  Abbild fehlerhaft - zig mal Hallo, seit kurzem habe ich folgendes großes Problem: Beim Systemstart kommt ständigt axrord32.exe - Abbild fehlerhaft Die Anwendung oder dll c:\windows\system32\0053.dll ist keine gültige Windows-Datei. Überprüfen Sie die Installationsdiskette. Die Datei 0053.dll hat folgende Eigenschaften: erstellt 25.08., Größe 19,8 KB (20.334 Bytes). Diese Meldung kommt beim Start ca 50 mal für alle Programme die sich irgendwie starten, sowie im BEtrieb bei jedem Aufruf einer neuen Programms. AntiVir und Windows Firewall waren die ganze Zeit in Betrieb, finden keine Viren.. sfc /scannow bringt keine Änderung. Aus anderen Postings habe ich rausgelesen was für Logdateien zum Posten sinnvoll wären, diese folgen unten. Was kann ich tun? Natürlich habe ich Depp keine aktuelle Sicherung der PArtition (btw: was ist dafür eigentlich das BEste? Nehme easeus todo backup her..) HiJAckThis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:21:05, on 07.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\Programme\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe C:\Programme\Hardcopy\hardcopy.exe C:\Programme\iPod\bin\iPodService.exe c:\programme\avira\antivir desktop\avcenter.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\Avira\AntiVir Desktop\avscan.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\ini.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\0053.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -- End of file - 7210 bytes Von hier (w.trojaner-board.de/77288-abbild-fehlerhaft.html) filelist geladen. Inhalt: (alles <2010 durch .......... ersetzt) Code:
ATTFilter
----- Root -----------------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\
07.09.2010 22:22 43 filelist.txt
07.09.2010 21:37 3.219.214.336 pagefile.sys
04.09.2010 20:57 211 boot.ini
02.09.2010 20:09 427 fpRedmon.log
..............
11 Datei(en) 3.219.519.245 Bytes
0 Verzeichnis(se), 93.621.723.136 Bytes frei
----- Windows --------------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS
07.09.2010 21:53 780.878 setupapi.log
07.09.2010 21:40 1.674.093 WindowsUpdate.log
07.09.2010 21:40 0 0.log
07.09.2010 21:39 159 wiadebug.log
07.09.2010 21:39 47 wiaservc.log
07.09.2010 21:39 2.048 bootstat.dat
07.09.2010 21:35 32.098 SchedLgU.Txt
02.09.2010 20:04 64.817 Hardcopy.log
25.08.2010 20:31 249.856 Setup1.exe
25.08.2010 20:31 73.216 ST6UNST.EXE
19.08.2010 10:04 7.275 wmsetup.log
12.08.2010 22:09 1.374 imsins.log
12.08.2010 22:09 222.967 comsetup.log
12.08.2010 22:09 32.550 tabletoc.log
12.08.2010 22:09 296.668 tsoc.log
12.08.2010 22:09 134.073 ntdtcsetup.log
12.08.2010 22:09 35.864 ocmsn.log
12.08.2010 22:09 746.610 iis6.log
12.08.2010 22:09 18.486 KB982214.log
12.08.2010 22:09 46.567 MedCtrOC.log
12.08.2010 22:09 111.842 netfxocm.log
12.08.2010 22:09 321.861 ocgen.log
12.08.2010 22:09 32.183 msgsocm.log
12.08.2010 22:09 634.647 FaxSetup.log
12.08.2010 22:09 206.786 msmqinst.log
12.08.2010 22:09 1.374 imsins.BAK
12.08.2010 22:09 23.079 KB2115168.log
12.08.2010 22:09 20.133 KB981852.log
12.08.2010 22:08 23.471 KB2079403.log
12.08.2010 22:08 127.671 updspapi.log
12.08.2010 22:07 21.667 KB2183461-IE8.log
12.08.2010 22:06 19.888 KB2160329.log
12.08.2010 22:06 19.236 KB980436.log
12.08.2010 22:05 13.408 KB981997.log
12.08.2010 22:05 17.906 KB982665.log
04.08.2010 03:00 16.191 KB2286198.log
01.08.2010 21:22 206.764 setupact.log
28.07.2010 21:38 1.053 ODBC.INI
27.07.2010 20:39 3.783 KB952011.log
22.07.2010 20:29 4.097 WgaNotify.log
22.07.2010 20:29 80.162 spupdsvc.log
22.07.2010 19:56 12.981 KB976662-IE8.log
22.07.2010 19:56 18.885 KB970430.log
22.07.2010 19:56 10.056 KB961118.log
22.07.2010 19:54 15.215 KB982381-IE8.log
22.07.2010 19:53 8.024 KB981332-IE8.log
22.07.2010 19:53 13.013 KB971737.log
22.07.2010 19:52 7.770 KB971961-IE8.log
21.07.2010 18:49 73.256 KB980218.log
21.07.2010 18:49 72.796 KB959426.log
21.07.2010 18:49 59.699 KB956803.log
21.07.2010 18:49 72.293 KB960859.log
21.07.2010 18:49 59.799 KB971468.log
21.07.2010 18:49 61.353 KB979683.log
21.07.2010 18:49 57.179 KB958869.log
21.07.2010 18:49 59.279 KB980195.log
21.07.2010 18:49 59.876 KB980232.log
21.07.2010 18:48 57.634 KB979402.log
21.07.2010 18:48 60.567 KB955759.log
21.07.2010 18:48 70.803 KB974318.log
21.07.2010 18:48 69.345 KB969059.log
21.07.2010 18:48 71.504 KB981349.log
21.07.2010 18:48 58.255 KB2229593.log
21.07.2010 18:48 29.353 ie8_main.log
21.07.2010 18:48 68.923 ie8.log
21.07.2010 18:37 42.512 KB978037.log
21.07.2010 18:37 42.328 KB975713.log
21.07.2010 18:37 40.843 KB971657.log
21.07.2010 18:37 41.770 KB978338.log
21.07.2010 18:37 27.974 KB954155.log
21.07.2010 18:37 42.028 KB960225.log
21.07.2010 18:37 29.804 KB972270.log
21.07.2010 18:35 30.035 KB956744.log
21.07.2010 18:34 40.996 KB974112.log
21.07.2010 18:34 32.536 KB956572.log
21.07.2010 18:34 26.115 KB956844.log
21.07.2010 18:34 37.854 KB961501.log
21.07.2010 18:34 25.826 KB975561.log
21.07.2010 18:34 25.855 KB973869.log
21.07.2010 18:34 37.974 KB975025.log
21.07.2010 18:34 39.630 KB952004.log
21.07.2010 18:33 37.903 KB974571.log
21.07.2010 18:33 37.371 KB975560.log
21.07.2010 18:33 36.599 KB973507.log
21.07.2010 18:33 35.786 KB977816.log
21.07.2010 18:33 25.966 KB973687.log
21.07.2010 18:33 20.546 KB981793.log
21.07.2010 18:33 30.405 KB978601.log
21.07.2010 18:33 37.879 KB979559.log
21.07.2010 18:33 21.519 KB978695.log
21.07.2010 18:33 25.242 KB973904.log
21.07.2010 18:33 35.727 KB967715.log
21.07.2010 18:31 21.829 KB973540.log
21.07.2010 18:31 34.898 KB974392.log
21.07.2010 18:31 18.211 KB976002-v5.log
21.07.2010 18:31 34.080 KB954459.log
21.07.2010 18:31 22.374 KB952069.log
21.07.2010 18:31 33.900 KB977914.log
21.07.2010 18:31 32.537 KB978542.log
21.07.2010 18:31 32.632 KB970238.log
21.07.2010 18:31 28.336 KB979309.log
21.07.2010 18:30 31.902 KB979482.log
21.07.2010 18:30 31.904 KB978706.log
21.07.2010 18:30 32.209 KB960803.log
21.07.2010 18:30 31.510 KB973815.log
21.07.2010 18:30 31.392 KB975562.log
21.07.2010 18:30 23.601 KB958644.log
21.07.2010 18:30 23.078 KB955069.log
21.07.2010 18:30 30.540 KB956802.log
21.07.2010 18:30 31.735 KB982381.log
21.07.2010 18:30 303.022 msxml4-KB954430-enu.LOG
21.07.2010 18:30 310.236 msxml4-KB973688-enu.LOG
21.07.2010 18:30 20.156 KB923561.log
21.07.2010 18:29 18.899 KB971961.log
21.07.2010 18:29 31.680 KB975467.log
21.07.2010 18:29 26.888 KB968389.log
21.07.2010 18:27 1.318 hpbvnstp.ini
21.07.2010 18:27 3.462 hpbvnstp.his
20.03.2010 09:45 501.760 SwSetupu.exe
............
210 Datei(en) 29.810.888 Bytes
0 Verzeichnis(se), 93.621.694.464 Bytes frei
----- System ---
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS\system
...............
25 Datei(en) 929.787 Bytes
0 Verzeichnis(se), 93.621.694.464 Bytes frei
----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS\system32
07.09.2010 21:40 2.206 wpa.dbl
07.09.2010 21:39 186.097 nvapps.xml
07.09.2010 21:39 3.420.216 FNTCACHE.DAT
07.09.2010 21:36 64.980 DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
07.09.2010 21:36 1.080 settingsbkup.sfm
07.09.2010 21:36 1.080 settings.sfm
07.09.2010 21:36 54.788 BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
07.09.2010 21:36 54.788 BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
07.09.2010 21:25 67.312 perfc009.dat
07.09.2010 21:25 448.470 perfh007.dat
07.09.2010 21:25 432.356 perfh009.dat
07.09.2010 21:25 80.104 perfc007.dat
07.09.2010 21:25 1.042.248 PerfStringBackup.INI
07.09.2010 20:50 20.334 0053.DLL
25.08.2010 20:53 40.955 ini.exe
25.08.2010 20:52 10 kr_done1
16.08.2010 15:31 725.064 pwNative.exe
16.08.2010 15:31 16.472 pwdrvio.sys
16.08.2010 15:31 11.104 pwdspio.sys
10.08.2010 05:15 69.632 QuickTime.qts
10.08.2010 05:15 94.208 QuickTimeVR.qtx
03.08.2010 20:09 35.962.312 MRT.exe
27.07.2010 18:44 107.808 dns-sd.exe
27.07.2010 18:44 91.424 dnssd.dll
27.07.2010 18:44 197.920 dnssdX.dll
27.07.2010 08:29 8.503.296 shell32.dll
22.07.2010 20:52 17.460 mlfcache.dat
21.07.2010 18:33 212.268 TZLog.log
21.07.2010 18:27 35 mmc.log
30.06.2010 14:28 149.504 schannel.dll
24.06.2010 17:51 11.077.120 ieframe.dll
24.06.2010 14:22 1.210.368 urlmon.dll
24.06.2010 14:22 916.480 wininet.dll
24.06.2010 14:22 611.840 mstime.dll
24.06.2010 14:22 206.848 occache.dll
24.06.2010 14:22 5.951.488 mshtml.dll
24.06.2010 14:21 1.986.560 iertutil.dll
24.06.2010 14:21 25.600 jsproxy.dll
24.06.2010 14:21 55.296 msfeedsbs.dll
24.06.2010 14:21 1.469.440 inetcpl.cpl
24.06.2010 14:21 599.040 msfeeds.dll
24.06.2010 14:21 184.320 iepeers.dll
24.06.2010 14:21 387.584 iedkcs32.dll
24.06.2010 11:02 1.852.032 win32k.sys
23.06.2010 14:08 173.056 ie4uinit.exe
17.06.2010 16:03 80.384 iccvid.dll
15.06.2010 18:16 143.422 l3codecx.ax
14.06.2010 09:41 1.172.480 msxml3.dll
03.06.2010 04:41 3.600.384 GPhotos.scr
28.04.2010 07:41 2.148.864 ntoskrnl.exe
28.04.2010 07:41 2.027.008 ntkrnlpa.exe
21.04.2010 15:28 46.080 tzchange.exe
20.04.2010 07:29 285.696 atmfd.dll
19.04.2010 20:47 3.062.048 usbaaplrc.dll
16.04.2010 18:06 1.509.888 shdocvw.dll
16.04.2010 18:06 1.025.024 browseui.dll
08.04.2010 14:03 2.113.536 WMVCore.dll
31.03.2010 00:16 99.176 PresentationHostProxy.dll
31.03.2010 00:10 295.264 PresentationHost.exe
19.03.2010 18:05 4.874.240 wmp.dll
10.03.2010 08:15 420.352 vbscript.dll
05.03.2010 16:37 65.536 asycfilt.dll
05.03.2010 10:13 947.472 msjava.dll
23.02.2010 00:12 57.667 ieuinit.inf
12.02.2010 12:03 293.376 browserchoice.exe
12.02.2010 06:33 100.864 6to4svc.dll
05.02.2010 20:25 1.297.408 quartz.dll
29.01.2010 16:59 691.712 inetcomm.dll
29.01.2010 16:43 307.260 l3codeca.acm
13.01.2010 16:00 86.528 cabview.dll
.............
2315 Datei(en) 553.982.963 Bytes
0 Verzeichnis(se), 93.621.514.240 Bytes frei
----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS\Prefetch
07.09.2010 22:22 11.650 FIND.EXE-0EC32F1E.pf
07.09.2010 22:22 13.582 CMD.EXE-087B4001.pf
07.09.2010 22:22 27.568 DLLHOST.EXE-2E73BAEE.pf
07.09.2010 22:22 30.260 VSSVC.EXE-0F74375A.pf
07.09.2010 22:22 234.610 WINRAR.EXE-3588DFE8.pf
07.09.2010 22:22 22.052 VERCLSID.EXE-3667BD89.pf
07.09.2010 22:21 80.442 NOTEPAD.EXE-336351A9.pf
07.09.2010 22:20 59.228 WMIPRVSE.EXE-28F301A9.pf
07.09.2010 22:20 86.532 HIJACKTHIS.EXE-39024128.pf
07.09.2010 22:20 83.568 MSIEXEC.EXE-2F8A8CAE.pf
07.09.2010 22:11 85.422 PLUGIN-CONTAINER.EXE-170C935C.pf
07.09.2010 22:10 124.324 ACRORD32.EXE-2E761392.pf
07.09.2010 22:10 114.172 FIREFOX.EXE-1D57670A.pf
07.09.2010 22:10 146.506 MSIMN.EXE-0B61806C.pf
07.09.2010 22:09 548.012 Layout.ini
07.09.2010 22:04 60.046 LOGON.SCR-151EFAEA.pf
07.09.2010 21:52 14.426 RUNDLL32.EXE-451FC2C0.pf
07.09.2010 21:41 68.404 ACRORD32INFO.EXE-19B1D743.pf
07.09.2010 21:40 16.320 ALG.EXE-0F138680.pf
07.09.2010 21:40 16.168 IPODSERVICE.EXE-233792DA.pf
07.09.2010 21:40 31.654 IMAPI.EXE-0BF740A4.pf
07.09.2010 21:40 23.398 RUNDLL32.EXE-35A483DA.pf
07.09.2010 21:40 74.964 IEXPLORE.EXE-2CA9778D.pf
07.09.2010 21:40 23.948 ADOBEARM.EXE-237273D1.pf
07.09.2010 21:40 71.656 EXPLORER.EXE-082F38A9.pf
07.09.2010 21:40 54.556 SVCHOST.EXE-3530F672.pf
07.09.2010 21:40 20.138 LOGONUI.EXE-0AF22957.pf
07.09.2010 21:18 59.268 WUAUCLT.EXE-399A8E72.pf
07.09.2010 21:16 46.614 GOOGLEUPDATE.EXE-187AE91D.pf
07.09.2010 21:09 112.776 UPDATE.EXE-3398FCD6.pf
07.09.2010 21:04 63.446 AVNOTIFY.EXE-31D7686A.pf
07.09.2010 20:44 30.582 AGENTSVR.EXE-002E45AB.pf
07.09.2010 20:43 82.046 WINWORD.EXE-0AEA99D4.pf
07.09.2010 20:41 21.760 INSTALL.EXE-3AEF1D3F.pf
07.09.2010 20:25 91.826 ACDSEE.EXE-08FC4987.pf
07.09.2010 20:21 68.402 GETPLUSPLUS_ADOBE.EXE-20139700.pf
12.08.2010 18:02 30.670 AVWSC.EXE-3AC95876.pf
...........
38 Datei(en) 3.554.454 Bytes
0 Verzeichnis(se), 93.621.579.776 Bytes frei
----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS\tasks
07.09.2010 21:39 6 SA.DAT
02.09.2010 13:25 276 AppleSoftwareUpdate.job
...................
3 Datei(en) 347 Bytes
0 Verzeichnis(se), 93.621.579.776 Bytes frei
----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\WINDOWS\Temp
07.09.2010 22:09 483 WGAErrLog.txt
07.09.2010 21:35 616.448 xgwwj1e1.TMP
07.09.2010 20:48 616.448 eilv4fwr.TMP
07.09.2010 20:38 616.448 swnu8oun.TMP
04.09.2010 22:09 616.448 6d8a1rx4.TMP
04.09.2010 18:29 2.090 PQ_DEBUG.TXT
02.09.2010 20:09 382 fpRedmon.log
20.08.2010 20:52 2.090 PQ_DEBUG.001
20.08.2010 20:52 2.090 PQ_DEBUG.002
20.08.2010 20:52 3.098 PQ_DEBUG.003
20.08.2010 20:52 3.098 PQ_DEBUG.004
12.08.2010 22:08 5.158 ASPNETSetup_00002.log
12.08.2010 22:07 44.702 dd_clwireg.txt
31.07.2010 19:15 85 SetupAdminF10.log
22.07.2010 20:29 165 update.log
22.07.2010 03:05 4.374 dd_wcf_retCA5C24.txt
22.07.2010 03:05 5.158 ASPNETSetup_00001.log
22.07.2010 03:04 431.344 uxeventlog.txt
22.07.2010 03:04 659.128 dd_dotnetfx35install.txt
22.07.2010 03:04 4.463.508 dd_NET_Framework35_MSI6AC2.txt
22.07.2010 03:03 5.306.236 dd_NET_Framework30_Setup6A43.txt
22.07.2010 03:03 4.473 dd_wcf_retCA5BDE.txt
22.07.2010 03:03 75.365 dd_XPS.txt
22.07.2010 03:02 15.184.920 dd_NET_Framework20_Setup6873.txt
22.07.2010 03:02 5.158 ASPNETSetup_00000.log
22.07.2010 03:00 204.448 dd_depcheck_NETFX_EXP_35.txt
22.07.2010 03:00 2 dd_dotnetfx35error.txt
............
30 Datei(en) 29.205.778 Bytes
0 Verzeichnis(se), 93.621.575.680 Bytes frei
----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist SHIT
Volumeseriennummer: 0000-0001
Verzeichnis von C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp
07.09.2010 22:20 114.688 ~DF26E9.tmp
07.09.2010 22:11 2.505.878 Q1NInmZE.zip.part
07.09.2010 21:41 875 AdobeARM_NotLocked.log
07.09.2010 21:40 75.448 AdobeARM.log
07.09.2010 21:39 512 ~DF29F3.tmp
07.09.2010 21:39 16.384 ~DF2930.tmp
07.09.2010 21:39 512 ~DF23A1.tmp
07.09.2010 21:39 32.768 ~DF2345.tmp
07.09.2010 21:39 16.384 ~DFF8EF.tmp
07.09.2010 21:39 16.384 ~DFE68B.tmp
07.09.2010 21:39 16.384 ~DFCBB1.tmp
07.09.2010 21:04 0 isD.tmp
07.09.2010 20:24 98.654 ~GE82.jpg
07.09.2010 20:24 0 ~GE82.tmp
07.09.2010 20:24 701 ~GE7E.kmz
07.09.2010 20:24 0 ~GE7F.tmp
07.09.2010 20:24 0 ~GE7E.tmp
07.09.2010 20:13 0 geColladaModelCacheLock
07.09.2010 20:13 0 geIconCacheLock
07.09.2010 20:13 0 is49.tmp
06.09.2010 21:46 1.632 Rar$LS14.0328
06.09.2010 21:46 1.632 Rar$LS14.2562
06.09.2010 21:04 9.635 TWAIN.LOG
06.09.2010 21:03 4 Twain001.Mtx
06.09.2010 21:03 156 Twunk001.MTX
06.09.2010 21:01 441 wecerr.txt
02.09.2010 13:26 19.621 QTInstallCode.log
02.09.2010 13:26 8.266.586 SetupAdmin704.log
02.09.2010 13:25 3.956 qtplugin.log
25.08.2010 20:53 40.955 tersraww.exe
21.08.2010 23:39 0 ACD17.tmp
21.08.2010 22:06 76.956 qqlKI182.rar.part
21.08.2010 22:00 7.130.772 +B0RLMRT.rar.part
19.08.2010 19:54 31.423 amt3.log
19.08.2010 19:51 3.724 swtag.log
19.08.2010 19:50 298.324 PDApp.log
19.08.2010 19:37 9.298 oobelib.log
19.08.2010 08:56 12.818 control.xml
12.08.2010 08:03 11.670 dd_vcredistUI3923.txt
12.08.2010 08:03 528.256 dd_vcredistMSI3923.txt
02.08.2010 17:27 123 CFGCA.tmp
02.08.2010 17:27 123 CFGC7.tmp
01.08.2010 12:24 248 QTStreaming Debug Log.txt
28.07.2010 21:34 1.564 Office 2000 Premium Setup(0004).txt
27.07.2010 20:38 165 update.log
22.07.2010 19:57 505.598 Microsoft .NET Framework 2.0-KB974417_20100722_175631406.html
22.07.2010 19:57 12.248.356 Microsoft .NET Framework 2.0-KB974417_20100722_175631406-Msi0.txt
22.07.2010 19:57 5.158 ASPNETSetup_00006.log
22.07.2010 19:56 114.340 Microsoft .NET Framework 3.0-KB977354_20100722_175548750.html
22.07.2010 19:56 2.362.038 Microsoft .NET Framework 3.0-KB977354_20100722_175548750-Msi0.txt
22.07.2010 19:55 4.572 dd_wcf_retCA7481.txt
22.07.2010 19:55 505.608 Microsoft .NET Framework 2.0-KB976576_20100722_175420656.html
22.07.2010 19:55 11.716.070 Microsoft .NET Framework 2.0-KB976576_20100722_175420656-Msi0.txt
22.07.2010 19:55 5.158 ASPNETSetup_00005.log
22.07.2010 19:54 70.440 dd_clwireg.txt
22.07.2010 19:54 76.386 Microsoft .NET Framework 3.5-KB963707_20100722_175414468.html
22.07.2010 19:54 427.696 Microsoft .NET Framework 3.5-KB963707_20100722_175414468-Msi0.txt
22.07.2010 19:53 585.988 Microsoft .NET Framework 3.0-KB982168_20100722_175211375.html
22.07.2010 19:53 2.210.260 Microsoft .NET Framework 3.0-KB982168_20100722_175211375-Msi1.txt
22.07.2010 19:53 4.374 dd_wcf_retCA1B55.txt
22.07.2010 19:53 11.166.758 Microsoft .NET Framework 3.0-KB982168_20100722_175211375-Msi0.txt
22.07.2010 19:53 5.158 ASPNETSetup_00004.log
22.07.2010 19:51 503.938 Microsoft .NET Framework 2.0-KB979909_20100722_175035312.html
22.07.2010 19:51 10.003.400 Microsoft .NET Framework 2.0-KB979909_20100722_175035312-Msi0.txt
22.07.2010 19:51 5.158 ASPNETSetup_00003.log
21.07.2010 18:37 449.574 Microsoft .NET Framework 2.0-KB982865_20100721_163549000.html
21.07.2010 18:37 9.454.572 Microsoft .NET Framework 2.0-KB982865_20100721_163549000-Msi0.txt
21.07.2010 18:37 5.158 ASPNETSetup_00002.log
21.07.2010 18:32 450.218 Microsoft .NET Framework 2.0-KB953300_20100721_163142328.html
21.07.2010 18:32 8.787.456 Microsoft .NET Framework 2.0-KB953300_20100721_163142328-Msi0.txt
21.07.2010 18:32 5.158 ASPNETSetup_00001.log
21.07.2010 18:27 165 mmc.log
21.07.2010 17:43 85 SetupAdmin444.log
21.07.2010 17:31 85 SetupAdmin7E0.log
..............
111 Datei(en) 106.328.369 Bytes
0 Verzeichnis(se), 93.621.571.584 Bytes frei
Liste meine Programme von CCleaner: Code:
ATTFilter ACDSee 4.0.1 Standard ACD Systems Ltd 4.00.0001
Adobe AIR Adobe Systems Inc. 1.5.3.9120
Adobe Community Help Adobe Systems Incorporated 3.0.0.400
Adobe Flash Player Plugin Adobe Systems Incorporated 9.0.124.0
Adobe Media Player Adobe Systems Incorporated 1.8
Adobe Photoshop 7.0 Adobe Systems, Inc. 7.0
Adobe Photoshop CS5 Adobe Systems Incorporated 12.0
Adobe Reader 9.3.3 - Deutsch Adobe Systems Incorporated 9.3.3
Ant Renamer Ant Software 2.10.0
AnyDVD SlySoft
Apple Application Support Apple Inc. 1.3.2
Apple Mobile Device Support Apple Inc. 3.2.0.47
Apple Software Update Apple Inc. 2.1.2.120
Ashampoo Burning Studio 2010 ashampoo GmbH & Co. KG 9.22
Avira AntiVir Personal - Free Antivirus Avira GmbH 10.0.0.567
Bonjour Apple Inc. 2.0.3.0
CCleaner Piriform 2.35
CloneDVD Elaborate Bytes
CloneDVD2 Elaborate Bytes
Dell Resource CD Dell Inc. 1.00.0000
DVD Shrink 3.2 DVD Shrink
EASEUS Todo Backup 1.1 EASEUS
FreePDF XP (Remove only)
GMX ProfiFax GMX GmbH 1.00.170
GPL Ghostscript 8.62
GPL Ghostscript Fonts
Hardcopy (C:\Programme\Hardcopy) www.hardcopy.de 2010.08.19
High Definition Audio Driver Package - KB835221 Microsoft Corporation 20040219.000000
HiJackThis Trend Micro 1.0.0
Intel(R) PRO Network Connections Drivers
iTunes Apple Inc. 10.0.0.68
Lidl-Fotos
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft Office 2000 Premium Microsoft Corporation 9.00.2816
Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Corporation 2.0.1578.0
Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Corporation 2.0.1578.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
MiniTool Partition Wizard Home Edition 5.2 MiniTool Solution Ltd.
Mozilla Firefox (3.6.8) Mozilla 3.6.8 (de)
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
Nimo Codecs Pack v5.0 (Remove Only)
NVIDIA Drivers
Picasa 3 Google, Inc. 3.6
PowerQuest Drive Image 7.0 PowerQuest 7.00.0000
PowerQuest PartitionMagic 8.0 PowerQuest 8.00.000
QuickTime Apple Inc. 7.67.75.0
RedMon - Redirection Port Monitor
Safari Apple Inc. 5.33.17.8
Samsung Druckerstatusmonitor
SyncToy 2.1 (x86) Microsoft 2.1.0
TeamViewer 5 TeamViewer GmbH 5.0.8703
UMAX Astra 4500
VR-NetWorld
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514
WinRAR
Gmer Log: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-09-07 22:32:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\ugldypob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Root Repeal - Drivers: Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/07 22:38
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F78000 Size: 188800 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB2C97000 Size: 138496 File Visible: - Signed: -
Status: -
Name: AnyDVD.sys
Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys
Address: 0xB9476000 Size: 97408 File Visible: - Signed: -
Status: -
Name: ar5211.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ar5211.sys
Address: 0x97B1B000 Size: 471520 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9E43000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6BC000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xBA5EA000 Size: 6144 File Visible: - Signed: -
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0x9A449000 Size: 86016 File Visible: - Signed: -
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xB2B62000 Size: 139264 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5D6000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB2DF3000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1E8000 Size: 62976 File Visible: - Signed: -
Status: -
Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xBA338000 Size: 29120 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -
Name: ctac32k.sys
Image Path: C:\WINDOWS\system32\drivers\ctac32k.sys
Address: 0xB4F7B000 Size: 638976 File Visible: - Signed: -
Status: -
Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB9507000 Size: 439680 File Visible: - Signed: -
Status: -
Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB948E000 Size: 204800 File Visible: - Signed: -
Status: -
Name: ctprxy2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctprxy2k.sys
Address: 0xBA448000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ctsfm2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctsfm2k.sys
Address: 0xB5017000 Size: 159744 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F22000 Size: 154112 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1D8000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xB2A4F000 Size: 815104 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB2BA4000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA76B000 Size: 4096 File Visible: - Signed: -
Status: -
Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB960B000 Size: 176128 File Visible: - Signed: -
Status: -
Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xBA460000 Size: 16896 File Visible: - Signed: -
Status: -
Name: ElbyDelay.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyDelay.sys
Address: 0xBA6B3000 Size: 3840 File Visible: - Signed: -
Status: -
Name: emupia2k.sys
Image Path: C:\WINDOWS\system32\drivers\emupia2k.sys
Address: 0xB503E000 Size: 184320 File Visible: - Signed: -
Status: -
Name: eubakup.sys
Image Path: eubakup.sys
Address: 0xBA340000 Size: 21760 File Visible: - Signed: -
Status: -
Name: EuDisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\EuDisk.sys
Address: 0xB937B000 Size: 118016 File Visible: - Signed: -
Status: -
Name: eufs.sys
Image Path: eufs.sys
Address: 0xBA4BC000 Size: 16128 File Visible: - Signed: -
Status: -
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB2B3E000 Size: 143744 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA458000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA108000 Size: 44672 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBA3E8000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9E0B000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5D2000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F48000 Size: 126336 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xBA350000 Size: 21120 File Visible: - Signed: -
Status: -
Name: ha20x2k.sys
Image Path: C:\WINDOWS\system32\drivers\ha20x2k.sys
Address: 0xB506B000 Size: 1114112 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000 Size: 134400 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB2E13000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA418000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB2C7B000 Size: 10368 File Visible: - Signed: -
Status: -
Name: hpfxbulk.sys
Image Path: C:\WINDOWS\system32\drivers\hpfxbulk.sys
Address: 0xB2C93000 Size: 9344 File Visible: - Signed: -
Status: -
Name: HPFXGEN.SYS
Image Path: C:\WINDOWS\system32\drivers\HPFXGEN.SYS
Address: 0xBA388000 Size: 20480 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x97FE9000 Size: 265728 File Visible: - Signed: -
Status: -
Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xB9E5B000 Size: 815104 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA208000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA1C8000 Size: 40448 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB2CB9000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB2D60000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37632 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA450000 Size: 25216 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB2C73000 Size: 14720 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x97CE6000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB94C0000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DE0000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5DA000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA468000 Size: 23552 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB93FE000 Size: 12288 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9A14C000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB2BAC000 Size: 455680 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA440000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA248000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9CBF000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9D0C000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9D26000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA59C000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0x9A425000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB945F000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2A8000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA308000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB2CDF000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA470000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D53000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA792000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6111232 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB964A000 Size: 6557408 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xB9F67000 Size: 68224 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB94E3000 Size: 147456 File Visible: - Signed: -
Status: -
Name: PQIMount.SYS
Image Path: C:\WINDOWS\System32\Drivers\PQIMount.SYS
Address: 0xBA318000 Size: 36768 File Visible: - Signed: -
Status: -
Name: PQNTDrv.SYS
Image Path: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS
Address: 0xBA7A7000 Size: 2688 File Visible: - Signed: -
Status: -
Name: PQV2i.sys
Image Path: PQV2i.sys
Address: 0xB9DF7000 Size: 77984 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB944E000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA3E0000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB941A000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA218000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA228000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA238000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA3F0000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB2C44000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5DE000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB941E000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA1F8000 Size: 57728 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9920B000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E2B000 Size: 98304 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x99611000 Size: 354304 File Visible: - Signed: -
Status: -
Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xBA488000 Size: 23040 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5BE000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0x9A2E1000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB2D07000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA3B8000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA258000 Size: 40704 File Visible: - Signed: -
Status: -
Name: ugldypob.sys
Image Path: C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\ugldypob.sys
Address: 0x97B8F000 Size: 93056 File Visible: No Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9398000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBA368000 Size: 32128 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5CE000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA430000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA2C8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB95E7000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xBA378000 Size: 25856 File Visible: - Signed: -
Status: -
Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xB2E33000 Size: 15104 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA4A8000 Size: 26368 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA400000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA428000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9636000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 53760 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA2F8000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA3D8000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9A0E7000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -
Root Repeal Processes: Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/07 22:38
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Processes
-------------------
Path: System
PID: 4 Status: -
Path: C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PID: 164 Status: -
Path: C:\WINDOWS\Samsung\LaserSMMgr\SSMMgr.exe
PID: 224 Status: -
Path: C:\WINDOWS\explorer.exe
PID: 248 Status: -
Path: C:\Programme\Avira\AntiVir Desktop\avguard.exe
PID: 320 Status: -
Path: C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 352 Status: -
Path: C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PID: 416 Status: -
Path: C:\Programme\Bonjour\mDNSResponder.exe
PID: 440 Status: -
Path: C:\WINDOWS\system32\gearsec.exe
PID: 492 Status: -
Path: C:\WINDOWS\system32\rundll32.exe
PID: 512 Status: -
Path: C:\Programme\FreePDF_XP\fpassist.exe
PID: 528 Status: -
Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 600 Status: -
Path: C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PID: 616 Status: -
Path: C:\WINDOWS\system32\smss.exe
PID: 756 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 780 Status: -
Path: C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PID: 796 Status: -
Path: C:\WINDOWS\system32\csrss.exe
PID: 824 Status: -
Path: C:\WINDOWS\system32\winlogon.exe
PID: 848 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 872 Status: -
Path: C:\WINDOWS\system32\services.exe
PID: 892 Status: -
Path: C:\WINDOWS\system32\lsass.exe
PID: 904 Status: -
Path: C:\Programme\Internet Explorer\iexplore.exe
PID: 964 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1100 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1168 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1224 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1324 Status: -
Path: C:\Programme\Internet Explorer\iexplore.exe
PID: 1372 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1384 Status: -
Path: C:\WINDOWS\system32\ctfmon.exe
PID: 1540 Status: -
Path: C:\WINDOWS\system32\spoolsv.exe
PID: 1596 Status: -
Path: C:\Programme\Avira\AntiVir Desktop\sched.exe
PID: 1644 Status: -
Path: C:\WINDOWS\system32\svchost.exe
PID: 1700 Status: -
Path: C:\WINDOWS\system32\CTXFISPI.EXE
PID: 1720 Status: -
Path: C:\WINDOWS\system32\msdtc.exe
PID: 1724 Status: -
Path: C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
PID: 1796 Status: -
Path: C:\WINDOWS\CTHELPER.EXE
PID: 1916 Status: -
Path: C:\WINDOWS\system32\CTXFIHLP.EXE
PID: 1940 Status: -
Path: C:\Programme\iTunes\iTunesHelper.exe
PID: 1968 Status: -
Path: C:\Programme\TeamViewer\Version5\TeamViewer.exe
PID: 1988 Status: -
Path: C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
PID: 2152 Status: -
Path: C:\Programme\Mozilla Firefox\plugin-container.exe
PID: 2184 Status: -
Path: C:\Programme\Hardcopy\hardcopy.exe
PID: 2320 Status: -
Path: C:\WINDOWS\system32\dllhost.exe
PID: 2460 Status: -
Path: C:\Dokumente und Einstellungen\Stefan_User\Desktop\RootRepeal\RootRepeal.exe
PID: 2588 Status: -
Path: C:\WINDOWS\system32\vssvc.exe
PID: 2968 Status: -
Path: C:\Programme\iPod\bin\iPodService.exe
PID: 3192 Status: -
Path: C:\Programme\Mozilla Firefox\firefox.exe
PID: 3256 Status: -
Path: C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe
PID: 3264 Status: -
Path: C:\WINDOWS\system32\alg.exe
PID: 3448 Status: -
Path: C:\WINDOWS\system32\dllhost.exe
PID: 3548 Status: -
Keine Stealth Objects oder Hidden Services gefunden. Ich bin dankbar für alle Tipps und jede Hilfe! Danke! N. |
| Themen zu Abbild fehlerhaft - zig mal |
| .dll, 32-bit, abbild fehlerhaft, adobe, alle programme, antivir guard, avira, bho, bonjour, components, desktop, einstellungen, explorer, firefox, firewall, flash player, hkus\s-1-5-18, home, internet, internet explorer, laufwerk c, mozilla, photoshop, prefetch, problem, rundll, software, starten, studio, system 32, windows, windows xp |
Baum-Darstellung