| |
| |||||||
Log-Analyse und Auswertung: syspck32.exe Win32/Rootkit.Kryptik.AF trojanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.09.2010, 07:12
| #1 |
 |  syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo, ich hatte (oder habe immer noch?) auf meinem Rechner Malware. Das äußerte sich z.B. durch eine Datei namens syspck32.exe im Autostart-Ordner und avdrn.dat im "Anwendungsdaten"-Ordner. Ich habe Malwarebytes und meinen Virenscanner (ESET Nod32) genutzt, um etliche Einträge und Dateien (zumeist unter ...\system32\drivers - vom Virenscanner als "Win32/Rootkit.Kryptik.AF trojan" gekennzeichnet: ~60 Dateien mit der gleichen Größe) zu entfernen. Nach erneutem Durchlauf findet Malwarebytes als auch der Virenscanner nichts Verdächtiges mehr. Lt. Anleitung hier in diesem Forum habe ich nochmal alle Tools, die es über "load.exe" zu laden gibt, durchlaufen lassen. MalwareBytes LOG: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4656
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.09.2010 15:46:03
mbam-log-2010-09-20 (15-46-03).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146214
Laufzeit: 10 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:46 on 20/09/2010 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Gmer.txt Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-21 03:25:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys
---- System - GMER 1.0.15 ----
SSDT 89C09580 ZwAssignProcessToJobObject
SSDT 89C0A100 ZwDebugActiveProcess
SSDT 89C09B30 ZwDuplicateObject
SSDT 89C08CC0 ZwOpenProcess
SSDT 89C08FC0 ZwOpenThread
SSDT 89C099C0 ZwProtectVirtualMemory
SSDT 89C09860 ZwSetContextThread
SSDT 89C096E0 ZwSetInformationThread
SSDT 89C06700 ZwSetSecurityObject
SSDT 89C09420 ZwSuspendProcess
SSDT 89C092C0 ZwSuspendThread
SSDT 89C08E50 ZwTerminateProcess
SSDT 89C09150 ZwTerminateThread
SSDT 89C09F50 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9C59ABF]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[332] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Programme\Mozilla Firefox\firefox.exe[332] WS2_32.dll!connect 71A14A07 5 Bytes JMP 04852850 C:\Programme\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[332] WS2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 04852A50 C:\Programme\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1956] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x8E 0xBD 0x29 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC7 0x2B 0xB1 0xB1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x62 0x2B 0x08 0xDF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0x11 0x49 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x91 0xD7 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5A 0xF3 0xEB 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB7 0x16 0x05 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF0 0x1B 0x3E 0x8E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x4E 0xC2 0x36 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 3B2C00A74762A1F89A4A9495728923323A7727628EF902060A668ACABA6B6301D84373FC0C36695852B00CD3606FC78B94899C65B857FCD451FE3DDD1D2209F50200A12F1E7E40C526EDED08597C27999BA99BA51B3C62747C6CF0EE806DB392936B0ADC3A238CB4DDD1E83FD070A64E9F8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB345254EC4C8791926AF11C50EA4BD63E00D251FB123311B4C0DF8087C4BB1D67D1C270E8434D6917B320B7314A579AFE53E66817F7C4B3422EE644D4ADBA5C3404B77F5311A9266A976F9CA714AC74A387B4CEDE0B3C627DA889749C62ACC7F27B7F9A85CBFE45B634A913F8138261D5C2E51E26F244B82BFD799D5F8150BEA5D3F2DC4BAA42855C0968E8DF3B22A2718E7DF3B2791D9BC6633B4D8FCFFB630507BB67E58BFB6A6FFB1DEE8BA26BBC8659CE72418C182EFBEEAA9595B5169EF975585B8B6FCA3E37568A781C01CEF9D975043F80419EDDAC9BF38E4DBD1C19A2651CE1637A5F8C2FC5C75F28365367E41B978391CCAAD6EDCA99D208191E4452FD2DA68CF47E2406DCC100B94492D4D2E1DDEB8D0BCB8A0B3E717F081A40D10FCB87D816CD029A200FB9BA4E50BC5905C9F72CFE79A532801E24B8873BB93A9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 539D3ED1966AF8AFA671C2B66CE4F82E44721BCF221C3EB25FA863369F3A29150A834F4FB9B18200B1F5D4CCAFCB70182467E07FB771F6F5A069AA71A15A0CEE08CB09DD027C39AB8C71DD6F704ECF12F804904E5ADF28FB076B9701DABDF644CB9D1720AEA32F97A4368353330473A6C2E9E6266CDA1994453D20A2AF513B4857144646C835DD7EECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3DE69390472A03F2EDB053C3577738BD9B986A3AD0B8125D0D4BED55BAE9EAED7212F37A507A07D7F55AF18E2F47BC606E1722AD135B2297AAE981C02A05540F451E595A6B3B47DF097BD86B0D512A096BDB41BFFEFC5412111A1E5176A7D005665212669595EA394067308411DA4E6B9BE5E6B0701E4222DAABF97BE02E636C22688EE710E37A64BB66419A1B5CDE0D0FAAD7538CF6E7F4A7DEF448ED2E6F35C90E65BFE03965B51B32FC7E5384F14658117C12BA71A4071BE60ED6E3EE3FA3316451DC4F59FD5604F9F49A223481460D76DEE7A4ACBEAC5CEEE95650EA00CD32032FC7E83C7AC2A061606737816F8EC7A8B0663B7A5D0C1813D28C825344A1A7F3029A008E764B9EFE19F584B57EF4296DC4B031610D9FFCE435D30F8AFEDCF333EE02A9B06E9
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 21.09.2010 03:29:19 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 765 1400 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 32,23 Gb Total Space | 7,22 Gb Free Space | 22,41% Space Free | Partition Type: NTFS Drive D: | 42,30 Gb Total Space | 1,88 Gb Free Space | 4,45% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOTEBOOK Current User Name: NUTZER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.09.20 15:27:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools\OTL.exe PRC - [2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer\gmer.exe PRC - [2009.09.11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009.09.11 08:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2010.09.20 15:27:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010.04.06 21:45:23 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (aawservice) SRV - [2009.09.11 08:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.09.11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.09.04 07:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2007.08.29 19:27:41 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.03.20 13:53:52 | 000,081,920 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\VSGate.exe -- (VSGate) SRV - [2006.03.20 13:34:28 | 000,147,456 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrAdm.exe -- (LcSvrAdm) SRV - [2006.03.20 13:28:50 | 000,217,088 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrHis.exe -- (LcSvrHis) SRV - [2006.03.20 13:23:04 | 001,302,528 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrAuf.exe -- (LcSvrAuf) SRV - [2006.03.20 13:17:40 | 000,368,640 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrPas.exe -- (LcSvrPAS) SRV - [2006.03.20 13:16:12 | 000,233,472 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrDba.exe -- (LcSvrDba) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys -- (SANDRA) DRV - [2009.09.11 08:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009.09.11 08:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.09.11 08:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009.03.19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009.03.19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer) DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2007.08.29 19:04:13 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.05.18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2006.05.18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2005.02.10 18:52:36 | 000,157,056 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.02.08 15:33:06 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.01.25 08:27:14 | 001,038,208 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.01.25 08:26:36 | 000,207,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005.01.25 08:26:28 | 000,703,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.10.29 12:48:10 | 003,222,784 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.06.25 08:31:00 | 000,276,480 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA) DRV - [2004.06.25 08:29:00 | 000,034,048 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD) DRV - [2003.05.22 04:47:12 | 000,175,360 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001.11.01 16:30:30 | 000,041,759 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.22 10:02:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.01 19:44:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.17 14:15:00 | 000,000,000 | ---D | M] [2008.12.05 19:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Extensions [2010.09.20 15:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions [2010.06.25 20:02:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.25 20:02:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.06.06 11:52:18 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.09.14 20:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\firefox@tvunetworks.com [2010.04.08 17:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions [2010.03.08 19:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.08 17:03:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.08 19:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\staged-xpis [2010.09.15 13:46:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\searchplugins\icqplugin-1.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\searchplugins\icqplugin.xml [2010.09.20 15:41:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.07.31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.08.01 19:44:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.01 19:44:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 19:44:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 19:44:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 19:44:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263744009265 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\Programme\ElsaWin_322\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell - "" = AutoRun O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell - "" = AutoRun O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ciphtdde - (C:\WINDOWS\system32\ntvdyi64.dll) - C:\WINDOWS\System32\ntvdyi64.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "SandraAgentSrv" MsConfig - Services: "gusvc" MsConfig - Services: "Adobe LM Service" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^NUTZER^Startmenü^Programme^Autostart^syspck32.exe - C:\Dokumente und Einstellungen\NUTZER\Startmenü\Programme\Autostart\syspck32.exe - File not found MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ6\ICQ.exe File not found MsConfig - StartUpReg: ICQ Lite - hkey= - key= - C:\Programme\ICQLite\ICQLite.exe File not found MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: OODefragTray - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe File not found MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SystemTray - hkey= - key= - File not found MsConfig - StartUpReg: THGuard - hkey= - key= - C:\Programme\TrojanHunter 5.0\THGuard.exe File not found MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) Unable to start service SrService! ========== Files/Folders - Created Within 90 Days ========== [2010.09.20 15:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer [2010.09.20 15:33:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.09.20 15:32:31 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.09.20 15:27:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools [2010.09.19 14:05:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\2010-09-19 [2010.09.16 17:22:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\NUTZER\Recent [2010.09.14 20:11:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx [2010.09.13 18:35:02 | 000,000,000 | ---D | C] -- C:\backup [2010.09.10 16:12:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Fussboden [2010.08.18 22:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Wohnung_Baederstrasse_4 [2010.08.05 21:34:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Profilfotos [2010.07.04 21:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\DEU-ARG [2010.07.03 15:19:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Suedafrika_Janni [2010.06.26 12:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\AOL [2010.06.26 12:44:58 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2008.03.23 12:00:34 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.20 15:51:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.20 15:48:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.20 15:48:01 | 001,318,635 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010.09.20 15:47:20 | 012,058,624 | -H-- | M] () -- C:\Dokumente und Einstellungen\NUTZER\NTUSER.DAT [2010.09.20 15:47:20 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\NUTZER\ntuser.ini [2010.09.20 15:46:59 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\defogger_reenable [2010.09.20 15:27:17 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer.zip [2010.09.20 15:27:17 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\defogger.exe [2010.09.20 15:24:03 | 000,388,659 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Load.exe [2010.09.19 14:11:58 | 001,094,246 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0003.BMP [2010.09.19 14:07:23 | 001,094,246 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0002.BMP [2010.09.19 14:06:37 | 000,088,190 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0001.BMP [2010.09.17 21:08:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.17 21:08:05 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 06:58:28 | 000,040,261 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Einstellungstests - Bewerbu...pdf [2010.09.16 20:20:52 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Anschreiben Polizei.doc [2010.09.16 18:56:50 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\~$schreiben Polizei.docm [2010.09.14 19:10:20 | 002,505,423 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Osmo-Optimal-behandelt_2009.pdf [2010.09.14 19:04:38 | 001,470,490 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Holzbodenoele.pdf [2010.09.14 18:32:53 | 000,907,934 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Technisches%20Merkblatt%20Bona%20Mix%20und%20Fill.pdf [2010.09.12 19:32:42 | 000,001,517 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr [2010.09.08 17:20:41 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Eigene Dateien\Anschreiben Polizei.doc [2010.08.12 20:02:47 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 17:05:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 16:54:35 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 16:54:34 | 001,006,570 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 16:54:34 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 16:54:34 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 16:54:34 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.29 20:00:29 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.29 20:00:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.29 20:00:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.06.30 21:54:39 | 000,004,475 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\HearstCastle.jpg [2010.06.30 21:49:09 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Kosten_SA.xls [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.20 15:46:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\defogger_reenable [2010.09.20 15:27:17 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\defogger.exe [2010.09.20 15:27:15 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer.zip [2010.09.20 15:24:03 | 000,388,659 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Load.exe [2010.09.19 14:11:47 | 001,094,246 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0003.BMP [2010.09.19 14:07:12 | 001,094,246 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0002.BMP [2010.09.19 14:06:33 | 000,088,190 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0001.BMP [2010.09.17 06:58:28 | 000,040,261 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Einstellungstests - Bewerbu...pdf [2010.09.16 18:59:46 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Anschreiben Polizei.doc [2010.09.16 18:56:50 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\~$schreiben Polizei.docm [2010.09.14 19:10:20 | 002,505,423 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Osmo-Optimal-behandelt_2009.pdf [2010.09.14 19:04:38 | 001,470,490 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Holzbodenoele.pdf [2010.09.14 18:32:53 | 000,907,934 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Technisches%20Merkblatt%20Bona%20Mix%20und%20Fill.pdf [2010.09.08 17:20:40 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Eigene Dateien\Anschreiben Polizei.doc [2010.08.08 21:04:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.06.30 21:54:38 | 000,004,475 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\HearstCastle.jpg [2010.06.28 15:45:23 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Kosten_SA.xls [2010.04.06 22:35:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.02.28 16:27:27 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\V0WIN771.SYS [2010.02.13 17:03:16 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2009.10.05 21:49:09 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\V0WIN769.SYS [2009.10.05 21:47:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\TSetup.INI [2009.08.29 23:21:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.01.31 10:22:55 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Acroread.ini [2009.01.28 20:25:58 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2008.12.13 18:41:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.12.13 18:39:59 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.11.02 21:32:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.09.19 16:44:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\m_s.ini [2008.03.23 12:00:31 | 000,000,709 | ---- | C] () -- C:\WINDOWS\LMAAX2DD.ini [2008.03.23 08:49:20 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008.01.11 19:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.01.09 23:46:02 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\706E5248BC.sys [2008.01.09 23:34:27 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.12.22 13:08:09 | 000,000,253 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.12.01 19:28:40 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2007.10.28 23:04:13 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.08.29 21:57:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.08.29 20:37:24 | 000,089,088 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.29 20:16:00 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.08.29 19:32:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007.08.29 19:32:17 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.08.29 19:32:16 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.08.29 19:32:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.08.29 19:32:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007.08.29 19:14:28 | 000,000,928 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.08.29 00:20:53 | 000,001,366 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2007.08.29 00:01:53 | 000,033,503 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log [2005.08.22 05:44:00 | 000,012,244 | ---- | C] () -- C:\WINDOWS\MSUMLT_Y.INI [2004.01.13 18:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.12.20 18:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.04.29 16:27:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.02.04 19:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2008.09.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2009.10.05 21:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HSETU [2009.09.17 23:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2009.09.27 18:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OfficeRecovery [2009.09.17 23:41:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.07.08 20:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.03.16 21:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.12.29 22:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2010.04.06 21:42:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2009.08.29 15:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.02.28 12:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\BOM [2010.01.17 13:16:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\BPFTP [2008.03.08 11:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Canon [2008.09.10 16:02:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Dev-Cpp [2009.11.09 21:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\GrabPro [2010.09.18 19:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQ [2008.03.01 10:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQ Toolbar [2007.12.20 16:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQLite [2009.08.29 15:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\MPEG Streamclip [2009.09.17 23:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Nokia [2009.09.17 23:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Nseries [2010.09.19 20:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Orbit [2009.09.17 23:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\PC Suite [2008.12.13 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Samsung [2010.02.25 18:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\streamripper [2008.07.08 20:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\TechSmith [2009.01.28 20:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\TrojanHunter [2010.04.12 19:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\WinEdt [2010.04.09 15:59:29 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.09.20 15:47:59 | 000,021,109 | ---- | M] () -- C:\aaw7boot.log [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.07.29 20:00:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007.08.28 23:49:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007.08.29 18:42:00 | 000,000,006 | ---- | M] () -- C:\ISACER.ID [2010.08.02 21:26:45 | 000,000,158 | ---- | M] () -- C:\mbam-error.txt [2007.08.28 23:49:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008.08.27 21:33:51 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.09.20 15:48:04 | 802,160,640 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2007.08.28 23:48:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003.06.18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2005.08.22 05:44:00 | 000,010,240 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Y.DLL [2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.08.29 01:32:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2007.08.29 01:32:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2007.08.29 01:32:18 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Dokumente und Einstellungen\All Users\DRM:الهريرة @Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8B4F37E5 @Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2010 03:29:19 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 765 1400 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,23 Gb Total Space | 7,22 Gb Free Space | 22,41% Space Free | Partition Type: NTFS
Drive D: | 42,30 Gb Total Space | 1,88 Gb Free Space | 4,45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NOTEBOOK
Current User Name: NUTZER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Disabled:ElsaWinRPC
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Dokumente und Einstellungen\NUTZER\Desktop\eMule0.48a\emule.exe" = C:\Dokumente und Einstellungen\NUTZER\Desktop\eMule0.48a\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\eMule0.48a\emule.exe" = C:\Programme\eMule0.48a\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.7
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8304BFDD-2852-4ABB-9412-2EFA1D8FA561}" = HS Energieberater 6 Plus
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9112CADD-8FC9-4B75-BB46-40D9544D4359}}_is1" = dena - Energieausweis für Gebäude 3.0 (Formularapplikation)
"{9112CXXX-8FC9-4B75-BB46-40D9544D4657}}_is1" = dena - Energieausweis für Gebäude
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E653C735-0D84-AD30-7C75-91C8DC421031}" = Nero 7 Demo
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515
"{EFA800BF-C5C8-46D1-B49D-13920D05417C}" = ESET NOD32 Antivirus
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ATI Display Driver" = ATI Display Driver
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsaWin" = ElsaWin
"ERUNT_is1" = ERUNT 1.1j
"EVA2009" = EVA2009
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FixFoto_is1" = FixFoto 2.82
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GSview 4.8" = GSview 4.8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"Lexmark_HostCD" = Lexmark Software deinstallieren
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.0.3
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Ulisess Seguridad 10B" = Ulisess Seguridad 10B
"VAG-COM311_DE" = VAG-COM 311 Deutsch
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEdt_is1" = WinEdt
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2010 14:27:16 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3828, fehlgeschlagenes
Modul sqlite3.dll, Version 3.6.22.0, Fehleradresse 0x0006006e.
Error - 07.07.2010 13:44:15 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 15.07.2010 09:17:22 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3828, fehlgeschlagenes
Modul grabxpcom.dll, Version 0.0.0.0, Fehleradresse 0x0001d478.
Error - 02.08.2010 15:22:21 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 02.08.2010 15:23:04 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 08.08.2010 10:45:00 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 08.08.2010 10:45:37 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 03.09.2010 09:47:36 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 7.0.8.218, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24002bcb.
Error - 16.09.2010 12:57:24 | Computer Name = NOTEBOOK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 17.09.2010 00:57:38 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 7.0.8.218, fehlgeschlagenes
Modul acrobat.dll, Version 7.1.0.649, Fehleradresse 0x0004675d.
[ System Events ]
Error - 07.09.2010 11:49:24 | Computer Name = NOTEBOOK | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{9C623475-FAF8-4E0D-B897-EC7801EDBAE0} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 07.09.2010 13:41:19 | Computer Name = NOTEBOOK | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{9C623475-FAF8-4E0D-B897-EC7801EDBAE0} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 13.09.2010 09:55:19 | Computer Name = NOTEBOOK | Source = PlugPlayManager | ID = 12
Description = Das Gerät "TOSHIBA CD/DVDW SD-R6472" (IDE\CdRomTOSHIBA_CD/DVDW_SD-R6472________________TU51____\3531373630313831353820202020202020202020)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Bonjour-Dienst" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 20.09.2010 09:29:51 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe LM Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 21:29:44 | Computer Name = NOTEBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 20.09.2010 21:29:44 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
Für alle Antworten schon mal Danke im Voraus! Grüße |
|
21.09.2010, 12:28
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | syspck32.exe Win32/Rootkit.Kryptik.AF trojanZitat:
__________________ |
|
21.09.2010, 15:56
| #3 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo,
__________________anbei die Logs der vorherigen Durchläufe Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4656
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.09.2010 13:40:49
mbam-log-2010-09-20 (13-40-49).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146112
Laufzeit: 11 Minute(n), 37 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Not selected for removal.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Maximilian\Startmenü\Programme\Autostart\syspck32.exe (Trojan.Downloader) -> Delete on reboot.
und Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4656
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.09.2010 14:25:40
mbam-log-2010-09-20 (14-25-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331700
Laufzeit: 49 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
21.09.2010, 18:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell - "" = AutoRun
O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell - "" = AutoRun
O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O36 - AppCertDlls: ciphtdde - (C:\WINDOWS\system32\ntvdyi64.dll) - C:\WINDOWS\System32\ntvdyi64.dll File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^NUTZER^Startmenü^Programme^Autostart^syspck32.exe - C:\Dokumente und Einstellungen\NUTZER\Startmenü\Programme\Autostart\syspck32.exe - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File not found
@Alternate Data Stream - 48 bytes -> C:\Dokumente und Einstellungen\All Users\DRM:الهريرة
@Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8B4F37E5
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.09.2010, 19:08
| #5 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan So, ich habe das durchgeführt. Das Log-File sieht folgendermaßen aus: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302abbda-bb91-11dc-b60d-0016360ddfaa}\ not found.
File I:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ciphtdde:C:\WINDOWS\system32\ntvdyi64.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Maximilian^Startmenü^Programme^Autostart^syspck32.exe\ deleted successfully.
File C:\WINDOWS\pss\syspck32.exeStartup not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\DRM:الهريرة deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8B4F37E5 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Maximilian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 827255 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94035287 bytes
->Flash cache emptied: 1337 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 90,00 mb
OTL by OldTimer - Version 3.2.14.0 log created on 09212010_200031
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Danke und Gruß |
|
22.09.2010, 09:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> syspck32.exe Win32/Rootkit.Kryptik.AF trojan |
|
22.09.2010, 20:27
| #7 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo Arne, das Log von ComboFix sieht folgendermaßen aus: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-22.02 - Maximilian 22.09.2010 21:07:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1534.1080 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Maximilian\Desktop\cofi.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-22 bis 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-20 13:32 . 2010-09-20 13:32 -------- d-----w- c:\programme\ERUNT
2010-09-14 18:11 . 2010-09-14 18:11 -------- d-----w- c:\windows\system32\TVUAx
2010-09-13 16:35 . 2010-09-13 16:35 -------- d-----w- C:\backup
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 18:41 . 2008-10-08 19:03 -------- d-----w- c:\programme\CCleaner
2010-09-21 15:58 . 2009-11-09 19:35 -------- d-----w- c:\dokumente und einstellungen\Maximilian\Anwendungsdaten\Orbit
2010-09-18 17:14 . 2007-08-29 17:46 -------- d-----w- c:\dokumente und einstellungen\Maximilian\Anwendungsdaten\ICQ
2010-08-27 17:18 . 2010-06-26 10:44 -------- d-----w- c:\programme\ICQ7.2
2010-08-21 12:06 . 2009-08-16 18:54 -------- d-----w- c:\dokumente und einstellungen\Maximilian\Anwendungsdaten\vlc
2010-08-12 14:54 . 2004-08-04 12:00 81324 ----a-w- c:\windows\system32\perfc007.dat
2010-08-12 14:54 . 2004-08-04 12:00 452544 ----a-w- c:\windows\system32\perfh007.dat
2010-08-02 19:26 . 2010-04-06 20:19 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-06-30 12:28 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2008-01-09 21:46 . 2008-01-09 21:46 56 --sh--r- c:\windows\system32\706E5248BC.sys
2006-05-03 09:06 . 2009-08-29 18:53 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-08-13 16:52 . 2008-01-09 21:34 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2009-08-29 18:53 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-29 18:53 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 00:08 483328 ----a-w- c:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-02-01 14:45 98304 ----a-w- c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\programme\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 15:30 249856 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 15:30 81920 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03 292128 ----a-w- c:\programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-09-04 05:01 2524416 ----a-w- c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-24 23:11 132496 ----a-w- c:\programme\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2004-08-04 12:00 3072 ----a-w- c:\windows\system32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-w- c:\programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraAgentSrv"=3 (0x3)
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\eMule0.48a\\emule.exe"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\TVAnts\\Tvants.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:ElsaWinRPC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.09.2009 08:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.09.2009 08:26 96408]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [11.09.2009 08:24 735960]
S3 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 16:35 128296]
S3 LcSvrAdm;ELSA Administration Service;c:\programme\ElsaWin_322\bin\LcSvrAdm.exe [31.08.2008 10:17 147456]
S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\programme\ElsaWin_322\bin\LcSvrAuf.exe [31.08.2008 10:17 1302528]
S3 LcSvrDba;ELSA DBA Server;c:\programme\ElsaWin_322\bin\LcSvrDba.exe [31.08.2008 10:17 233472]
S3 LcSvrHis;ELSA Historie Server;c:\programme\ElsaWin_322\bin\LcSvrHis.exe [31.08.2008 10:17 217088]
S3 LcSvrPAS;ELSA PASS Server;c:\programme\ElsaWin_322\bin\LcSvrPas.exe [31.08.2008 10:17 368640]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.09.2009 23:06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.09.2009 23:06 8320]
S3 VSGate;ELSA Vaudis Service;c:\programme\ElsaWin_322\bin\VSGate.exe [31.08.2008 10:17 81920]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.08.2007 19:04 639224]
.
Inhalt des "geplante Tasks" Ordners
2010-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:45]
2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\dokumente und einstellungen\Maximilian\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\dokumente und einstellungen\Maximilian\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-ICQ - c:\programme\ICQ6\ICQ.exe
MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
MSConfigStartUp-Skype - c:\programme\Skype\Phone\Skype.exe
MSConfigStartUp-THGuard - c:\programme\TrojanHunter 5.0\THGuard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-22 21:14
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="3B2C00A74762A1F89A4A9495728923323A7727628EF902060A668ACABA6B6301D84373FC0C36695852B00CD3606FC78B94899C65B857FCD451FE3DDD1D2209F50200A12F1E7E40C526EDED08597C27999BA99BA51B3C62747C6CF0EE806DB392936B0ADC3A238CB4DDD1E83FD070A64E9F8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB345254EC4C8791926AF11C50EA4BD63E00D251FB123311B4C0DF8087C4BB1D67D1C270E8434D6917B320B7314A579AFE53E66817F7C4B3422EE644D4ADBA5C3404B77F5311A9266A976F9CA714AC74A387B4CEDE0B3C627DA889749C62ACC7F27B7F9A85CBFE45B634A913F8138261D5C2E51E26F244B82BFD799D5F8150BEA5D3F2DC4BAA42855C0968E8DF3B22A2718E7DF3B2791D9BC6633B4D8FCFFB630507BB67E58BFB6A6FFB1DEE8BA26BBC8659CE72418C182EFBEEAA9595B5169EF975585B8B6FCA3E37568A781C01CEF9D975043F80419EDDAC9BF38E4DBD1C19A2651CE1637A5F8C2FC5C75F28365367E41B978391CCAAD6EDCA99D208191E4452FD2DA68CF47E2406DCC100B94492D4D2E1DDEB8D0BCB8A0B3E717F081A40D10FCB87D816CD029A200FB9BA4E50BC5905C9F72CFE79A532801E24B8873BB93A943F78AC8694D7489537C073D9A3124C90B5E079E43DEDC380753124AF9659B750ACA4D9567E7F483091BE14412EEACBBC6AE38C329BF280EE3369EC23EB7DC964CC809AF2640FF9F0C0F1095D00AF388694A3A3CD8011E9E62C72C1741F9A33A73BD8AFBC43B1838A4967C2FDCF5F381FC0930012FA3D463417C655AC39387BA5F94ADC093C22CC6514063664778BB3E9627D68CFBB7E1FDA8EB2DE4765F46D9B6B4A6A2014B1809CEF025BC674DB5800CDFCA5C89B6E428E925A97B373FE987CD89D224033C710FE8D692F4FE889162D400305B315BFC2B887313F56D79CCFEFEF60551AA65B2F12829A321B9A6325F3D655583DC732F678B2829708AA242BCE3E80D7D1A0FA560AC74BE9BC734B7A07938C7503F41FF71EC1EB6814268184283BC000027348C0563B81DE3B023857505D14371805F1A42FC1DE7B3BAB377A3FBCB729B61B776F131E1A1C0FF7333AEA00ADF88402A89EE5A82020AF3ED7720A81D134F0B25327169544B4A6AA5C6828276E1E429BD64D2F4C4CA89B870D92B2A84B0526F9B6EEE52C04BA6594E3EB8BE5BD8C402425D82C67CD6B9A51124598B6B802BED895133ECD30C89FD29192CFB3DAACE2924D31B31BE843BA0D37BA4D92801818D573248ECBF67A20283EEB5F6B546B00011F88CE6A320F824EDFE5188BDDB5031FE9F5FADD55F02579DACD5BC98FBCE230FD53B9BB13B1694B077D72"
"OODEFRAG11.00.00.01WORKSTATION"="539D3ED1966AF8AFA671C2B66CE4F82E44721BCF221C3EB25FA863369F3A29150A834F4FB9B18200B1F5D4CCAFCB70182467E07FB771F6F5A069AA71A15A0CEE08CB09DD027C39AB8C71DD6F704ECF12F804904E5ADF28FB076B9701DABDF644CB9D1720AEA32F97A4368353330473A6C2E9E6266CDA1994453D20A2AF513B4857144646C835DD7EECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3DE69390472A03F2EDB053C3577738BD9B986A3AD0B8125D0D4BED55BAE9EAED7212F37A507A07D7F55AF18E2F47BC606E1722AD135B2297AAE981C02A05540F451E595A6B3B47DF097BD86B0D512A096BDB41BFFEFC5412111A1E5176A7D005665212669595EA394067308411DA4E6B9BE5E6B0701E4222DAABF97BE02E636C22688EE710E37A64BB66419A1B5CDE0D0FAAD7538CF6E7F4A7DEF448ED2E6F35C90E65BFE03965B51B32FC7E5384F14658117C12BA71A4071BE60ED6E3EE3FA3316451DC4F59FD5604F9F49A223481460D76DEE7A4ACBEAC5CEEE95650EA00CD32032FC7E83C7AC2A061606737816F8EC7A8B0663B7A5D0C1813D28C825344A1A7F3029A008E764B9EFE19F584B57EF4296DC4B031610D9FFCE435D30F8AFEDCF333EE02A9B06E95B0DDA0E83FCD5522517C147E7C9BBE36BFE8A1984E288C157AB4BE42BD38C61A897C97F662FC7F96E9823A9ED81946F396184D5B5C78A7B026DD61B0DA6CC3A5654FC5EC2BA5EC21991E756EC57BDBCDBE5F903398F9F36B6089E737E1C99158813C16281D6470E813E3ABE307999C8F77A06948A9E0F5D69B84885576813EA89F1F189DFC06C2E786DC6407227D89D7833077D7F31595D4CC119C9B03783BDD84467CD3D50BFC6BAA044BF2E3E50598ABD781322631A21E6C652232B4475F15F9741C6675A920153CC8305ADAC4D89ABA52EDBF30844D3E752C3B52FCB8653F4E61F083ED4B10DAF61007FED8C1B17680D4CA7645132B156B82AD4A104FEBA053381B6F960E92861F3268BA77B69E1CD0004A66DE15B555D07B637CE73E75535D17DB02084254B6FB7A8EF81032954E83EF3FAE38754A08AF1CE95F416F67C2C7911CA5216EE35CD7295A3AC2F6ECA273AF2485D1542A0913DEF47C1D7D8C306EAFE3D983CBB5BD00F2CF1471FBE38682411433EE84FA080C31D7F3C13A9430B4EA65321648A0F2C77F97AC456A19B591195217990DC68831F58EF5B62B10ACFE3271D483845EEB86EAFBC1272110C4892142209B2AF8E2180335C9C907F560B76A00FD38D591E896436E23C734339A56B66DD487CB644160A18FC90CBAA15D4CE7A9FC66C7BB81568F013599694E71662900CE2F943FA429118163D366CF89"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2010-09-22 21:18:38
ComboFix-quarantined-files.txt 2010-09-22 19:18
Vor Suchlauf: 5.128.163.328 Bytes frei
Nach Suchlauf: 5.072.977.920 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 0F5282411D9D869BB268C4BF31CB6A9A
Grüße feuermelder |
|
22.09.2010, 21:01
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojanZitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 21:17
| #9 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Virustotal meldet das: Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.09.22.00 2010.09.22 -
AntiVir 8.2.4.60 2010.09.22 -
Antiy-AVL 2.0.3.7 2010.09.22 -
Authentium 5.2.0.5 2010.09.22 -
Avast 4.8.1351.0 2010.09.22 -
Avast5 5.0.594.0 2010.09.22 -
AVG 9.0.0.851 2010.09.22 -
BitDefender 7.2 2010.09.22 -
CAT-QuickHeal 11.00 2010.09.21 -
ClamAV 0.96.2.0-git 2010.09.22 -
Comodo 6166 2010.09.22 -
DrWeb 5.0.2.03300 2010.09.22 -
Emsisoft 5.0.0.37 2010.09.22 -
eSafe 7.0.17.0 2010.09.21 -
eTrust-Vet 36.1.7871 2010.09.22 -
F-Prot 4.6.2.117 2010.09.22 -
F-Secure 9.0.15370.0 2010.09.22 -
Fortinet 4.1.143.0 2010.09.22 -
GData 21 2010.09.22 -
Ikarus T3.1.1.88.0 2010.09.22 -
Jiangmin 13.0.900 2010.09.21 -
K7AntiVirus 9.63.2582 2010.09.22 -
Kaspersky 7.0.0.125 2010.09.22 -
McAfee 5.400.0.1158 2010.09.22 -
McAfee-GW-Edition 2010.1C 2010.09.22 -
Microsoft 1.6201 2010.09.22 -
NOD32 5471 2010.09.22 -
Norman 6.06.06 2010.09.22 -
nProtect 2010-09-22.02 2010.09.22 -
Panda 10.0.2.7 2010.09.22 -
PCTools 7.0.3.5 2010.09.22 -
Prevx 3.0 2010.09.22 -
Rising 22.66.00.07 2010.09.21 -
Sophos 4.57.0 2010.09.22 -
Sunbelt 6912 2010.09.22 -
SUPERAntiSpyware 4.40.0.1006 2010.09.22 -
Symantec 20101.1.1.7 2010.09.22 -
TheHacker 6.7.0.0.027 2010.09.21 -
TrendMicro 9.120.0.1004 2010.09.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.22 -
VBA32 3.12.14.1 2010.09.22 -
ViRobot 2010.8.31.4017 2010.09.22 -
VirusBuster 12.65.20.1 2010.09.22 -
Additional information
Show all
MD5 : c9d0ed5af7996b3845880f0de7cae67c
SHA1 : 58f86b222aa5fa39dc49f72ad9ff8f125760eaa3
SHA256: afe25a28ce481bceaaa583224d1b11520f9243a900cbfd49ed521c9703d8447b
ssdeep: 3:/lx8p//oNj6n:QRQNGn
File size : 56 bytes
First seen: 2010-09-22 20:06:44
Last seen : 2010-09-22 20:06:44
TrID:
MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
|
|
22.09.2010, 21:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Ich find die Datei sehr verdächtig und bei mickrigen 56 Bytes kann sie eigentlich keine vernünftige Funktion haben. Kannst sie löschen. Bitte danach Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2010, 15:03
| #11 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo, Gmer-Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-24 01:11:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys
---- System - GMER 1.0.15 ----
SSDT 89C08580 ZwAssignProcessToJobObject
SSDT 89C09100 ZwDebugActiveProcess
SSDT 89C08B30 ZwDuplicateObject
SSDT 89C07CC0 ZwOpenProcess
SSDT 89C07FC0 ZwOpenThread
SSDT 89C089C0 ZwProtectVirtualMemory
SSDT 89C08860 ZwSetContextThread
SSDT 89C086E0 ZwSetInformationThread
SSDT 89C05700 ZwSetSecurityObject
SSDT 89C08420 ZwSuspendProcess
SSDT 89C082C0 ZwSuspendThread
SSDT 89C07E50 ZwTerminateProcess
SSDT 89C08150 ZwTerminateThread
SSDT 89C08F50 ZwWriteVirtualMemory
Code \??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9C59ABF]
? C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[892] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x8E 0xBD 0x29 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC7 0x2B 0xB1 0xB1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x62 0x2B 0x08 0xDF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0x11 0x49 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x91 0xD7 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5A 0xF3 0xEB 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB7 0x16 0x05 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF0 0x1B 0x3E 0x8E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x4E 0xC2 0x36 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 3B2C00A74762A1F89A4A9495728923323A7727628EF902060A668ACABA6B6301D84373FC0C36695852B00CD3606FC78B94899C65B857FCD451FE3DDD1D2209F50200A12F1E7E40C526EDED08597C27999BA99BA51B3C62747C6CF0EE806DB392936B0ADC3A238CB4DDD1E83FD070A64E9F8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB345254EC4C8791926AF11C50EA4BD63E00D251FB123311B4C0DF8087C4BB1D67D1C270E8434D6917B320B7314A579AFE53E66817F7C4B3422EE644D4ADBA5C3404B77F5311A9266A976F9CA714AC74A387B4CEDE0B3C627DA889749C62ACC7F27B7F9A85CBFE45B634A913F8138261D5C2E51E26F244B82BFD799D5F8150BEA5D3F2DC4BAA42855C0968E8DF3B22A2718E7DF3B2791D9BC6633B4D8FCFFB630507BB67E58BFB6A6FFB1DEE8BA26BBC8659CE72418C182EFBEEAA9595B5169EF975585B8B6FCA3E37568A781C01CEF9D975043F80419EDDAC9BF38E4DBD1C19A2651CE1637A5F8C2FC5C75F28365367E41B978391CCAAD6EDCA99D208191E4452FD2DA68CF47E2406DCC100B94492D4D2E1DDEB8D0BCB8A0B3E717F081A40D10FCB87D816CD029A200FB9BA4E50BC5905C9F72CFE79A532801E24B8873BB93A9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 539D3ED1966AF8AFA671C2B66CE4F82E44721BCF221C3EB25FA863369F3A29150A834F4FB9B18200B1F5D4CCAFCB70182467E07FB771F6F5A069AA71A15A0CEE08CB09DD027C39AB8C71DD6F704ECF12F804904E5ADF28FB076B9701DABDF644CB9D1720AEA32F97A4368353330473A6C2E9E6266CDA1994453D20A2AF513B4857144646C835DD7EECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3DE69390472A03F2EDB053C3577738BD9B986A3AD0B8125D0D4BED55BAE9EAED7212F37A507A07D7F55AF18E2F47BC606E1722AD135B2297AAE981C02A05540F451E595A6B3B47DF097BD86B0D512A096BDB41BFFEFC5412111A1E5176A7D005665212669595EA394067308411DA4E6B9BE5E6B0701E4222DAABF97BE02E636C22688EE710E37A64BB66419A1B5CDE0D0FAAD7538CF6E7F4A7DEF448ED2E6F35C90E65BFE03965B51B32FC7E5384F14658117C12BA71A4071BE60ED6E3EE3FA3316451DC4F59FD5604F9F49A223481460D76DEE7A4ACBEAC5CEEE95650EA00CD32032FC7E83C7AC2A061606737816F8EC7A8B0663B7A5D0C1813D28C825344A1A7F3029A008E764B9EFE19F584B57EF4296DC4B031610D9FFCE435D30F8AFEDCF333EE02A9B06E9
---- EOF - GMER 1.0.15 ----
OSAM-Log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:55:43 on 24.09.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) "BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Ad-Aware Update (Weekly).job" - "Lavasoft " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ElsaCfg.cpl" - "Volkswagen AG" - C:\WINDOWS\system32\ElsaCfg.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\catchme.sys (File not found) "eamon" (eamon) - "ESET" - C:\WINDOWS\System32\DRIVERS\eamon.sys "ehdrv" (ehdrv) - "ESET" - C:\WINDOWS\System32\DRIVERS\ehdrv.sys "epfwtdir" (epfwtdir) - "ESET" - C:\WINDOWS\System32\DRIVERS\epfwtdir.sys "kxrdqpow" (kxrdqpow) - ? - C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys (Hidden registry entry, rootkit activity | File not found) "mbr" (mbr) - ? - C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Prolific Serial port driver" (Ser2pl) - "Prolific Technology Inc." - C:\WINDOWS\System32\DRIVERS\ser2pl.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys (File not found) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} "WiProtokollHandler Class" - "TODO: <Company name>" - c:\programme\elsawin_322\bin\wiProt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Visio11\VISSHE.DLL "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\shellExt.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Visio11\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll {CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} "TrojanHunter Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll <binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Programme\Orbitdownloader\orbitcth.dll {00C6482D-C502-44C8-8409-FCE54AD9C208} "SnagIt Toolbar Loader" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Maximilian\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "egui" - "ESET" - "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "ELSA Administration Service" (LcSvrAdm) - "Volkswagen AG" - c:\programme\elsawin_322\bin\LcSvrAdm.exe "ELSA Auftragsverwaltungs Service" (LcSvrAuf) - "Volkswagen AG" - c:\programme\elsawin_322\bin\LcSvrAuf.exe "ELSA DBA Server" (LcSvrDba) - "Volkswagen AG" - c:\programme\elsawin_322\bin\LcSvrDba.exe "ELSA Historie Server" (LcSvrHis) - "Volkswagen AG" - c:\programme\elsawin_322\bin\LcSvrHis.exe "ELSA PASS Server" (LcSvrPAS) - "Volkswagen AG" - c:\programme\elsawin_322\bin\LcSvrPas.exe "ELSA Vaudis Service" (VSGate) - "Volkswagen AG" - c:\programme\elsawin_322\bin\VSgate.exe "ESET HTTP Server" (EhttpSrv) - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe "ESET Service" (ekrn) - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Bootkit Remover: Code:
ATTFilter .\debug.cpp(238) : Debug log started at 24.09.2010 - 13:59:19
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x001f9280 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d1000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0b8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba0c8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "PCIIde.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\System32\Drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f2a000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xba671000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f12000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9ef2000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xba118000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9edb000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9ec8000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb9e3b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9e0e000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9df4000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba138000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba148000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb9c95000 0x000f5000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xb9c81000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba478000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb9c5d000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba4a8000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb9c36000 0x00027000 "\SystemRoot\system32\drivers\tifm21.sys"
.\debug.cpp(256) : 0xb9923000 0x00313000 "\SystemRoot\system32\DRIVERS\w29n51.sys"
.\debug.cpp(256) : 0xb98f8000 0x0002b000 "\SystemRoot\system32\DRIVERS\b57xp32.sys"
.\debug.cpp(256) : 0xb98b4000 0x00044000 "\SystemRoot\system32\drivers\camchal.sys"
.\debug.cpp(256) : 0xba158000 0x00009000 "\SystemRoot\system32\drivers\camcaud.sys"
.\debug.cpp(256) : 0xb9890000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba168000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb986d000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xb983a000 0x00033000 "\SystemRoot\system32\DRIVERS\HSFHWICH.sys"
.\debug.cpp(256) : 0xb973c000 0x000fe000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb9690000 0x000ac000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba398000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba3a8000 0x00007000 "\SystemRoot\system32\DRIVERS\nscirda.sys"
.\debug.cpp(256) : 0xba594000 0x00003000 "\SystemRoot\system32\DRIVERS\irenum.sys"
.\debug.cpp(256) : 0xba178000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba3c8000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba3d8000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba188000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba198000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba1a8000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000a000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba5a4000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xba6fc000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba418000 0x00005000 "\SystemRoot\system32\DRIVERS\rasirda.sys"
.\debug.cpp(256) : 0xba428000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xba1c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9db7000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb9679000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba1d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb95a0000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba1f8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba490000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba4a0000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb9570000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba208000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5c2000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb9512000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba548000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba218000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba248000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5cc000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba588000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba5d8000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba740000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5dc000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb14ad000 0x0001d000 "\SystemRoot\system32\DRIVERS\ehdrv.sys"
.\debug.cpp(256) : 0xba598000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba288000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xba358000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xb9dbb000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba370000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5ec000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5f0000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba380000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba390000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb9669000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb13b2000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb1359000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb1331000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb130b000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb9641000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb12f2000 0x00019000 "\SystemRoot\system32\DRIVERS\epfwtdir.sys"
.\debug.cpp(256) : 0xb9631000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb12d0000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb9621000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba3e8000 0x00006000 "\SystemRoot\System32\Drivers\StarOpen.SYS"
.\debug.cpp(256) : 0xb12a5000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb1235000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb9611000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb95f1000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb121d000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba60a000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb13e5000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba4b0000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba698000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0003b000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf04d000 0x0003d000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf08a000 0x00216000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf2a0000 0x0006b000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xaf011000 0x000cc000 "\SystemRoot\system32\DRIVERS\eamon.sys"
.\debug.cpp(256) : 0xaeee3000 0x00016000 "\SystemRoot\system32\DRIVERS\irda.sys"
.\debug.cpp(256) : 0xaf151000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xaed8e000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xaeb84000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xae949000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xae521000 0x00012000 "\SystemRoot\system32\DRIVERS\sr.sys"
.\debug.cpp(256) : 0xba3c0000 0x00008000 "\??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\catchme.sys"
.\debug.cpp(256) : 0xba60c000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0xba448000 0x00006000 "\??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\mbr.sys"
.\debug.cpp(256) : 0xae374000 0x00017000 "\??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CA4D5525-5ED8-4585-B2E2-71DD445B791B}"
.\debug.cpp(400) : Destination "\Device\{CA4D5525-5ED8-4585-B2E2-71DD445B791B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1241&Pid_1177#5&1be0eeac&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5653&SUBSYS_00661025&REV_00#4&266c3fa7&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ehdrv"
.\debug.cpp(400) : Destination "\Device\ehdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTOSHIBA_CD#DVDW_SD-R6472________________TU51____#3531373630313831353820202020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&d253036&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1003#4&28561d4b&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SoftV92 Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&b1bfb68&0&F2#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e517e2c1-55bd-11dc-820a-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CX2IOCTL"
.\debug.cpp(400) : Destination "\Device\CX2IOCTL"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&545c8ea&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F8811F31-C270-455F-86C5-93D7BD2CF7ED}"
.\debug.cpp(400) : Destination "\Device\{F8811F31-C270-455F-86C5-93D7BD2CF7ED}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5A005837-131D-435C-87A5-6C5C1ECF6B34}"
.\debug.cpp(400) : Destination "\Device\{5A005837-131D-435C-87A5-6C5C1ECF6B34}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B248B7DD-CE51-4D4F-B3D6-FB895CE8B6FB}"
.\debug.cpp(400) : Destination "\Device\{B248B7DD-CE51-4D4F-B3D6-FB895CE8B6FB}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266D&SUBSYS_00661025&REV_04#3&b1bfb68&0&F3#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{457FD8B9-E39D-474E-A280-313C8773D0A3}"
.\debug.cpp(400) : Destination "\Device\{457FD8B9-E39D-474E-A280-313C8773D0A3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#NSC6001#5&5c35d8d&0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTOSHIBA_CD#DVDW_SD-R6472________________TU51____#3531373630313831353820202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&16cff1a1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RKSAMPLE0"
.\debug.cpp(400) : Destination "\Device\RKSAMPLE0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1269E4DE-5F2D-4F7A-B8B7-A4184494B5B4}"
.\debug.cpp(400) : Destination "\Device\{1269E4DE-5F2D-4F7A-B8B7-A4184494B5B4}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK8025GAS_______________________KA023A__#5&34163727&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3978dd5d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2D42D172-63EA-46B9-BBA4-C46FC48E7C48}"
.\debug.cpp(400) : Destination "\Device\{2D42D172-63EA-46B9-BBA4-C46FC48E7C48}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) : Destination "\Device\Pcmcia0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B5330C69-D67E-4A01-A982-7004881FB3E1}"
.\debug.cpp(400) : Destination "\Device\{B5330C69-D67E-4A01-A982-7004881FB3E1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#695fa4c09f00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000005f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5A6C9B79-C17C-4654-BD3D-EE159C454D10}"
.\debug.cpp(400) : Destination "\Device\{5A6C9B79-C17C-4654-BD3D-EE159C454D10}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\StarOpen"
.\debug.cpp(400) : Destination "\Device\StarOpen"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_169C&SUBSYS_00661025&REV_03#4&1d3f0fbb&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e517e2c3-55bd-11dc-820a-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4220&SUBSYS_27018086&REV_05#4&1d3f0fbb&0&18F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_00661025&REV_04#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
.\debug.cpp(400) : Destination "\Device\catchme"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_13#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_00661025&REV_04#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28561d4b&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&27eeb4a6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9C623475-FAF8-4E0D-B897-EC7801EDBAE0}"
.\debug.cpp(400) : Destination "\Device\{9C623475-FAF8-4E0D-B897-EC7801EDBAE0}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8033&SUBSYS_00661025&REV_00#4&1d3f0fbb&0&0BF0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266D&SUBSYS_00661025&REV_04#3&b1bfb68&0&F3#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Eamon"
.\debug.cpp(400) : Destination "\Device\Eamon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature980097FOffset7E00Length80E8AE000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CAMCHALSP"
.\debug.cpp(400) : Destination "\Device\CAMCHALServiceProvider"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_00661025&REV_04#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29D2AB55-9157-43F5-AD00-C271CA3F84CE}"
.\debug.cpp(400) : Destination "\Device\{29D2AB55-9157-43F5-AD00-C271CA3F84CE}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&b1bfb68&0&F2#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_00661025&REV_04#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTOSHIBA_CD#DVDW_SD-R6472________________TU51____#3531373630313831353820202020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e517e2c5-55bd-11dc-820a-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1241&Pid_1177#6&25cc0834&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature980097FOffset80E8BDC00LengthA933DA600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&b1bfb68&0&F2#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_00661025&REV_04#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&b1bfb68&0&F2#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8032&SUBSYS_00661025&REV_00#4&1d3f0fbb&0&0AF0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{423DDB41-AA15-4EBC-8AB8-1350E7FF2282}"
.\debug.cpp(400) : Destination "\Device\{423DDB41-AA15-4EBC-8AB8-1350E7FF2282}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_1241&Pid_1177#6&25cc0834&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EpfwRedirector"
.\debug.cpp(400) : Destination "\Device\EpfwRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_IRDAMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kxrdqpow"
.\debug.cpp(400) : Destination "\Device\kxrdqpow"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination "\Device\PROCEXP113"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
Grüße Geändert von feuermelder1 (24.09.2010 um 15:48 Uhr) |
|
25.09.2010, 13:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2010, 18:54
| #13 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo, anbei das Log Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 PCIIde.sys
0xBA328000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xB9F49000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2A000 ftdisk.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F12000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF2000 fltmgr.sys
0xBA118000 PxHelp20.sys
0xB9EDB000 KSecDD.sys
0xB9EC8000 WudfPf.sys
0xB9E3B000 Ntfs.sys
0xB9E0E000 NDIS.sys
0xB9DF4000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9C95000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9C81000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C5D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9C36000 \SystemRoot\system32\drivers\tifm21.sys
0xB9923000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB98F8000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB98B4000 \SystemRoot\system32\drivers\camchal.sys
0xBA158000 \SystemRoot\system32\drivers\camcaud.sys
0xB9890000 \SystemRoot\system32\drivers\portcls.sys
0xBA168000 \SystemRoot\system32\drivers\drmk.sys
0xB986D000 \SystemRoot\system32\drivers\ks.sys
0xB983A000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB973C000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB9690000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA398000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xBA594000 \SystemRoot\system32\DRIVERS\irenum.sys
0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA188000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA6FC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA418000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA428000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA1C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9DB7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9679000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB95A0000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9570000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9512000 \SystemRoot\system32\DRIVERS\update.sys
0xBA548000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA218000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA588000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA740000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Beep.SYS
0xB14AD000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xBA598000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA358000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9DBB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA370000 \SystemRoot\System32\drivers\vga.sys
0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA380000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA390000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9669000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB13B2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1359000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1331000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB130B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9641000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB12F2000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xB9631000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB12D0000 \SystemRoot\System32\drivers\afd.sys
0xB9621000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3E8000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xB12A5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1235000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9611000 \SystemRoot\System32\Drivers\Fips.SYS
0xB95F1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB121D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB13E5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA4B0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA698000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04D000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\ati3duag.dll
0xBF2A0000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF011000 \SystemRoot\system32\DRIVERS\eamon.sys
0xAEEE3000 \SystemRoot\system32\DRIVERS\irda.sys
0xAF151000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAED8E000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA2D8000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEB84000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE949000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE521000 \SystemRoot\system32\DRIVERS\sr.sys
0xBA3C0000 \??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\catchme.sys
0xBA60C000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA448000 \??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\mbr.sys
0xAE374000 \??\C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 29):
0 System Idle Process
4 System
812 C:\WINDOWS\system32\smss.exe
896 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
988 C:\WINDOWS\system32\services.exe
1000 C:\WINDOWS\system32\lsass.exe
1176 C:\WINDOWS\system32\ati2evxx.exe
1200 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1440 C:\WINDOWS\system32\svchost.exe
1536 svchost.exe
1724 C:\WINDOWS\system32\spoolsv.exe
332 C:\WINDOWS\system32\ati2evxx.exe
740 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
828 C:\Programme\Bonjour\mDNSResponder.exe
892 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
1428 C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
1756 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
1892 C:\WINDOWS\system32\svchost.exe
1936 C:\WINDOWS\system32\ctfmon.exe
632 alg.exe
3524 C:\WINDOWS\explorer.exe
3644 C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
2924 C:\Programme\ICQ7.2\ICQ.exe
4060 C:\Programme\Mozilla Firefox\firefox.exe
2752 C:\Programme\Mozilla Firefox\plugin-container.exe
3192 C:\Dokumente und Einstellungen\Maximilian\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`0e8bdc00 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK8025GAS, Rev: KA023A
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
25.09.2010, 20:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2010, 09:51
| #15 |
| | syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo, hat leider erwas länger gedauert..Hier die Logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4704
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.09.2010 22:14:37
mbam-log-2010-09-28 (22-14-37).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 349210
Laufzeit: 3 Stunde(n), 7 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/01/2010 at 07:35 AM
Application Version : 4.43.1000
Core Rules Database Version : 5605
Trace Rules Database Version: 3417
Scan type : Complete Scan
Total Scan Time : 08:12:28
Memory items scanned : 525
Memory threats detected : 0
Registry items scanned : 8914
Registry threats detected : 0
File items scanned : 270128
File threats detected : 5
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Maximilian\Cookies\maximilian@content.yieldmanager[3].txt
C:\Dokumente und Einstellungen\Maximilian\Cookies\maximilian@atwola[1].txt
C:\Dokumente und Einstellungen\Maximilian\Cookies\maximilian@content.yieldmanager[2].txt
C:\Dokumente und Einstellungen\Maximilian\Cookies\maximilian@doubleclick[2].txt
C:\Dokumente und Einstellungen\Maximilian\Cookies\maximilian@ad.yieldmanager[2].txt
|
|
| Themen zu syspck32.exe Win32/Rootkit.Kryptik.AF trojan |
| 0 bytes, 0x00000001, acroiehelper.dll, ad-aware, adobe, alternate, antivirus, bho, bonjour, components, controlset002, defogger, defogger_disable.log, desktop, downloader, einstellungen, ekrn.exe, email, eset nod32, extras.txt, firefox, firefox.exe, flash player, hijack, hijackthis, jusched.exe, load.exe, location, logfile, maßnahme, mmc.exe, mozilla, mozilla thunderbird, national, netzwerk, ntdll.dll, oldtimer, otl.txt, picasa, plug-in, registry, required, rundll, saver, scan, searchplugins, shell32.dll, skype.exe, software, starten, super, system, system restore, temp, trojan, udp, vlc media player, windows internet, windows internet explorer |
Linear-Darstellung
