| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2010, 16:48
| #1 | |
 |  Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Hey! Ich werde seit einiger Zeit immer mal wieder auf andere Suchseiten weitergeleitet. Laut einiger Google-Ergebnisse scheint das zwar keine allzu schädliche Sache zu sein, aber man kann ja nie wissen. Hab jetzt mal Malware-Bytes und OTL laufen lassen, Malware-Bytes ließ sich auch erst starten, nachdem ich die exe-Datei umbenannt hatte. Freu mich über Hilfe und weiß, dass ich sie hier bekomme! Dafür schonmal Danke im Vorraus. OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.10.2010 17:26:18 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,00 Mb Total Physical Memory | 426,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 81,07 Gb Total Space | 13,50 Gb Free Space | 16,65% Space Free | Partition Type: NTFS Drive D: | 26,81 Gb Total Space | 0,50 Gb Free Space | 1,85% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) PRC - C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.) PRC - C:\WINDOWS\system32\acs.exe (Atheros) PRC - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\System Control Manager\edd.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (EpsonBidirectionalService) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe () ========== Driver Services (SafeList) ========== DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (catchme) -- C:\DOKUME~1\****\LOKALE~1\Temp\catchme.sys File not found DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SSHDRV51) -- C:\WINDOWS\system32\drivers\SSHDRV51.sys () DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (Ftdisk) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys () DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTSTOR) -- C:\WINDOWS\system32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (MGHwCtrl) -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys (Windows (R) 2000 DDK provider) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.7 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.23 14:51:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.22 15:43:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.10.21 11:23:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.03.11 09:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2010.03.11 09:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.24 14:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions [2010.10.13 10:22:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.09.12 17:04:08 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010.05.02 09:28:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.07 20:10:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.08.12 18:01:28 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.01.05 14:23:34 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Dokumente und Einstellungen\****n\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7} [2010.10.23 22:07:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.24 13:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.22 11:31:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\****n\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.11 22:04:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.04.21 21:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\firegestures@xuldev.org [2010.08.31 19:43:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\foxyproxy@eric.h.jung [2010.09.17 18:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\tabscope@xuldev.org [2010.10.24 14:27:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.15 20:29:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.12 12:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.13 19:29:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.10.12 22:24:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.12 22:24:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.12 22:24:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.12 22:24:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.12 22:24:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.23 21:53:31 | 000,000,547 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 pagead.googlesyndication.com O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com O1 - Hosts: 127.0.0.1 adservices.google.com O1 - Hosts: 127.0.0.1 video-stats.video.google.com O1 - Hosts: 127.0.0.1 ssl.google-analytics.com O1 - Hosts: 127.0.0.1 www.google-analytics.com O1 - Hosts: 127.0.0.1 google-analytics.com O1 - Hosts: 127.0.0.1 4.afs.googleadservices.com O1 - Hosts: 127.0.0.1 imageads.googleadservices.com O1 - Hosts: 127.0.0.1 partner.googleadservices.com O1 - Hosts: 127.0.0.1 www.googleadservices.com O1 - Hosts: 127.0.0.1 apps5.oingo.com O1 - Hosts: 127.0.0.1 www.appliedsemantics.com O1 - Hosts: 127.0.0.1 service.urchin.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Steffen\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247396321396 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Notebook-2.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Notebook-2.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.30 17:21:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.24 17:17:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.10.23 16:41:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.10.23 15:16:16 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.10.23 15:13:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.10.23 15:13:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.10.23 15:13:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.10.23 15:13:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.10.23 15:12:50 | 000,000,000 | ---D | C] -- C:\cf [2010.10.22 17:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.10.22 17:10:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.10.22 15:35:53 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2010.10.17 16:05:52 | 000,000,000 | ---D | C] -- C:\stocki DDF [2010.10.13 19:29:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.10.13 19:29:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.10.13 19:29:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.10.12 12:01:40 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.10.12 12:01:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.10.12 11:51:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Steffen\j2mewtk [2010.10.12 11:48:40 | 000,000,000 | ---D | C] -- C:\WTK2.5.2_01 [2010.10.11 22:22:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\LG Stuff [2010.10.10 23:05:19 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2010.10.10 23:03:16 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll [2010.10.10 23:03:16 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2010.10.10 23:03:16 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys [2010.10.10 23:03:16 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys [2010.10.10 23:03:15 | 000,019,712 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys [2010.10.10 23:03:13 | 000,042,752 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motodrv.sys [2010.10.10 23:03:13 | 000,015,616 | ---- | C] (Motorola) -- C:\WINDOWS\System32\mot_ci.dll [2010.10.10 23:02:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Motorola Shared [2010.10.10 23:02:04 | 000,000,000 | ---D | C] -- C:\Programme\Motorola [2010.10.07 12:47:41 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.07 12:47:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.07 12:41:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.07 12:37:49 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.10.04 10:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\Allgemeinmedizin [2010.10.03 18:58:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\bootkit_remover [2010.10.03 18:55:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\TFC.exe [2010.09.30 19:06:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.09.30 19:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2009.08.05 14:38:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Steffen\Anwendungsdaten\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2010.10.24 17:22:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.24 17:18:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.10.24 14:11:55 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.24 14:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.24 14:11:36 | 804,638,720 | -HS- | M] () -- C:\hiberfil.sys [2010.10.24 01:25:33 | 000,001,469 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2010.10.23 21:55:18 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.10.23 21:53:31 | 000,000,547 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.10.23 17:04:34 | 004,067,456 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\My Chemical Romance- 'Na Na Na' Lyric Video.mp3 [2010.10.23 17:00:47 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\DVDVideoSoft Free Studio.lnk [2010.10.23 15:16:26 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2010.10.23 15:08:25 | 003,884,040 | R--- | M] () -- C:\Dokumente und Einstellungen\****n\Desktop\cf.exe [2010.10.22 16:19:08 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.22 15:43:24 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.21 11:57:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.10.19 20:27:14 | 000,002,559 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word 2007.lnk [2010.10.16 15:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010.10.16 15:13:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2010.10.13 19:21:57 | 002,157,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 14:27:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.10 23:05:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2010.10.10 23:05:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2010.10.10 23:05:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2010.10.10 23:05:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010.10.10 22:15:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.07 12:48:49 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.07 12:41:46 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.10.06 18:39:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.10.04 15:23:16 | 000,129,024 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\zweiter Brief.doc [2010.10.04 13:15:35 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.04 13:15:35 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.04 13:15:35 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.04 13:15:35 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.03 18:55:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffen\Desktop\TFC.exe [2010.10.03 17:02:20 | 000,000,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Steffen\Desktop\Spybot - Search & Destroy.lnk ========== Files Created - No Company Name ========== [2010.10.24 01:25:33 | 000,001,469 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2010.10.23 17:04:03 | 004,067,456 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\My Chemical Romance- 'Na Na Na' Lyric Video.mp3 [2010.10.23 15:16:25 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010.10.23 15:16:19 | 000,262,448 | RHS- | C] () -- C:\cmldr [2010.10.23 15:13:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.10.23 15:13:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.10.23 15:13:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.10.23 15:13:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.10.23 15:13:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.10.23 15:07:50 | 003,884,040 | R--- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\cf.exe [2010.10.22 15:43:24 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.22 15:36:12 | 000,002,163 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.10.12 12:43:11 | 000,022,486 | ---- | C] () -- C:\WINDOWS\System32\msu.ico [2010.10.10 23:05:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2010.10.10 23:05:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2010.10.10 23:05:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2010.10.10 23:05:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010.10.07 12:48:49 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.07 12:41:46 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.10.04 14:18:15 | 000,129,024 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\zweiter Brief.doc [2010.09.30 18:31:12 | 000,000,898 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Spybot - Search & Destroy.lnk [2010.08.15 23:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2010.08.13 14:58:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.07.25 16:43:56 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.04.01 12:26:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.01.07 23:50:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.01.07 23:39:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\VbVfw.dll [2010.01.04 18:15:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.01.04 18:15:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.01.04 18:15:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.12.06 13:30:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HiRezTimer.dll [2009.12.06 13:29:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\autostart.INI [2009.10.11 19:19:19 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV51.sys [2009.10.09 18:56:25 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.10.09 18:40:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.10.09 18:40:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.10.09 18:40:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.10.09 18:40:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.10.09 18:40:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.10.09 18:40:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.10.09 18:40:10 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll [2009.09.28 20:15:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI [2009.08.05 14:38:40 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen****\Anwendungsdaten\pcouffin.log [2009.08.05 14:38:34 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\pcouffin.cat [2009.08.05 14:38:34 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\pcouffin.inf [2009.07.17 17:55:41 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.07.15 16:40:05 | 000,001,208 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.07.13 14:27:52 | 000,171,008 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.04.30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.07.01 12:42:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.07.01 10:53:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll [2008.07.01 10:53:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll [2008.07.01 10:53:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll [2008.07.01 02:07:26 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.06.30 18:14:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001.08.18 06:32:48 | 000,126,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys < End of report > OTL Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.10.2010 17:26:18 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
767,00 Mb Total Physical Memory | 426,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 81,07 Gb Total Space | 13,50 Gb Free Space | 16,65% Space Free | Partition Type: NTFS
Drive D: | 26,81 Gb Total Space | 0,50 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- File not found
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\LECTURNITY Player\jre5\bin\javaw.exe" = C:\Programme\LECTURNITY Player\jre5\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Defcon\defcon.exe" = C:\Programme\Defcon\defcon.exe:*:Enabled:Defcon -- (Introversion Software)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004c8b79-71ba-45fa-8b7d-453ea2051ebc}" = Nero 9 Essentials
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D650EE5-E47B-BA0A-6F56-3895AFD2F0EF}" = CCC Help German
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DEEDD4A-4951-7E42-B2A5-64B30BD17F9B}" = Catalyst Control Center Localization Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2AF22683-EEA6-05B4-46E0-E008147D20C4}" = CCC Help Swedish
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F93A07F-20AE-7CC2-0251-9C97819BD253}" = CCC Help Spanish
"{30AB57A9-A5F1-6A50-E432-21BAD70D62D9}" = Catalyst Control Center Localization Dutch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{358E61A2-E90F-5574-A377-DA821E35375A}" = Catalyst Control Center Localization Chinese Traditional
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F4C1B48-4B42-DCFE-2719-F8118E74DE8A}" = ccc-core-preinstall
"{40DF3CFA-9D89-0C7D-6047-D74AD16A4A48}" = Catalyst Control Center Graphics Full New
"{420ACB06-2DC4-97F8-966B-AFED848E2E6F}" = Catalyst Control Center Localization German
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA99E26-77AD-167E-DD43-9D59B6F744FC}" = Catalyst Control Center Graphics Light
"{4D087C14-53DC-D6D1-469C-5CEAD9A3804B}" = Catalyst Control Center Localization Portuguese
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{524B6A1A-EB2B-EBAA-5B5A-D1B40BF599C9}" = ccc-core-static
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{575CF66D-33DC-EA79-9B37-56DEC3C52D4E}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8BF8D9F2-9F3B-CFA6-4237-40D863CF7599}" = CCC Help Dutch
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B3A12-1392-4BCF-A0B5-49AAC2E2EA5D}" = LECTURNITY Player
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD38124-F32B-A748-7C42-ECAEE07ADFE8}" = Skins
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACB4DCB9-8E9B-745D-ADBA-A50143FBC1D7}" = CCC Help French
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3068F0E-0A8A-7032-5CE7-A479E1F56A0E}" = Catalyst Control Center Localization Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4EB9A7-D5CB-2F01-A2F4-8DB8E92C1D53}" = CCC Help Japanese
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEE024D-E018-A7D9-04EF-3F2E9946D849}" = Catalyst Control Center Core Implementation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4A4D11E-2E64-3620-0393-8079C9C027DF}" = ccc-utility
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA66D45-941B-59AC-04EB-12F9E4942B94}" = CCC Help Italian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D9322FD4-232A-614C-FAD9-5829B421CF4C}" = Catalyst Control Center Graphics Full Existing
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DBAD0B84-DF22-FE97-B41F-1B1778315D2B}" = Catalyst Control Center Localization Swedish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF2AC446-3A11-F7C9-76DD-5D260EB4D2A4}" = CCC Help Chinese Standard
"{E1227219-86AD-BA6A-C50A-995747932BB2}" = CCC Help Chinese Traditional
"{E38412ED-26B2-95BC-0A5D-B30511A146A4}" = Catalyst Control Center Localization French
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E6670C-985B-D0D6-D1A1-785C2DD6F0BA}" = Catalyst Control Center Localization Chinese Standard
"{E61F7F56-8DD0-40C4-0ECD-66EF0C82529E}" = CCC Help English
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA65B826-D053-3223-3AB4-EE9F2BECA9A0}" = CCC Help Korean
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E08F06-E1DF-AB36-E0A2-0F1B9F23BA99}" = Catalyst Control Center Localization Japanese
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F475E083-438B-B5ED-6FA6-CF6FDB41869C}" = Catalyst Control Center Localization Spanish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"8461-7759-5462-8226" = Vuze
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows-Treiberpaket - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CloneDVD2" = CloneDVD2
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Defcon_is1" = Defcon
"Diablo II" = Diablo II
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
"DVDFab 6_is1" = DVDFab 6.0.6.0 (04/09/2009)
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch
"F1811BEDC636C93D52CA1ED976CAE92140B204C5" = Windows Driver Package - Bluetooth Dongle Maker Bluetooth (10/17/2002 5.1.2535.0)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"FreeDoko" = FreeDoko 0.7.7
"Guitar Pro 5_is1" = Guitar Pro 5.0
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Interaktiver Gitarren Workshop_is1" = Interaktiver Gitarren Workshop v1
"ips XP_is1" = ips XP 1.11.2600
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nettalk_is1" = Nettalk 6.6
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"Runic Games Torchlight" = Torchlight
"Spesoft Audio Converter_is1" = Spesoft Audio Converter 1.90
"ST4UNST #1" = Peck's Power Join
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.3
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2010 09:19:44 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.10.2010 09:19:45 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.10.2010 09:19:45 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.10.2010 09:19:45 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.10.2010 09:19:46 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 23.10.2010 09:19:46 | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 24.10.2010 02:57:52 | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = 276: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24.10.2010 03:06:34 | Computer Name = LAPTOP | Source = MBAMService | ID = 131073
Description =
Error - 24.10.2010 11:22:12 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.17.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.10.2010 11:25:42 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.17.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 23.10.2010 09:22:03 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 23.10.2010 09:22:03 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 23.10.2010 09:22:40 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.10.2010 09:23:57 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = Dienst "SCM Driver Daemon" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.10.2010 02:33:21 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 24.10.2010 02:33:21 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 24.10.2010 08:12:03 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 24.10.2010 08:12:03 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 24.10.2010 10:56:52 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 24.10.2010 11:01:36 | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
< End of report >
Malware-Log: Zitat:
|
|
24.10.2010, 20:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten.
__________________
__________________ |
|
24.10.2010, 21:32
| #3 | |||
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Moin!
__________________Danke für die schnelle Antwort!  Gibt noch ein paar alte Logs: Zitat:
Zitat:
Zitat:
|
|
25.10.2010, 08:58
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.)Zitat:
Poste bitte das Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 12:57
| #5 |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Moin! Hatte selbst ausgeführt, war etwas übereifrig... Hab mir dann die Mühe gemacht, mal durchzulesen, wie's hier richtig abläuft und die anderen Scans gemacht... also jetzt alles schön der Reihe nach gemacht  Hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-22.05 - **** 23.10.2010 15:24:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.767.378 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\cf.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\****\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\****\Favoriten\Games.url
C:\Install.exe
c:\programme\Internet Explorer\SET132.tmp
c:\programme\Internet Explorer\SET133.tmp
c:\programme\Internet Explorer\SET3C.tmp
c:\programme\Internet Explorer\SET3D.tmp
c:\programme\Internet Explorer\SET8E.tmp
c:\programme\Internet Explorer\SET8F.tmp
c:\programme\Internet Explorer\SETDD.tmp
c:\programme\Internet Explorer\SETDE.tmp
c:\windows\system32\DRIVERS\ftdisk.sys . . . ist infiziert!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-23 bis 2010-10-23 ))))))))))))))))))))))))))))))
.
2010-10-22 13:42 . 2010-10-12 22:02 912344 ----a-w- c:\programme\Mozilla Firefox\firefox.exe
2010-10-22 13:42 . 2010-10-12 22:02 719832 ----a-w- c:\programme\Mozilla Firefox\mozcrt19.dll
2010-10-22 13:42 . 2010-10-12 22:02 719832 ----a-w- c:\programme\Mozilla Firefox\mozcpp19.dll
2010-10-22 13:42 . 2010-10-12 22:02 646104 ----a-w- c:\programme\Mozilla Firefox\nss3.dll
2010-10-22 13:42 . 2010-10-12 22:02 343000 ----a-w- c:\programme\Mozilla Firefox\nssckbi.dll
2010-10-22 13:42 . 2010-10-12 22:02 203736 ----a-w- c:\programme\Mozilla Firefox\nspr4.dll
2010-10-22 13:42 . 2010-10-12 22:02 19416 ----a-w- c:\programme\Mozilla Firefox\AccessibleMarshal.dll
2010-10-22 13:42 . 2010-10-12 22:02 107480 ----a-w- c:\programme\Mozilla Firefox\crashreporter.exe
2010-10-22 13:42 . 2010-10-12 22:02 1018328 ----a-w- c:\programme\Mozilla Firefox\js3250.dll
2010-10-22 13:42 . 2010-10-12 19:18 249856 ----a-w- c:\programme\Mozilla Firefox\freebl3.dll
2010-10-22 13:35 . 2010-10-22 13:36 -------- d-----w- c:\programme\Safari
2010-10-17 14:05 . 2010-10-17 14:11 -------- d-----w- C:\stocki DDF
2010-10-12 10:01 . 2010-10-12 10:01 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-10-12 10:01 . 2010-09-15 00:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-12 09:51 . 2010-10-12 09:51 -------- d-----w- c:\dokumente und einstellungen\Steffen\j2mewtk
2010-10-12 09:48 . 2010-10-12 10:42 -------- d-----w- C:\WTK2.5.2_01
2010-10-10 21:05 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-10 21:03 . 2009-10-27 10:02 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys
2010-10-10 21:03 . 2009-01-29 15:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2010-10-10 21:03 . 2008-03-27 15:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-10-10 21:03 . 2007-11-02 13:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2010-10-10 21:03 . 2009-06-19 14:59 19712 ----a-w- c:\windows\system32\drivers\motccgp.sys
2010-10-10 21:03 . 2009-12-21 12:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2010-10-10 21:03 . 2009-05-08 09:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2010-10-10 21:02 . 2010-10-12 10:43 -------- d-----w- c:\programme\Gemeinsame Dateien\Motorola Shared
2010-10-10 21:02 . 2010-10-10 21:02 -------- d-----w- c:\programme\Motorola
2010-10-07 10:47 . 2010-10-07 10:47 -------- d-----w- c:\programme\iPod
2010-10-07 10:47 . 2010-10-07 10:48 -------- d-----w- c:\programme\iTunes
2010-10-07 10:37 . 2010-10-07 10:37 -------- d-----w- c:\programme\Bonjour
2010-09-30 17:06 . 2010-09-30 17:06 -------- d-----w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
2010-09-30 17:05 . 2010-10-02 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-09-24 11:58 . 2010-09-24 11:58 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-09-24 11:58 . 2010-09-24 11:58 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-09-24 11:58 . 2010-09-24 11:58 -------- d-----w- c:\programme\DVDVideoSoft
2010-09-23 19:46 . 2010-09-23 19:47 -------- d-----w- c:\programme\Defcon
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:22 . 2008-07-01 00:07 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2008-07-01 00:07 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2008-07-01 00:07 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2008-07-01 00:07 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-05-02 07:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 05:47 . 2008-07-01 00:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2008-07-01 00:07 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2008-07-01 00:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:50 . 2008-07-01 00:06 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2008-07-01 00:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2008-07-01 00:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-07-01 00:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-07-01 00:07 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2008-07-01 00:06 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-07-01 00:07 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-07-01 00:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-08-22 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 16858624]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"MGSysCtrl"="c:\programme\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-30 89541]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ACU"="c:\programme\Atheros\ACU.exe" [2007-05-03 376921]
"EEventManager"="c:\programme\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"WinampAgent"=c:\programme\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\LECTURNITY Player\\jre5\\bin\\javaw.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Vuze\\Azureus.exe"=
"c:\\Programme\\Defcon\\defcon.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 SSHDRV51;SSHDRV51;c:\windows\system32\drivers\SSHDRV51.sys [11.10.2009 19:19 21504]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.05.2009 17:07 759048]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2009 13:10 108289]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [01.07.2008 10:53 9088]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.01.2010 20:01 135664]
S2 NishService;SCM Driver Daemon;c:\programme\System Control Manager\edd.exe [01.07.2008 10:53 40960]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10.10.2010 23:03 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10.10.2010 23:03 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10.10.2010 23:03 42752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.11.2009 18:43 691696]
.
Inhalt des "geplante Tasks" Ordners
2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 18:01]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 18:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\dokumente und einstellungen\Steffen\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-AdobeBridge - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://****.gmer.net
Rootkit scan 2010-10-23 15:35
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\dokume~1\****\LOKALE~1\Temp\RGI6.tmp 7116 bytes
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://*****.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8309DEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75a0f28
\Driver\ACPI -> ACPI.sys @ 0xf7432cb8
\Driver\atapi -> atapi.sys @ 0xf73ea852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72f6bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72e5a0d
SendHandler -> NDIS.sys @ 0xf72f9b40
user & kernel MBR OK
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1188)
c:\windows\system32\Ati2evxx.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2010-10-23 15:41:31
ComboFix-quarantined-files.txt 2010-10-23 13:41
Vor Suchlauf: 13 Verzeichnis(se), 14.827.077.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 14.830.915.584 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 2BE5152C03FECD64D84F410841EA4F29
|
|
25.10.2010, 17:42
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Eine Systemdatei bei Dir ist infiziert. Lad Dir mal bitte eine saubere Kopie dieser von hier runter direkt auf c: (kein Unterzeichnis) => File-Upload.net - ftdisk.sys Danach gehts so weiter: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter FCopy::
c:\ftdisk.sys | c:\windows\system32\DRIVERS\ftdisk.sys
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) |
|
25.10.2010, 18:26
| #7 |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Moin! Danke für die Hilfe... hier die neue Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-24.06 - Steffen 25.10.2010 19:03:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.767.376 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\cf.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\****\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\DRIVERS\ftdisk.sys . . . ist infiziert!! . . . Failed to find a valid replacement.
.
--------------- FCopy ---------------
c:\ftdisk.sys --> c:\windows\system32\DRIVERS\ftdisk.sys
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 ))))))))))))))))))))))))))))))
.
2010-10-25 16:45 . 2010-10-25 16:45 126336 ------w- C:\ftdisk.sys
2010-10-23 13:12 . 2010-10-23 13:41 -------- d-----w- C:\cf
2010-10-22 13:42 . 2010-10-12 22:02 912344 ----a-w- c:\programme\Mozilla Firefox\firefox.exe
2010-10-22 13:42 . 2010-10-12 22:02 719832 ----a-w- c:\programme\Mozilla Firefox\mozcrt19.dll
2010-10-22 13:42 . 2010-10-12 22:02 719832 ----a-w- c:\programme\Mozilla Firefox\mozcpp19.dll
2010-10-22 13:42 . 2010-10-12 22:02 646104 ----a-w- c:\programme\Mozilla Firefox\nss3.dll
2010-10-22 13:42 . 2010-10-12 22:02 343000 ----a-w- c:\programme\Mozilla Firefox\nssckbi.dll
2010-10-22 13:42 . 2010-10-12 22:02 203736 ----a-w- c:\programme\Mozilla Firefox\nspr4.dll
2010-10-22 13:42 . 2010-10-12 22:02 19416 ----a-w- c:\programme\Mozilla Firefox\AccessibleMarshal.dll
2010-10-22 13:42 . 2010-10-12 22:02 107480 ----a-w- c:\programme\Mozilla Firefox\crashreporter.exe
2010-10-22 13:42 . 2010-10-12 22:02 1018328 ----a-w- c:\programme\Mozilla Firefox\js3250.dll
2010-10-22 13:42 . 2010-10-12 19:18 249856 ----a-w- c:\programme\Mozilla Firefox\freebl3.dll
2010-10-22 13:35 . 2010-10-22 13:36 -------- d-----w- c:\programme\Safari
2010-10-17 14:05 . 2010-10-17 14:11 -------- d-----w- C:\stocki DDF
2010-10-12 10:01 . 2010-10-12 10:01 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-10-12 10:01 . 2010-09-15 00:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-12 09:51 . 2010-10-12 09:51 -------- d-----w- c:\dokumente und einstellungen\****\j2mewtk
2010-10-12 09:48 . 2010-10-12 10:42 -------- d-----w- C:\WTK2.5.2_01
2010-10-10 21:05 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-10 21:03 . 2009-10-27 10:02 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys
2010-10-10 21:03 . 2009-01-29 15:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2010-10-10 21:03 . 2008-03-27 15:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-10-10 21:03 . 2007-11-02 13:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2010-10-10 21:03 . 2009-06-19 14:59 19712 ----a-w- c:\windows\system32\drivers\motccgp.sys
2010-10-10 21:03 . 2009-12-21 12:42 15616 ----a-w- c:\windows\system32\mot_ci.dll
2010-10-10 21:03 . 2009-05-08 09:56 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2010-10-10 21:02 . 2010-10-12 10:43 -------- d-----w- c:\programme\Gemeinsame Dateien\Motorola Shared
2010-10-10 21:02 . 2010-10-10 21:02 -------- d-----w- c:\programme\Motorola
2010-10-07 10:47 . 2010-10-07 10:47 -------- d-----w- c:\programme\iPod
2010-10-07 10:47 . 2010-10-07 10:48 -------- d-----w- c:\programme\iTunes
2010-10-07 10:37 . 2010-10-07 10:37 -------- d-----w- c:\programme\Bonjour
2010-09-30 17:06 . 2010-09-30 17:06 -------- d-----w- c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
2010-09-30 17:05 . 2010-10-02 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 16:45 . 2001-08-18 04:32 126336 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-09-18 10:22 . 2008-07-01 00:07 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2008-07-01 00:07 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2008-07-01 00:07 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2008-07-01 00:07 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-05-02 07:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 05:47 . 2008-07-01 00:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2008-07-01 00:07 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2008-07-01 00:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:50 . 2008-07-01 00:06 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2008-07-01 00:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2008-07-01 00:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-07-01 00:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-07-01 00:07 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2008-07-01 00:06 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-07-01 00:07 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-07-01 00:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-23_13.35.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-25 16:59 . 2010-10-25 16:59 16384 c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2001-08-18 04:32 . 2010-10-25 16:45 126336 c:\windows\system32\dllcache\ftdisk.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-08-22 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 16858624]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"MGSysCtrl"="c:\programme\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-30 89541]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ACU"="c:\programme\Atheros\ACU.exe" [2007-05-03 376921]
"EEventManager"="c:\programme\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"WinampAgent"=c:\programme\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\LECTURNITY Player\\jre5\\bin\\javaw.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Vuze\\Azureus.exe"=
"c:\\Programme\\Defcon\\defcon.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 SSHDRV51;SSHDRV51;c:\windows\system32\drivers\SSHDRV51.sys [11.10.2009 19:19 21504]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14.05.2009 17:07 759048]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2009 13:10 108289]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [01.07.2008 10:53 9088]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.01.2010 20:01 135664]
S2 NishService;SCM Driver Daemon;c:\programme\System Control Manager\edd.exe [01.07.2008 10:53 40960]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10.10.2010 23:03 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10.10.2010 23:03 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [10.10.2010 23:03 42752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.11.2009 18:43 691696]
.
Inhalt des "geplante Tasks" Ordners
2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 18:01]
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-29 18:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\t2lys3tg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-25 19:13
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8309DEC5]<<
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8317BAB8]
2 ntkrnlpa[0x804EF1A6] -> CLASSPNP.SYS[0xF759CFD7] -> \Device\Harddisk0\DR0[0x8317BAB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000075[0x831C89E8]
4 ntkrnlpa[0x804EF1A6] -> ACPI.sys[0xF7432620] -> \Device\00000075[0x831C89E8]
5 ACPI[0xF7432620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x831C7940]
[0x8307A290] -> IRP_MJ_CREATE -> 0x8309DEC5
6 ntkrnlpa[0x804EF1A6] -> UNKNOWN[0x8309DEC8] -> [0x831C7940]
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213J__#5&33031358&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xf75a0f28
\Driver\ACPI -> ACPI.sys @ 0xf7432cb8
\Driver\atapi DriverStartIo -> 0x8309DAEA
\Driver\atapi -> atapi.sys @ 0xf73ea852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72f6bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72e5a0d
SendHandler -> NDIS.sys @ 0xf72f9b40
user & kernel MBR OK
sectors 234441392 (+254): user != kernel
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1188)
c:\windows\system32\Ati2evxx.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2010-10-25 19:19:47
ComboFix-quarantined-files.txt 2010-10-25 17:19
ComboFix2.txt 2010-10-23 13:41
Vor Suchlauf: 15 Verzeichnis(se), 14.424.293.376 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 14.440.800.256 Bytes frei
- - End Of File - - FDB0AE121F9509206C49CD444D3A2337
|
|
25.10.2010, 19:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 23:23
| #9 | |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Hier die geforderten Logs: GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-26 00:05:28
Windows 5.1.2600 Service Pack 3
Running: pg3gbhle.exe; Driver: C:\DOKUME~1\****\LOKALE~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT A5A78CD6 ZwCreateKey
SSDT A5A78CCC ZwCreateThread
SSDT A5A78CDB ZwDeleteKey
SSDT A5A78CE5 ZwDeleteValueKey
SSDT A5A78CEA ZwLoadKey
SSDT A5A78CB8 ZwOpenProcess
SSDT A5A78CBD ZwOpenThread
SSDT A5A78CF4 ZwReplaceKey
SSDT A5A78CEF ZwRestoreKey
SSDT A5A78CE0 ZwSetValueKey
SSDT A5A78CC7 ZwTerminateProcess
Code \??\C:\DOKUME~1\****\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D6C 80504608 4 Bytes JMP F8A5A78C
.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xF7418314]
? C:\DOKUME~1\****\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\****\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8309DAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8309DAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8309DAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8309DAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 8309DAEA
Device \FileSystem\Fastfat \Fat A0E0FD20
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213J__#5&33031358&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d921b8c88
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x7A 0x22 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x8B 0xB8 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0x16 0x73 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d921b8c88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x7A 0x22 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x8B 0xB8 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0x16 0x73 0xAB ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 234441392 (+254): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\bella.jpg 271109 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\dfdf.jpg 168335 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\dsc00607.jpg 2304892 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\Thumbs.db 12800 bytes
File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:17:48 on 26.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\****\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MGHwCtrl" (MGHwCtrl) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\MGHwCtrl.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SSHDRV51" (SSHDRV51) - ? - C:\WINDOWS\system32\drivers\SSHDRV51.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Treiber für Volume-Manager" (Ftdisk) - ? - C:\WINDOWS\System32\DRIVERS\ftdisk.sys (File found, but it contains no detailed information) "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} "Sprint.ExplorerIntegration.9" - "ABBYY" - C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4 "OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACU" - "Atheros Communications, Inc." - C:\Programme\Atheros\ACU.exe -nogui "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\Event Manager\EEventManager.exe" "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "MGSysCtrl" - "MSI" - C:\Programme\System Control Manager\MGSysCtrl.exe "OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll "Atheros Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\enppmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Atheros-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "SCM Driver Daemon" (NishService) - ? - C:\Programme\System Control Manager\edd.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] MBRCheck: Zitat:
|
|
27.10.2010, 10:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Anscheinend ist da noch das TDSS-Rootkit aktiv. Geh mal bitte zuerst nur mit dem Tdss-Killer von Kaspersky rüber und poste das Log => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2010, 12:16
| #11 | |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Moin! Hier die angeforderte Log-Datei: Zitat:
|
|
27.10.2010, 14:07
| #12 | |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) eben kam noch folgende Meldung von Antivir: Zitat:
|
|
27.10.2010, 17:17
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Der TDSS-Killer von Kaspersky hat die ftdisk als TDSS erkannt Wurde der Rechner danach neu gestartet? Mach bitte mal ein neues Log mit GMER und dem TDSS-Killer
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2010, 06:44
| #14 | |
| | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) und weiter geht's: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-28 07:28:01
Windows 5.1.2600 Service Pack 3
Running: pg3gbhle.exe; Driver: C:\DOKUME~1\****\LOKALE~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT F7C300C6 ZwCreateKey
SSDT F7C300BC ZwCreateThread
SSDT F7C300CB ZwDeleteKey
SSDT F7C300D5 ZwDeleteValueKey
SSDT F7C300DA ZwLoadKey
SSDT F7C300A8 ZwOpenProcess
SSDT F7C300AD ZwOpenThread
SSDT F7C300E4 ZwReplaceKey
SSDT F7C300DF ZwRestoreKey
SSDT F7C300D0 ZwSetValueKey
SSDT F7C300B7 ZwTerminateProcess
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01032F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01032C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01032CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01032CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01792F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01792C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01792CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01792CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d921b8c88
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x7A 0x22 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x8B 0xB8 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0x16 0x73 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d921b8c88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x7A 0x22 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x8B 0xB8 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0x16 0x73 0xAB ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\bella.jpg 271109 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\dfdf.jpg 168335 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\dsc00607.jpg 2304892 bytes
File C:\WINDOWS\psst\ReceivedFiles\431330427 hanni..\Thumbs.db 12800 bytes
---- EOF - GMER 1.0.15 ----
Zitat:
|
|
28.10.2010, 12:57
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Weiterleitung von Google auf andere Suchseiten (K-Directory und Co.) |
| 0x00000001, ad-aware, adblock, antivir, audiograbber, avgntflt.sys, avira, bho, bonjour, components, converter, decrypter, error, excel, exe-datei, fehler, firefox, firefox.exe, flash player, google, helper, home, installation, jdownloader, jusched.exe, location, logfile, lws.exe, microsoft office word, mozilla, mozilla thunderbird, mp3, nodrives, office 2007, oldtimer, olympus, otl.exe, plug-in, realtek, registry, safer networking, saver, scan, searchplugins, security, security update, shell32.dll, software, sptd.sys, starten, super, system restore, usb 2.0, vlc media player, windows internet |
Linear-Darstellung
