| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.10.2010, 23:04
| #1 |
 |  Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden Hallo, ich habe seit einiger Zeit das Problem, dass sich Seiten im Browser von alleine öffnen. Es sind jedesmal andere Seiten und in der Eingabeleiste wechselt die Adresse mehrere mal bis sich dann eine öffnet. Außerdem hab ich seit kurzem das Problem, dass wenn ich den Pc anschalte und auf meinen Benutzer drücke, es anfängt zu laden, dann aber der Bildschirm schwarz wird. Dann kann ich nur noch über den Taskmanager neu starten. Und wenn ich einen Browser öffnen will kommt manchmal nur kurz die Sanduhr aber es passiert nichts. Wenn ich dann im Taskmanager meine Prozesse anschaue steht da der Browser drin, aber nur mit einem geringen Arbeitsspeicher angegeben. Wenn ich dann diese Prozesse beende geht der Browser wieder. Außerdem kommt manchmal die Meldung Windows Hostprozess konnte nicht ausgeführt werden. Avira, Spybot und Malwarebytes haben nichts gefunden. Ich habe Vista 32-bit mit den neuesten Updates. Ich weiß das ist viel, aber ich hoffe mir kann hier jemand helfen, denn ich bin mit meinem Latein am Ende. Vielen Dank im voraus. |
|
31.10.2010, 04:52
| #2 | ||||
| /// Helfer-Team    |  Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Zitat:
(drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen) - Berichte ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? ► Da die SWH nur ein Notlösung ist und/oder die Systemwiederherstellung ist nicht durchführbar, arbeite die aufgeführten Schritte bitte vollständig ab: 1. - Lade dir RSIT - Random's System Information Tool (RSIT) von random/random herunter - an einen Ort deiner Wahl und führe die rsit.exe aus - wird "Hijackthis" auch von RSIT installiert und ausgeführt - RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten 2. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool "Ccleaner" herunter installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! 6. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Lade und installiere das Tool RootRepeal herunter
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow |
|
31.10.2010, 14:11
| #3 |
| | Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden Hi,
__________________danke für die schnelle Antwort! Das mit der Systemwiederherstellung geht leider nicht, da das ausgeschaltet war und ich keine gespeicherten Punkte habe. hier zu 1. info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-10-31 10:01:39
======Uninstall list======
-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auto Shutdown 8.11-->"E:\programme\8.11\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"E:\programme\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
CCleaner-->"E:\programme\CCleaner\uninst.exe"
Defraggler-->"E:\programme\uninst.exe"
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVD Flick 1.3.0.7-->"E:\programme\DVD Flick\unins000.exe"
EASEUS Partition Master 5.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 5.0.1 Home Edition\unins000.exe"
Free Audio CD Burner version 1.4-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free DVD Video Burner version 2.1-->"C:\Program Files\DVDVideoSoft\Free DVD Video Burner\unins000.exe"
Free Video to DVD Converter version 1.2-->"E:\programme\Free Video to DVD Converter\unins000.exe"
Free Video to iPhone Converter version 3.0-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
Free Video to MP3 Converter version 4.0-->"E:\programme\Free Video to MP3 Converter\unins000.exe"
Free YouTube to iPhone Converter version 2.5-->"E:\programme\Free YouTube to iPhone Converter\unins000.exe"
Free YouTube to MP3 Converter version 3.8-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.29.0.1032-->"E:\programme\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnose Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iPhoneBrowser-->MsiExec.exe /I{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
iWisoft Free Video Converter 1.2-->"E:\programme\iWisoft Free Video Converter\unins000.exe"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"E:\programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{775B9052-3517-47FA-817D-1BB28363D43A}\setup.exe -runfromtemp -l0x0007 -removeonly
Need For Speed™ World-->"E:\programme\Need For Speed World\unins000.exe"
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\17.8.0.5\InstStub.exe /X
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Optimierte Multimedia-Tastatur-Lösung-->C:\HP\KBD\Install.exe /u
oZone3D.Net FurMark v1.8.0-->"E:\programme\FurMark_v1.8.0\unins000.exe"
Pinball-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F647107-C2BA-11D3-9A6D-0000B455B172}\setup.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Secunia PSI-->"E:\programme\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SiSoftware Sandra Lite 2010c-->"E:\programme\SiSoftware Sandra Lite 2010c\unins000.exe"
SopCast 3.2.4-->E:\programme\SopCast\uninst.exe
Testversion von Microsoft Office Home and Student 2007-->c:\hp\bin\MSOffice\uninst2.cmd
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb2410711)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BB5A2EB0-4515-4C6B-A618-A6F6B0AB7BAA}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.17-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows-Defender (disabled) (outdated)
======System event log======
Computer Name: hp-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2347290(Security Update) von Installiert(Installed) in Installiert(Installed) zu ändern.
Record Number: 106158
Source Name: Microsoft-Windows-Servicing
Time Written: 20101021145103.000000-000
Event Type: Informationen
User: hp-PC\Nico
Computer Name: hp-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2347290(Security Update) von Installiert(Installed) in Installiert(Installed) zu ändern.
Record Number: 106157
Source Name: Microsoft-Windows-Servicing
Time Written: 20101021145103.000000-000
Event Type: Informationen
User: hp-PC\Nico
Computer Name: hp-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2347290(Security Update) von Installiert(Installed) in Installiert(Installed) zu ändern.
Record Number: 106156
Source Name: Microsoft-Windows-Servicing
Time Written: 20101021145103.000000-000
Event Type: Informationen
User: hp-PC\Nico
Computer Name: hp-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2347290(Security Update) von Installiert(Installed) in Installiert(Installed) zu ändern.
Record Number: 106155
Source Name: Microsoft-Windows-Servicing
Time Written: 20101021145103.000000-000
Event Type: Informationen
User: hp-PC\Nico
Computer Name: hp-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2347290(Security Update) von Installiert(Installed) in Installiert(Installed) zu ändern.
Record Number: 106154
Source Name: Microsoft-Windows-Servicing
Time Written: 20101021145103.000000-000
Event Type: Informationen
User: hp-PC\Nico
=====Application event log=====
Computer Name: LH-U0G07K6VOU2J
Event Code: 36
Message:
Record Number: 376
Source Name: ccSvcHst
Time Written: 20020208005928.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: LH-U0G07K6VOU2J
Event Code: 36
Message:
Record Number: 375
Source Name: ccSvcHst
Time Written: 20020208005928.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: LH-U0G07K6VOU2J
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 374
Source Name: SecurityCenter
Time Written: 20020208005922.000000-000
Event Type: Informationen
User:
Computer Name: LH-U0G07K6VOU2J
Event Code: 0
Message: Der Dienst wurde gestartet.
Record Number: 373
Source Name: HP Health Check Service
Time Written: 20020208005922.000000-000
Event Type: Informationen
User:
Computer Name: LH-U0G07K6VOU2J
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.
Record Number: 372
Source Name: Microsoft-Windows-Search
Time Written: 20020208005916.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: hp-PC
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:
Antragsteller:
Sicherheits-ID: S-1-5-21-1520337693-1879009250-3396951402-500
Kontoname: Administrator
Kontodomäne: LH-U0G07K6VOU2J
Anmelde-ID: 0x4211f
Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 262
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20020208005930.526600-000
Event Type: Überwachung erfolgreich
User:
Computer Name: hp-PC
Event Code: 4634
Message: Ein Konto wurde abgemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-7
Kontoname: ANONYMOUS-ANMELDUNG
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x27937
Anmeldetyp: 3
Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 261
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20020208005929.091400-000
Event Type: Überwachung erfolgreich
User:
Computer Name: LH-U0G07K6VOU2J
Event Code: 4616
Message: Die Systemzeit wurde geändert.
Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: LOKALER DIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e5
Prozessinformationen:
Prozess-ID: 0x474
Name: C:\Windows\System32\svchost.exe
Vorherige Zeit: 01:59:28 08.02.2002
Neue Zeit: 01:59:28 08.02.2002
Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 260
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20020208005928.888600-000
Event Type: Überwachung erfolgreich
User:
Computer Name: LH-U0G07K6VOU2J
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 259
Source Name: Microsoft-Windows-Eventlog
Time Written: 20020208005928.919800-000
Event Type: Überwachung erfolgreich
User:
Computer Name: LH-U0G07K6VOU2J
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-1520337693-1879009250-3396951402-500
Kontoname: Administrator
Domänenname: LH-U0G07K6VOU2J
Logon-ID: 0x4211f
Record Number: 258
Source Name: Microsoft-Windows-Eventlog
Time Written: 20020208005911.719608-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;E:\programme\T-Online_Software_6\Basis-Software\Basis2\;E:\programme\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online-Dienste
"SAN_DIR"=E:\programme\SiSoftware Sandra Lite 2010c
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Nico at 2010-10-31 10:01:13 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 408 GB (87%) free of 469 GB Total RAM: 3071 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:37, on 31.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\WINDOWS\RtHDVCpl.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Opera\opera.exe C:\Users\Nico\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\trend micro\Nico.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 93.174.138.218:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - E:\programme\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9680 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\Norton Security Scan for Nico.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-14 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2002-02-08 2217856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-18 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2002-02-08 2217856] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440] "NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-10 92704] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-10 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-10 88608] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584] "SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\hp\support\hpsysdrv.exe [2007-04-18 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE [2006-03-28 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PanelApp] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] E:\programme\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE [2006-05-05 565248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] C:\Windows\system32\jureg.exe [2007-04-07 54936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol] E:\programme\TightVNC\tvnserver.exe -controlservice -slave [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Nico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Nico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI.lnk] E:\PROGRA~1\PSI\psi.exe [2010-07-21 965176] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=1 "EnableUIADesktopToggle"=0 "SoftwareSASGeneration"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-10-31 10:01:13 ----D---- C:\rsit 2010-10-31 10:01:13 ----D---- C:\Program Files\trend micro 2010-10-28 19:00:51 ----D---- C:\Program Files\Safari 2010-10-24 16:30:46 ----D---- C:\Windows\Profiles 2010-10-24 16:30:43 ----SHD---- C:\Windows\system32\%APPDATA% 2010-10-21 15:25:12 ----A---- C:\lopR.txt 2010-10-21 15:19:21 ----D---- C:\Lop SD 2010-10-19 20:16:22 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-10-19 19:51:55 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-19 19:51:52 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-19 17:19:16 ----D---- C:\Program Files\Adobe 2010-10-19 13:21:42 ----D---- C:\ProgramData\NOS 2010-10-19 13:21:42 ----D---- C:\Program Files\NOS 2010-10-18 19:13:31 ----D---- C:\Users\Nico\AppData\Roaming\Malwarebytes 2010-10-18 19:13:18 ----D---- C:\ProgramData\Malwarebytes 2010-10-18 17:39:41 ----A---- C:\ping.txt 2010-10-18 17:14:41 ----A---- C:\Windows\system32\javaws.exe 2010-10-18 17:14:41 ----A---- C:\Windows\system32\javaw.exe 2010-10-18 17:14:41 ----A---- C:\Windows\system32\java.exe 2010-10-17 19:07:33 ----D---- C:\Users\Nico\AppData\Roaming\Vidalia 2010-10-17 18:57:47 ----D---- C:\Users\Nico\AppData\Roaming\GlarySoft 2010-10-16 13:06:49 ----D---- C:\Users\Nico\AppData\Roaming\Need for Speed World 2010-10-16 11:49:50 ----A---- C:\Windows\system32\D3DX9_40.dll 2010-10-16 11:49:50 ----A---- C:\Windows\system32\d3dx10_40.dll 2010-10-16 11:49:50 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2010-10-16 11:45:21 ----D---- C:\Windows\system32\AGEIA 2010-10-16 11:45:21 ----D---- C:\Program Files\AGEIA Technologies 2010-10-16 11:29:12 ----A---- C:\Windows\system32\drivers\sptd.sys 2010-10-16 11:28:47 ----D---- C:\Users\Nico\AppData\Roaming\DAEMON Tools Lite 2010-10-16 11:28:45 ----D---- C:\ProgramData\DAEMON Tools Lite 2010-10-13 17:07:06 ----A---- C:\Windows\system32\wmp.dll 2010-10-13 17:07:05 ----A---- C:\Windows\system32\wmploc.DLL 2010-10-13 17:06:45 ----A---- C:\Windows\system32\srvsvc.dll 2010-10-13 17:06:45 ----A---- C:\Windows\system32\netevent.dll 2010-10-13 17:06:45 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-10-13 17:06:45 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-10-13 17:06:45 ----A---- C:\Windows\system32\drivers\srv.sys 2010-10-13 17:06:40 ----A---- C:\Windows\system32\schannel.dll 2010-10-13 17:06:39 ----A---- C:\Windows\system32\ole32.dll 2010-10-13 17:06:38 ----A---- C:\Windows\system32\t2embed.dll 2010-10-13 17:06:37 ----A---- C:\Windows\system32\mfc40.dll 2010-10-13 17:06:36 ----A---- C:\Windows\system32\mfc40u.dll 2010-10-13 17:06:35 ----A---- C:\Windows\system32\win32k.sys 2010-10-13 17:06:33 ----A---- C:\Windows\system32\msshsq.dll 2010-10-13 17:05:41 ----A---- C:\Windows\system32\wmpmde.dll 2010-10-13 17:05:40 ----A---- C:\Windows\system32\comctl32.dll 2010-10-09 18:09:49 ----D---- C:\Windows\Sun 2010-10-07 17:58:25 ----D---- C:\Program Files\iPod 2010-10-01 19:52:33 ----D---- C:\ProgramData\TVU Networks 2010-10-01 19:51:17 ----D---- C:\Windows\system32\TVUAx ======List of files/folders modified in the last 1 months====== 2010-10-31 10:01:26 ----D---- C:\Windows\Prefetch 2010-10-31 10:01:13 ----RD---- C:\Program Files 2010-10-31 09:59:41 ----D---- C:\WINDOWS 2010-10-31 09:55:18 ----D---- C:\Windows\System32 2010-10-31 09:55:18 ----D---- C:\Windows\inf 2010-10-31 09:55:18 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-10-31 09:54:30 ----D---- C:\Windows\Temp 2010-10-30 22:56:14 ----SHD---- C:\System Volume Information 2010-10-29 17:29:17 ----D---- C:\Windows\Tasks 2010-10-29 14:17:24 ----D---- C:\Program Files\Mozilla Firefox 2010-10-28 19:14:57 ----D---- C:\Users\Nico\AppData\Roaming\vlc 2010-10-28 19:01:19 ----SHD---- C:\Windows\Installer 2010-10-28 19:01:19 ----SHD---- C:\Config.Msi 2010-10-28 19:00:39 ----D---- C:\Program Files\Common Files\Apple 2010-10-27 19:35:39 ----D---- C:\Windows\pss 2010-10-27 19:34:06 ----D---- C:\Windows\Minidump 2010-10-26 14:23:34 ----D---- C:\Windows\system32\Tasks 2010-10-25 17:31:06 ----D---- C:\Windows\system32\drivers 2010-10-24 16:30:55 ----SD---- C:\ProgramData\Microsoft 2010-10-24 16:30:46 ----D---- C:\Program Files\Windows Media Player 2010-10-23 08:57:21 ----D---- C:\Program Files\Common Files\Steam 2010-10-21 16:00:42 ----D---- C:\Windows\rescache 2010-10-21 15:52:59 ----D---- C:\Windows\winsxs 2010-10-21 15:52:58 ----D---- C:\Windows\ShellNew 2010-10-21 15:29:24 ----HD---- C:\ProgramData 2010-10-20 15:01:16 ----D---- C:\ProgramData\Adobe 2010-10-19 20:53:51 ----A---- C:\Windows\system32\AU8Settings.ini 2010-10-19 17:19:30 ----D---- C:\Program Files\Common Files\Adobe 2010-10-19 14:18:58 ----D---- C:\Windows\system32\drivers\etc 2010-10-19 13:26:17 ----D---- C:\Windows\system32\Adobe 2010-10-19 13:19:19 ----D---- C:\Windows\system32\Macromed 2010-10-18 18:44:31 ----D---- C:\Program Files\Viewpoint 2010-10-18 18:44:14 ----D---- C:\ProgramData\Viewpoint 2010-10-18 17:14:30 ----A---- C:\Windows\system32\deployJava1.dll 2010-10-18 17:12:13 ----D---- C:\Program Files\Common Files\Java 2010-10-18 16:06:48 ----D---- C:\Windows\system32\catroot2 2010-10-17 19:13:22 ----D---- C:\ProgramData\NortonInstaller 2010-10-17 19:13:22 ----D---- C:\ProgramData\Norton 2010-10-17 19:13:22 ----D---- C:\Program Files\Windows Sidebar 2010-10-17 19:13:22 ----D---- C:\Program Files\PC-Doctor 5 for Windows 2010-10-17 19:13:22 ----D---- C:\Program Files\Microsoft Visual Studio 8 2010-10-17 19:13:22 ----D---- C:\Program Files\HP 2010-10-17 19:09:09 ----D---- C:\ProgramData\DivX 2010-10-17 19:09:09 ----D---- C:\Program Files\DivX 2010-10-17 18:51:33 ----D---- C:\Windows\SMINST 2010-10-17 14:55:48 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2010-10-17 14:12:54 ----D---- C:\Windows\Debug 2010-10-16 18:43:25 ----D---- C:\Program Files\Java 2010-10-16 11:49:43 ----RSD---- C:\Windows\assembly 2010-10-16 08:18:04 ----D---- C:\Program Files\Opera 2010-10-14 14:49:45 ----D---- C:\Windows\system32\de-DE 2010-10-13 20:46:47 ----D---- C:\ProgramData\Microsoft Help 2010-10-13 20:43:41 ----A---- C:\Windows\system32\mrt.exe 2010-10-13 17:05:30 ----D---- C:\Windows\system32\catroot 2010-10-07 17:58:49 ----D---- C:\Program Files\iTunes 2010-10-07 16:25:13 ----D---- C:\Windows\Microsoft.NET 2010-10-01 12:48:20 ----D---- C:\Program Files\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-07-12 45648] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-16 691696] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136] R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-05-27 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100520.001\IDSvix86.sys [2009-10-28 343088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS [2010-04-22 43696] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-15 218752] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-11 1793880] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\Windows\system32\DRIVERS\LHidKE.Sys [2006-03-28 27008] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\Windows\System32\Drivers\LMouKE.sys [2006-03-28 69760] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8237120] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-05-18 124976] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] S3 apkaqhr4;apkaqhr4; C:\Windows\system32\drivers\apkaqhr4.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2010-01-20 14216] S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2010-01-20 8456] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\System32\Drivers\L8042Kbd.sys [] S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\Windows\System32\Drivers\L8042mou.sys [2006-03-28 55808] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100601.023\NAVENG.SYS [2010-05-18 85552] S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100601.023\NAVEX15.SYS [2010-05-18 1347504] S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904] S3 SANDRA;SANDRA; \??\E:\programme\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys [2009-08-07 23112] S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS [2010-04-22 325680] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440] R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264] S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624] S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-18 21504] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256] S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544] S3 SandraAgentSrv;SiSoftware Deployment Agent Service; E:\programme\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-23 407336] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656] -----------------EOF----------------- hier zu 4. Code:
ATTFilter Adobe Download Manager NOS Microsystems Ltd. 18.10.2010 0,45MB 1.6.2.91
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.10.2010 10.1.85.3
Adobe Reader 9.4.0 - Deutsch Adobe Systems Incorporated 18.10.2010 242,3MB 9.4.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 18.10.2010 8,67MB 11.5.8.612
Apple Application Support Apple Inc. 27.10.2010 42,8MB 1.3.2
Apple Mobile Device Support Apple Inc. 16.09.2010 20,1MB 3.2.0.47
Apple Software Update Apple Inc. 24.02.2010 2,16MB 2.1.1.116
Auto Shutdown 8.11 Explora.Pc´s Software 13.03.2010 5,14MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 21.04.2010 100,2MB 10.0.0.567
AVS Update Manager 1.0 Online Media Technologies Ltd. 12.03.2010 9,64MB
AVS Video Converter 6 Online Media Technologies Ltd. 12.03.2010 34,0MB
AVS4YOU Software Navigator 1.3 Online Media Technologies Ltd. 12.03.2010 8,72MB
CCleaner Piriform 24.10.2010 2,96MB 2.36
Defraggler Piriform 28.09.2010 12.739,8MB 1.21
DivX-Setup DivX, Inc. 16.10.2010 1,91MB 2.1.2.2
DVD Flick 1.3.0.7 Dennis Meuwissen 13.03.2010 43,2MB 1.3.0.7
EASEUS Partition Master 5.0.1 Home Edition EASEUS 02.02.2010 42,3MB
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 30.09.2010 3,14MB
Free DVD Video Burner version 2.1 DVDVideoSoft Limited. 11.03.2010 4,80MB
Free Video to DVD Converter version 1.2 DVDVideoSoft Limited. 11.03.2010 2,66MB
Free Video to iPhone Converter version 3.0 DVDVideoSoft Limited. 31.07.2010 2,58MB
Free Video to MP3 Converter version 4.0 DVDVideoSoft Limited. 27.06.2010 2,53MB
Free YouTube to iPhone Converter version 2.5 DVDVideoSoft Limited. 20.06.2010 3,19MB
Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 30.09.2010 6,70MB
GIMP 2.6.8 12.04.2010 98,6MB
Glary Utilities 2.29.0.1032 Glarysoft Ltd 28.10.2010 18,1MB 2.29.0.1032
Google Toolbar for Internet Explorer 07.02.2002 2,59MB
Hardware Diagnose Tools PC-Doctor, Inc. 07.02.2002 129,6MB 5.00.4558.05
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) Hauppauge Computer Works, Inc. 07.02.2002 0,15MB 2.0.25149
HP On-Screen Cap/Num/Scroll Lock Indicator Hewlett-Packard 07.02.2002
HP Update Hewlett-Packard 07.02.2002 3,57MB 4.000.005.007
Intel(R) Network Connections Drivers 07.02.2010
Intel® Viiv™ Software Intel Corporation 07.02.2002 22,3MB 1.6.361.6
iPhoneBrowser Cranium Consulting and Custom Software 23.03.2010 0,41MB 1.9.3
iTunes Apple Inc. 06.10.2010 138,7MB 10.0.1.22
iWisoft Free Video Converter 1.2 www.easy-video-converter.com 13.03.2010 21,4MB 1.2
Java(TM) 6 Update 22 Oracle 17.10.2010 95,0MB 6.0.220
Logitech SetPoint Logitech 01.02.2010 42,5MB 2.60
Malwarebytes' Anti-Malware Malwarebytes Corporation 18.10.2010 3,90MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.02.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 03.02.2010 37,0MB
Microsoft Office Enterprise 2007 Microsoft Corporation 17.04.2010 633,0MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 29.09.2010 34,5MB 4.0.50917.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 03.02.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.10.2010 2,38MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.04.2010 0,58MB 9.0.30729.4148
Microsoft Works Microsoft Corporation 03.02.2010 292,7MB 08.05.0822
MobileMe Control Panel Apple Inc. 27.10.2010 11,8MB 3.1.3.0
Mozilla Firefox (3.6.12) Mozilla 28.10.2010 29,8MB 3.6.12 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.02.2010 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.02.2010 1,34MB 4.20.9876.0
muvee autoProducer 6.0 muvee Technologies 07.02.2002 154,5MB 6.00.050
Need For Speed™ World Electronic Arts 15.10.2010 15,4MB 1.0.0.131
Norton Internet Security Symantec Corporation 17.05.2010 68,1MB 17.8.0.5
Norton Security Scan Symantec Corporation 24.05.2010 11,6MB 2.7.3.34
NVIDIA Drivers 07.02.2010
NVIDIA PhysX NVIDIA Corporation 15.10.2010 120,1MB 9.09.0720
Opera 10.63 Opera Software ASA 15.10.2010 23,3MB 10.63
Optimierte Multimedia-Tastatur-Lösung Hewlett-Packard 07.02.2002 8,34MB
oZone3D.Net FurMark v1.8.0 oZone3D.Net 15.02.2010 3,97MB
Pinball 28.05.2010 3,14MB
QuickTime Apple Inc. 16.09.2010 73,7MB 7.68.75.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 07.02.2002 14,4MB 6.0.1.5444
Roxio Creator Audio Roxio 07.02.2002 4,55MB 3.4.0
Roxio Creator Basic v9 Roxio 07.02.2002 30,5MB 3.4.0
Roxio Creator Copy Roxio 07.02.2002 0,65MB 3.4.0
Roxio Creator Data Roxio 07.02.2002 0,84MB 3.4.0
Roxio Creator EasyArchive Roxio 07.02.2002 1,49MB 3.4.0
Roxio Creator Tools Roxio 07.02.2002 0,35MB 3.4.0
Roxio Express Labeler 3 Roxio 07.02.2002 19,6MB 3.2.1
Roxio MyDVD Basic v9 Roxio 07.02.2002 327,6MB 9.0.572
Safari Apple Inc. 27.10.2010 41,3MB 5.33.18.5
Secunia PSI 24.10.2010 1,53MB
SiSoftware Sandra Lite 2010c SiSoftware 15.02.2010 65,9MB 16.26.2010.1
SopCast 3.2.4 SopCast.com 05.02.2010 9,05MB 3.2.4
T-Online WLAN-Access Finder 01.02.2010 0,95MB
Testversion von Microsoft Office Home and Student 2007 07.02.2002 348,4MB
Veetle TV 0.9.17 Veetle, Inc 09.04.2010 36,3MB 0.9.17
VLC media player 1.1.4 VideoLAN 30.08.2010 75,7MB 1.1.4
Windows Live Anmelde-Assistent Microsoft Corporation 02.02.2010 1,93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 02.02.2010 44,0MB 14.0.8089.0726
Windows Media Player Firefox Plugin Microsoft Corp 22.09.2010 0,29MB 1.0.0.8
WinRAR 21.02.2010 3,78MB
hier zu 5. Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-31 10:40:46
Windows 6.0.6002 Service Pack 2
Running: 1bytlit0.exe; Driver: C:\Users\Nico\AppData\Local\Temp\pxldipoc.sys
---- System - GMER 1.0.15 ----
SSDT 88B0CED0 ZwAlertResumeThread
SSDT 88B0A850 ZwAlertThread
SSDT 88B74900 ZwAllocateVirtualMemory
SSDT 8816E890 ZwAlpcConnectPort
SSDT 88B488F0 ZwAssignProcessToJobObject
SSDT 88B808C0 ZwCreateMutant
SSDT 88B85158 ZwCreateSymbolicLinkObject
SSDT 88B726D0 ZwCreateThread
SSDT 88AF7D10 ZwDebugActiveProcess
SSDT 88B74B18 ZwDuplicateObject
SSDT 88B71CB0 ZwFreeVirtualMemory
SSDT 88B21070 ZwImpersonateAnonymousToken
SSDT 88B12048 ZwImpersonateThread
SSDT 8816E230 ZwLoadDriver
SSDT 88B71B50 ZwMapViewOfSection
SSDT 88B260B0 ZwOpenEvent
SSDT 88B74D78 ZwOpenProcess
SSDT 88A9B068 ZwOpenProcessToken
SSDT 88B3B938 ZwOpenSection
SSDT 88B74C28 ZwOpenThread
SSDT 88B84070 ZwProtectVirtualMemory
SSDT 88B0B048 ZwResumeThread
SSDT 88A01988 ZwSetContextThread
SSDT 88B718F8 ZwSetInformationProcess
SSDT 88B30048 ZwSetSystemInformation
SSDT 88B28048 ZwSuspendProcess
SSDT 88AFF048 ZwSuspendThread
SSDT 88A7D108 ZwTerminateProcess
SSDT 88AE6A68 ZwTerminateThread
SSDT 88AD80D0 ZwUnmapViewOfSection
SSDT 88B71FC0 ZwWriteVirtualMemory
SSDT 88B85728 ZwCreateThreadEx
INT 0x51 ? 8640BBF8
INT 0x51 ? 8640BBF8
INT 0x51 ? 8781AF00
INT 0x51 ? 8640BBF8
INT 0x62 ? 8781AF00
INT 0x71 ? 8781AF00
INT 0x71 ? 8781AF00
INT 0x71 ? 8781AF00
INT 0x72 ? 8781AF00
INT 0x82 ? 8781AF00
INT 0xA2 ? 8640BBF8
INT 0xB2 ? 8640BBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 824E9880 8 Bytes [D0, CE, B0, 88, 50, A8, B0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 824E9894 4 Bytes [00, 49, B7, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 824E98F4 4 Bytes [F0, 88, B4, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824E9958 4 Bytes [C0, 08, B8, 88]
.text ntkrnlpa.exe!KeSetEvent + 21D 824E9980 8 Bytes [58, 51, B8, 88, D0, 26, B7, ...]
.text ...
? System32\Drivers\spvl.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E80A340, 0x3A0147, 0xE8000020]
.text USBPORT.SYS!DllUnload 82DA741B 5 Bytes JMP 8781A4E0
.text apkaqhr4.SYS 82DB6000 22 Bytes [82, 13, 41, 82, 6C, 12, 41, ...]
.text apkaqhr4.SYS 82DB6017 181 Bytes [00, 32, 77, 78, 80, 3D, 75, ...]
.text apkaqhr4.SYS 82DB60CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text apkaqhr4.SYS 82DB60DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text apkaqhr4.SYS 82DB60E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1052] ntdll.dll!NtProtectVirtualMemory 77104D34 5 Bytes JMP 0058000A
.text C:\Windows\Explorer.EXE[1052] ntdll.dll!NtWriteVirtualMemory 77105674 5 Bytes JMP 0172000A
.text C:\Windows\Explorer.EXE[1052] ntdll.dll!KiUserExceptionDispatcher 77105DC8 5 Bytes JMP 0057000A
.text C:\Windows\system32\svchost.exe[4508] ntdll.dll!NtProtectVirtualMemory 77104D34 3 Bytes JMP 0011000A
.text C:\Windows\system32\svchost.exe[4508] ntdll.dll!NtProtectVirtualMemory + 4 77104D38 1 Byte [89]
.text C:\Windows\system32\svchost.exe[4508] ntdll.dll!NtWriteVirtualMemory 77105674 5 Bytes JMP 0067000A
.text C:\Windows\system32\svchost.exe[4508] ntdll.dll!KiUserExceptionDispatcher 77105DC8 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[4508] ole32.dll!CoCreateInstance 76719F3E 5 Bytes JMP 009C000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D6] \SystemRoot\System32\Drivers\spvl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B042] \SystemRoot\System32\Drivers\spvl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B800] \SystemRoot\System32\Drivers\spvl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0C0] \SystemRoot\System32\Drivers\spvl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13E] \SystemRoot\System32\Drivers\spvl.sys
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortWritePortUchar] 8382DDCF
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \programme\DAEMON Tools Lite\Engine.dll
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F82DDA0
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\apkaqhr4.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 864101F8
Device \Driver\volmgr \Device\VolMgrControl 8640D1F8
Device \Driver\usbuhci \Device\USBPDO-0 878631F8
Device \Driver\usbuhci \Device\USBPDO-1 878631F8
Device \Driver\usbehci \Device\USBPDO-2 878641F8
Device \Driver\PCI_PNP5981 \Device\00000054 spvl.sys
Device \Driver\usbuhci \Device\USBPDO-3 878631F8
Device \Driver\usbuhci \Device\USBPDO-4 878631F8
Device \Driver\sptd \Device\2450251992 spvl.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 878631F8
Device \Driver\usbuhci \Device\USBPDO-6 878631F8
Device \Driver\volmgr \Device\HarddiskVolume1 8640D1F8
Device \Driver\usbehci \Device\USBPDO-7 878641F8
Device \Driver\volmgr \Device\HarddiskVolume2 8640D1F8
Device \Driver\cdrom \Device\CdRom0 877F91F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8738A292
Device \Driver\atapi \Device\Ide\IdePort0 8640F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8738A292
Device \Driver\atapi \Device\Ide\IdePort1 8640F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8738A292
Device \Driver\atapi \Device\Ide\IdePort2 8640F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8738A292
Device \Driver\atapi \Device\Ide\IdePort3 8640F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-1 8738A292
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8640F1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-4 8738A292
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 8640F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8640D1F8
Device \Driver\cdrom \Device\CdRom1 877F91F8
Device \Driver\volmgr \Device\HarddiskVolume4 8640D1F8
Device \Driver\volmgr \Device\HarddiskVolume5 8640D1F8
Device \Driver\volmgr \Device\HarddiskVolume6 8640D1F8
Device \Driver\volmgr \Device\HarddiskVolume7 8640D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 881741F8
Device \Driver\volmgr \Device\HarddiskVolume8 8640D1F8
Device \Driver\Smb \Device\NetbiosSmb 87FC51F8
Device \Driver\USBSTOR \Device\00000088 88EEC1F8
Device \Driver\iScsiPrt \Device\RaidPort0 879EF1F8
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\USBSTOR \Device\00000089 88EEC1F8
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 878631F8
Device \Driver\usbuhci \Device\USBFDO-1 878631F8
Device \Driver\usbehci \Device\USBFDO-2 878641F8
Device \Driver\usbuhci \Device\USBFDO-3 878631F8
Device \Driver\usbuhci \Device\USBFDO-4 878631F8
Device \Driver\USBSTOR \Device\0000008a 88EEC1F8
Device \Driver\usbuhci \Device\USBFDO-5 878631F8
Device \Driver\USBSTOR \Device\0000008b 88EEC1F8
Device \Driver\usbuhci \Device\USBFDO-6 878631F8
Device \Driver\USBSTOR \Device\0000008c 88EEC1F8
Device \Driver\usbehci \Device\USBFDO-7 878641F8
Device \Driver\apkaqhr4 \Device\Scsi\apkaqhr41Port5Path0Target0Lun0 878D71F8
Device \Driver\apkaqhr4 \Device\Scsi\apkaqhr41 878D71F8
Device \FileSystem\cdfs \Cdfs 88F241F8
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HD501LJ_________________________CR100-10#5&1eaea11c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x55 0x7C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x16 0x01 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x20 0x00 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x55 0x7C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x16 0x01 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x20 0x00 0x65 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 976772930 (+237): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
|
Linear-Darstellung
