| |
| |||||||
Log-Analyse und Auswertung: Bluescreen, plötzlicher AbsturzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.12.2010, 18:38
| #1 | |
 |  Bluescreen, plötzlicher Absturz Hey Leute! Ich habe seit eingen Tagen das Problem, dass ich des öfteren von einem Bluescreen (bisher immer unter starker Auslastung, wie z.B. 2-3 WoW.exe gleichzeitig) oder nun auch ein plötzlicher Absturz mit anschließendem Neustarten. Beim normalen Herunterfahren hatte ich zudem Probleme beim Beenden eines Prozesses, dessen Name nur aus Vierecken bestand (kein Office installiert, also weiß ich nicht, was das für Zeichen gewesen sein könnten). Bevor ich jetzt meinen Rechner neu aufsetze und mich an die Sicherung einiger Daten mache, möchte ich euch vorher bitten, ob euch vielleicht noch eine Lösung des Problems ohne format :c einfällt. Mein HiJack: Zitat:
 im Vorraus, LG Netzi. |
|
12.12.2010, 18:59
| #2 |
| /// Malware-holic   |  Bluescreen, plötzlicher Absturz 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs nach. ootl: 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
12.12.2010, 19:55
| #3 |
| |  Bluescreen, plötzlicher Absturz Vielen Dank für die schnelle Antwort!
__________________OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.12.2010 19:47:17 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 312,50 Gb Total Space | 287,10 Gb Free Space | 91,87% Space Free | Partition Type: NTFS Drive D: | 4,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 619,01 Gb Total Space | 381,05 Gb Free Space | 61,56% Space Free | Partition Type: NTFS Computer Name: NETZKILLER | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.12 19:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\OTL.exe PRC - [2010.12.12 00:35:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.12.12 00:35:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.11.17 15:52:11 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Spiele\Steam\steam.exe PRC - [2010.10.09 12:39:50 | 002,181,120 | ---- | M] (TECHNO4EVER) -- C:\Programme\T4E Player\T4EPlayer.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.10.25 14:30:50 | 001,259,008 | ---- | M] (oxid.it) -- C:\Programme\Cain\Cain.exe PRC - [2009.09.25 15:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\essvr.exe PRC - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.08.04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.05.25 04:21:40 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.07.05 12:17:30 | 000,060,416 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Profiler\LWEMon.exe ========== Modules (SafeList) ========== MOD - [2010.12.12 19:45:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.08.18 17:46:25 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP) SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.12.12 17:05:14 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010.10.31 16:04:17 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010.08.06 13:56:35 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010.08.06 13:56:35 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010.06.14 23:03:00 | 010,596,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010.03.10 02:48:30 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.10.21 15:28:42 | 005,934,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.10.20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.10.07 12:26:18 | 000,099,440 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2009.09.25 15:57:40 | 000,138,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.09.25 15:57:36 | 000,056,576 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.07.28 09:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.05.16 19:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.05.13 16:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008.12.15 19:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.06.06 14:37:12 | 000,046,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2006.06.06 14:37:10 | 000,021,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2006.06.06 14:37:10 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2006.06.06 14:37:10 | 000,011,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2006.06.06 14:37:10 | 000,006,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\..\URLSearchHook: {33b974a8-e892-4f5f-bd17-f7b0331843d5} - C:\Programme\TECHNO4EVER\tbTEC0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {33b974a8-e892-4f5f-bd17-f7b0331843d5}:3.2.1.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.12 00:35:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.12 00:35:48 | 000,000,000 | ---D | M] [2010.08.06 14:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Extensions [2010.12.11 18:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions [2010.09.04 21:22:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.09 18:56:09 | 000,000,000 | ---D | M] (TECHNO4EVER Community Toolbar) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{33b974a8-e892-4f5f-bd17-f7b0331843d5} [2010.08.06 17:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.22 16:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.08 19:46:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.22 16:31:28 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.12.07 18:45:08 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\searchplugins\icqplugin.xml [2010.12.11 18:54:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.25 22:02:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.12.04 19:14:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.08.06 20:22:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.12.04 19:14:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.11.11 16:51:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.11 16:51:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.11 16:51:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.11 16:51:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.11 16:51:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Programme\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (TECHNO4EVER Toolbar) - {33b974a8-e892-4f5f-bd17-f7b0331843d5} - C:\Programme\TECHNO4EVER\tbTEC0.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (TECHNO4EVER Toolbar) - {33b974a8-e892-4f5f-bd17-f7b0331843d5} - C:\Programme\TECHNO4EVER\tbTEC0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\..\Toolbar\WebBrowser: (TECHNO4EVER Toolbar) - {33B974A8-E892-4F5F-BD17-F7B0331843D5} - C:\Programme\TECHNO4EVER\tbTEC0.dll (Conduit Ltd.) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BCU] C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1214440339-1708537768-725345543-1004..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1214440339-1708537768-725345543-1004..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Profiler\lwemon.exe (Logitech Inc.) O4 - HKU\S-1-5-21-1214440339-1708537768-725345543-1004..\Run: [Steam] F:\spiele\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Kevin\Startmenü\Programme\Autostart\Cain.lnk = C:\Programme\Cain\Cain.exe (oxid.it) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1708537768-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\*\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 () - F:\Bilder\HB\mandolux-stinkerdeux-l-2560.jpg O24 - Desktop Components:1 () - F:\Bilder\HB\mandolux-stinkerdeux-r-2560.jpg O24 - Desktop Components:2 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:3 () - hxxp://www.chip.de/ O24 - Desktop Components:4 () - hxxp://www.google.de/ O24 - Desktop Components:5 () - hxxp://www.facebook.de/ O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kevin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.05 15:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4616a309-ee8c-11df-bfa7-6cf049e0d7ce}\Shell - "" = AutoRun O33 - MountPoints2\{4616a309-ee8c-11df-bfa7-6cf049e0d7ce}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 30 Days ========== [2010.12.12 17:09:56 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap [2010.12.12 17:09:23 | 000,000,000 | ---D | C] -- C:\Programme\Cain [2010.12.09 18:39:34 | 000,000,000 | ---D | C] -- C:\Programme\T4E Player [2010.12.09 18:39:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\TECHNO4EVER [2010.12.09 18:39:33 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.12.09 18:39:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.12.09 18:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Temp [2010.12.09 18:39:32 | 000,000,000 | ---D | C] -- C:\Programme\TECHNO4EVER [2010.12.08 16:56:29 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys [2010.12.04 19:15:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.12.04 19:15:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.12.04 19:15:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.12.04 19:14:37 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.12.04 19:14:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.12.04 19:14:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.12.04 19:14:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.12.04 19:14:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.12.04 19:14:16 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.12.04 19:11:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Sun [2010.11.30 19:46:12 | 000,000,000 | ---D | C] -- C:\Programme\Orban [2010.11.17 21:52:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.11.13 05:20:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*\Eigene Dateien\STLSave [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.12 18:55:23 | 000,000,228 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Desktop\2down.rtf [2010.12.12 17:13:01 | 000,001,455 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Startmenü\Programme\Autostart\Cain.lnk [2010.12.12 17:09:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\-1 [2010.12.12 17:05:14 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2010.12.12 17:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.12.10 19:13:01 | 000,001,629 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Eigene Dateien\T4EPlayer.conf [2010.12.09 18:39:34 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Desktop\T4E Player.lnk [2010.12.09 16:54:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.12.08 17:10:38 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2010.12.08 17:10:38 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2010.12.04 23:15:31 | 000,228,632 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.12.04 23:15:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.12.04 19:14:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.12.04 19:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.12.04 19:14:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.12.04 19:14:19 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.12.04 19:14:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.12.04 15:21:49 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.12.04 15:21:48 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.12.04 15:21:48 | 000,080,308 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.12.04 15:21:48 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.26 15:34:37 | 000,228,632 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.25 22:28:48 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.11.23 15:58:46 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.12 20:15:32 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\*\Eigene Dateien\Default.rdp [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.12 17:13:01 | 000,001,455 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Startmenü\Programme\Autostart\Cain.lnk [2010.12.12 17:09:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\-1 [2010.12.12 16:56:11 | 000,000,228 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Desktop\2down.rtf [2010.12.09 18:39:34 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Desktop\T4E Player.lnk [2010.11.30 19:39:00 | 000,001,629 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Eigene Dateien\T4EPlayer.conf [2010.11.25 22:21:33 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2010.11.12 20:15:32 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\*\Eigene Dateien\Default.rdp [2010.10.31 16:02:48 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.10.31 16:02:47 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\PnkBstrK.sys [2010.10.17 19:10:35 | 000,000,142 | ---- | C] () -- C:\WINDOWS\INpact_CSS_Hud_tweaker_1.19.INI [2010.09.13 18:03:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.08.07 12:48:24 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.05 21:05:45 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.08.05 20:59:46 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini [2010.08.05 16:37:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll ========== LOP Check ========== [2010.11.30 19:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010.08.06 17:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.11.17 21:52:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.08.06 18:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited [2010.09.22 16:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.12.12 19:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\ICQ [2010.09.06 19:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\InterTrust [2010.08.11 17:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\MSNInstaller [2010.08.11 19:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Sudeki ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.06 19:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Adobe [2010.10.15 18:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\CyberLink [2010.10.14 19:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\dvdcss [2010.09.22 16:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.12.12 19:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\ICQ [2010.08.05 15:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Identities [2010.08.05 21:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\InstallShield [2010.09.06 19:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\InterTrust [2010.08.06 16:54:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Macromedia [2010.11.12 20:19:03 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Microsoft [2010.08.06 14:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Mozilla [2010.08.11 17:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\MSNInstaller [2010.08.06 15:09:59 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\SecuROM [2010.12.09 20:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Skype [2010.12.09 18:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\skypePM [2010.08.11 19:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Sudeki [2010.12.04 19:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Sun [2010.10.17 22:23:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\vlc < %APPDATA%\*.exe /s > [2010.08.06 15:08:40 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2010.08.11 17:04:46 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.08.06 19:31:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.08.06 19:31:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.08.06 19:31:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.08.06 19:31:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.08.05 17:35:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.08.05 17:35:19 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.08.05 17:35:19 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.12.2010 19:47:17 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 312,50 Gb Total Space | 287,10 Gb Free Space | 91,87% Space Free | Partition Type: NTFS
Drive D: | 4,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 619,01 Gb Total Space | 381,05 Gb Free Space | 61,56% Space Free | Partition Type: NTFS
Computer Name: NETZKILLER | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1214440339-1708537768-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"F:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe" = F:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen -- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- (Eden Games)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"F:\Spiele\WoW (3.3.3)\Launcher.exe" = F:\Spiele\WoW (3.3.3)\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"F:\Spiele\CounterStrike 1.6\hl.exe" = F:\Spiele\CounterStrike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"F:\Spiele\Steam\Steam.exe" = F:\Spiele\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\teamspeak3-server_win32-3.0.0-beta27\teamspeak3-server_win32\ts3server_win32.exe" = C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\teamspeak3-server_win32-3.0.0-beta27\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server -- (TeamSpeak Systems GmbH)
"F:\Spiele\BF2\BF2.exe" = F:\Spiele\BF2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"F:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe" = F:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen -- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
"F:\Spiele\Runes of Magic\Client.exe" = F:\Spiele\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"F:\Spiele\CSS\hl2.exe" = F:\Spiele\CSS\hl2.exe:*:Enabled:hl2 -- ()
"F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\Launcher.exe" = F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\BackgroundDownloader.exe" = F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\WoW-3.3.5.12340-x86-Win-deDE-BKGND-downloader.exe" = F:\Spiele\WoW - Blizz\WoW (3.3.5a @Exilium)\WoW-3.3.5.12340-x86-Win-deDE-BKGND-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Spiele\Steam\SteamApps\*\dedicated server\hlds.exe" = F:\Spiele\Steam\SteamApps\*\dedicated server\hlds.exe:*:Enabled:Dedicated Server -- (Valve)
"F:\Spiele\Steam\SteamApps\*\team fortress 2\hl2.exe" = F:\Spiele\Steam\SteamApps\*\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"F:\Spiele\Steam\SteamApps\*\source 2007 dedicated server\srcds.exe" = F:\Spiele\Steam\SteamApps\*\source 2007 dedicated server\srcds.exe:*:Enabled:srcds -- File not found
"F:\Spiele\CSS\srcds.exe" = F:\Spiele\CSS\srcds.exe:*:Enabled:srcds -- ()
"F:\Spiele\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe" = F:\Spiele\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"F:\Spiele\Steam\SteamApps\*\source sdk base 2007\hl2.exe" = F:\Spiele\Steam\SteamApps\*\source sdk base 2007\hl2.exe:*:Enabled:hl2 -- ()
"F:\Spiele\Steam\SteamApps\*\counter-strike source\hl2.exe" = F:\Spiele\Steam\SteamApps\netzkiller322\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"F:\Spiele\World of Warcraft Cataclysm 4.0.1\Launcher.patch.exe" = F:\Spiele\World of Warcraft Cataclysm 4.0.1\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found
"F:\Spiele\World of Warcraft Cataclysm 4.0.1\Launcher.exe" = F:\Spiele\World of Warcraft Cataclysm 4.0.1\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Cain\Cain.exe" = C:\Programme\Cain\Cain.exe:*:Enabled:Cain - Password Recovery Utility -- (oxid.it)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040A6E85-C23F-4A23-ADBB-821C60C5DF0F}_is1" = Fahren Lernen 1.2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2C73C9D3-53B8-4923-9802-5ADBF38132FE}" = Casino Inc - The Management
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AE49300B-06AE-4F30-8E62-60C59A59CA4C}" = Sudeki
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2A2504-46FD-4408-8999-5AF433EA0C66}" = Casino Inc
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GIGA F-Tasten_is1" = GIGA F-Tasten v6.0
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{AE49300B-06AE-4F30-8E62-60C59A59CA4C}" = Sudeki
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"rFactor" = rFactor (remove only)
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 5" = Dedicated Server
"T4EPlayer" = T4E Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TECHNO4EVER Toolbar" = TECHNO4EVER Toolbar
"Theme Creator Pro 3G_is1" = Theme Creator Pro 3.1.260 SR-1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.3
"Warcraft III" = Warcraft III
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.10.2010 15:51:17 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wow.exe, Version 3.3.5.12340, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.10.2010 16:39:40 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.10.2010 16:39:41 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.10.2010 17:10:43 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.10.2010 21:44:41 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.1.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.10.2010 21:52:39 | Computer Name = NETZKILLER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 23.10.2010 22:00:54 | Computer Name = NETZKILLER | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 23.10.2010 22:01:54 | Computer Name = NETZKILLER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 24.10.2010 10:15:07 | Computer Name = NETZKILLER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 01.11.2010 10:46:41 | Computer Name = NETZKILLER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 12.11.2010 12:50:58 | Computer Name = NETZKILLER | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.2 mit
dem Computer mit der Netzwerkhardwareadresse 00:1B:38:56:83:94 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 12.11.2010 12:50:58 | Computer Name = NETZKILLER | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.2 mit
dem Computer mit der Netzwerkhardwareadresse 00:1B:38:56:83:94 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 20.11.2010 12:53:51 | Computer Name = NETZKILLER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 21.11.2010 11:19:56 | Computer Name = NETZKILLER | Source = Service Control Manager | ID = 7034
Description = Dienst "ICQ Service" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 21.11.2010 13:42:32 | Computer Name = NETZKILLER | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{882CDB27-E3AA-4A47-8FA6-3CD7A1DBD562} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 21.11.2010 16:28:51 | Computer Name = NETZKILLER | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{882CDB27-E3AA-4A47-8FA6-3CD7A1DBD562} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 30.11.2010 12:49:08 | Computer Name = NETZKILLER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc.
Error - 05.12.2010 07:32:24 | Computer Name = NETZKILLER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc.
Error - 08.12.2010 11:57:12 | Computer Name = NETZKILLER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst LogMeIn
Hamachi 2.0 Tunneling Engine.
Error - 08.12.2010 11:57:12 | Computer Name = NETZKILLER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
Geändert von netzkiller (12.12.2010 um 20:06 Uhr) Grund: Nächstes mal gleich Suchen&Ersetzen. ^^" |
|
12.12.2010, 20:07
| #4 |
| /// Malware-holic | Bluescreen, plötzlicher Absturz bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.12.2010, 21:19
| #5 |
| | Bluescreen, plötzlicher Absturz ComboFix Log: Code:
ATTFilter ComboFix 10-12-13.02 - * 13.12.2010 21:06:27.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3326.2531 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\*\Eigene Dateien\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dzgtactx.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-13 bis 2010-12-13 ))))))))))))))))))))))))))))))
.
2010-12-12 16:09 . 2010-12-12 16:09 -------- d-----w- c:\programme\WinPcap
2010-12-12 16:09 . 2010-12-12 18:12 -------- d-----w- c:\programme\Cain
2010-12-09 17:39 . 2010-12-09 17:39 -------- d-----w- c:\programme\T4E Player
2010-12-09 17:39 . 2010-12-10 15:59 -------- d-----w- c:\dokumente und einstellungen\*\Lokale Einstellungen\Anwendungsdaten\TECHNO4EVER
2010-12-09 17:39 . 2010-12-09 17:39 -------- d-----w- c:\programme\Conduit
2010-12-09 17:39 . 2010-12-09 17:39 -------- d-----w- c:\dokumente und einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-12-09 17:39 . 2010-12-10 15:59 -------- d-----w- c:\programme\TECHNO4EVER
2010-12-09 17:39 . 2010-12-09 17:39 -------- d-----w- c:\dokumente und einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Temp
2010-12-08 15:56 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-12-04 18:15 . 2010-12-04 18:15 -------- d-----w- c:\windows\Sun
2010-12-04 18:15 . 2010-12-04 18:15 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-12-04 18:14 . 2010-12-04 18:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-04 18:14 . 2010-12-04 18:14 472808 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-04 18:14 . 2010-12-04 18:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-04 18:14 . 2010-12-04 18:14 -------- d-----w- c:\programme\Java
2010-11-30 18:46 . 2010-11-30 18:46 -------- d-----w- c:\programme\Orban
2010-11-17 20:52 . 2010-11-17 20:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TechSmith
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 20:12 . 2010-08-05 20:51 17488 ----a-w- c:\windows\gdrv.sys
2010-10-31 15:25 . 2010-10-31 15:04 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-31 15:25 . 2010-10-31 15:02 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-31 15:04 . 2010-10-31 15:02 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-31 15:02 . 2010-10-31 15:02 138056 ----a-w- c:\dokumente und einstellungen\*\Anwendungsdaten\PnkBstrK.sys
2010-10-31 15:02 . 2010-10-31 15:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-31 09:03 . 2010-10-31 15:02 3360624 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-17 18:10 . 2010-10-17 18:10 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-18 10:22 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33b974a8-e892-4f5f-bd17-f7b0331843d5}"= "c:\programme\TECHNO4EVER\tbTEC0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{33b974a8-e892-4f5f-bd17-f7b0331843d5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33b974a8-e892-4f5f-bd17-f7b0331843d5}]
2010-10-18 10:26 3908192 ----a-w- c:\programme\TECHNO4EVER\tbTEC0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33b974a8-e892-4f5f-bd17-f7b0331843d5}"= "c:\programme\TECHNO4EVER\tbTEC0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{33b974a8-e892-4f5f-bd17-f7b0331843d5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33B974A8-E892-4F5F-BD17-F7B0331843D5}"= "c:\programme\TECHNO4EVER\tbTEC0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{33b974a8-e892-4f5f-bd17-f7b0331843d5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\programme\Logitech\Profiler\lwemon.exe" [2006-07-05 60416]
"Steam"="f:\spiele\steam\steam.exe" [2010-11-17 1242448]
"ICQ"="c:\programme\ICQ7.2\ICQ.exe" [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\programme\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-13 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-13 13917800]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"avp"="c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 311680]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\*\Startmen\Programme\Autostart\
Cain.lnk - c:\programme\Cain\Cain.exe [2010-12-12 1259008]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= f:\bilder\HB\mandolux-stinkerdeux-l-2560.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= f:\bilder\HB\mandolux-stinkerdeux-r-2560.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Spiele\\CounterStrike 1.6\\hl.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"f:\\Spiele\\Steam\\Steam.exe"=
"c:\\Dokumente und Einstellungen\\*\\Eigene Dateien\\Downloads\\teamspeak3-server_win32-3.0.0-beta27\\teamspeak3-server_win32\\ts3server_win32.exe"=
"f:\\Spiele\\BF2\\BF2.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Programme\\Vogel Verlag\\Fahren Lernen\\Vogel.FahrenLernenMax.exe"=
"f:\\Spiele\\Runes of Magic\\Client.exe"=
"f:\\Spiele\\CSS\\hl2.exe"=
"f:\\Spiele\\WoW - Blizz\\WoW (3.3.5a @Exilium)\\Launcher.exe"=
"f:\\Spiele\\WoW - Blizz\\WoW (3.3.5a @Exilium)\\BackgroundDownloader.exe"=
"f:\\Spiele\\WoW - Blizz\\WoW (3.3.5a @Exilium)\\WoW-3.3.5.12340-x86-Win-deDE-BKGND-downloader.exe"=
"f:\\Spiele\\Steam\\SteamApps\\*\\dedicated server\\hlds.exe"=
"f:\\Spiele\\CSS\\srcds.exe"=
"f:\\Spiele\\Steam\\SteamApps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Spiele\\Steam\\SteamApps\\*\\source sdk base 2007\\hl2.exe"=
"f:\\Spiele\\Steam\\SteamApps\\*\\counter-strike source\\hl2.exe"=
"f:\\Spiele\\World of Warcraft Cataclysm 4.0.1\\Launcher.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Cain\\Cain.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 19:41 33808]
R2 BCUService;Browser Configuration Utility Service;c:\programme\DeviceVM\Browser Configuration Utility\BCUService.exe [05.08.2010 21:01 219360]
R2 ES lite Service;ES lite Service for program management.;c:\programme\Gigabyte\EasySaver\essvr.exe [05.08.2010 21:00 68136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [06.12.2010 08:31 1238408]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [06.08.2010 17:36 246520]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 16:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 19:59 19472]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [25.09.2009 15:57 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [25.09.2009 15:57 138240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [05.08.2010 21:48 58600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.08.2010 21:01 1684736]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\*\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programme\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\dokumente und einstellungen\*\Anwendungsdaten\Mozilla\Firefox\Profiles\4ybdyth3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: TECHNO4EVER Community Toolbar: {33b974a8-e892-4f5f-bd17-f7b0331843d5} - %profile%\extensions\{33b974a8-e892-4f5f-bd17-f7b0331843d5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-NVIDIA nView Desktop Manager - c:\programme\NVIDIA Corporation\nView\nViewSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-13 21:13
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1214440339-1708537768-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,42,ef,4d,fd,2c,37,04,f2,fb,95,f7,f7,90,81,af,78,86,05,89,28,20,98,
40,65,e2,4c,77,fe,1a,1d,f2,ae,40,06,91,10,53,b4,81,a2,ea,66,9f,c9,5e,dd,ed,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(2472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-13 21:15:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-12-13 20:15
Vor Suchlauf: 7 Verzeichnis(se), 308.298.285.056 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 311.214.088.192 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 9D000023379CC6AF7DAA2AA275E240A1
|
|
13.12.2010, 21:34
| #6 |
| /// Malware-holic | Bluescreen, plötzlicher Absturz
__________________ --> Bluescreen, plötzlicher Absturz |
|
16.12.2010, 17:38
| #7 |
| | Bluescreen, plötzlicher Absturz Zudem stürzt überigens in letzter Zeit auf Seiten wie YouTube oder Browergames mein FlashPlayer ab. GMER: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-16 17:24:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T1L0-26 SAMSUNG_HD103SJ rev.1AJ10001
Running: 3sf34ubw.exe; Driver: C:\DOKUME~1\Kevin\LOKALE~1\Temp\uwtiauow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAF8E136E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAF8E1A86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAF8E260C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAF8E2B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAF8E1D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAF8E0460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAF8E2A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAF8DFD0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAF8E28D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAF8E1102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAF8E2C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAF8E440E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAF8E1886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAF8E2976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAF8E0A20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAF8E0CF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAF8E221C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAF8E4980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAF8E0E3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAF8E0EE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAF8E2016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAF8E3EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAF8E043C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAF8E044E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAF8E1030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAF8E2BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAF8E1B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAF8E0604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAF8E2AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAF8E156E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAF8E4438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAF8E2D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAF8E1492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAF8E0F8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAF8E0BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAF8E08BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAF8E4128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAF8E0B34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAF8E00C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAF8E309E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAF8E2F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAF8E3C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAF8E0224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAF8E4860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAF8DFEC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAF8E2312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAF8E1984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAF8E35F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAF8E3FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAF8E44C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAF8E0744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAF8E45A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAF8E46D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAF8E3DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAF8E16EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAF8E163C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAF8E17C8]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AF8D6424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AF8D67DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [02, 11, 8E, AF, 72, 2C, 8E, ...] {ADD DL, [ECX]; MOV GS, [EDI-0x5071d38e]; PUSH CS; INC ESP; MOV GS, [EDI-0x5071e77a]}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [A6, 3E, 8E, AF, 3C, 04, 8E, ...] {CMPSB ; MOV GS, DS:[EDI-0x5071fbc4]; DEC ESI; ADD AL, 0x8e; SCASD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [34, 0B, 8E, AF, C2, 00, 8E, ...] {XOR AL, 0xb; MOV GS, [EDI-0x5071ff3e]; SAHF ; XOR [ESI-0x71d09b51], CL; SCASD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [A6, 45, 8E, AF, D2, 46, 8E, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes JMP 3CAF8E16
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB29313A0, 0x59EA65, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\plugin-container.exe[724] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[3888] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B78FCD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B78FCD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Bluescreen, plötzlicher Absturz |
| absturz, absturz ohne grund, auslastung, avp, avp.exe, bho, bluescreen, browser, converter, desktop, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, kaspersky, logfile, mozilla, mp3, object, plug-in, problem, prozess sofort beenden, software, system, tastatur, usb, usb 3.0, windows, windows xp |
Linear-Darstellung
