Malware Bytes
Hallo,
Ich teste seit kurzem die Vollversion von Malwarebytes Anti Malware, ich habe den Aktiv Schutz eingeschaltet.
Nun Sagt der mir Ständig das gefährliche Seiten Aufrufe geblockt wurden, und gibt mir eine Nummer an z.b 122.133.222 oder so änlich.
Jetzt habe ich Angst das ich mir was Schlimmes eingefangen habe.
Eine andere Frage habe ich auch noch, ich bin bei Hotmail, wie kann man sich vor gefährliche Email (Schäuble Email :) ) Schützen ?
Gibt es empfehlenswerte Programme dafür ?
defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:00 on 08/07/2011 (Haziran)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
OTL.txt
OTL EXTRAS Logfile: Code:
OTL logfile created on: 08.07.2011 16:07:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Haziran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,49 Mb Total Physical Memory | 554,02 Mb Available Physical Memory | 54,13% Memory free
2,40 Gb Paging File | 2,04 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 88,81 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
Computer Name: YOUR-IJA9DHES9N | User Name: Haziran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.07.08 16:05:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Haziran\Desktop\OTL.exe
PRC - [2011.06.28 19:01:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
PRC - [2011.06.06 17:16:20 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.30 08:46:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.11.13 16:34:36 | 000,073,728 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe
========== Modules (SafeList) ==========
MOD - [2011.07.08 16:05:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Haziran\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.06.28 19:01:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.30 08:46:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010.11.11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010.11.11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.11.11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
[/PHP]
Extras.txt
[PHP]OTL Extras logfile created on: 08.07.2011 16:07:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Haziran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,49 Mb Total Physical Memory | 554,02 Mb Available Physical Memory | 54,13% Memory free
2,40 Gb Paging File | 2,04 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 88,81 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
Computer Name: YOUR-IJA9DHES9N | User Name: Haziran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Meine Installierten Programme\Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Meine Installierten Programme\Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Meine Installierten Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Meine Installierten Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Meine Installierten Programme\Office 2010\Office14\ONENOTE.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Meine Installierten Programme\Office 2010\Office14\OUTLOOK.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA nForce Treiber für Windows 2000/XP
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SSUtils" = NVIDIA nForce Utilities
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- ---
Gmer.txt Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-08 19:53:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120020A rev.3.30
Running: io8rs3rh.exe; Driver: C:\DOKUME~1\Haziran\LOKALE~1\Temp\pxrdyfob.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0xA6 0xCD 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0xA6 0xCD 0xF6 ...
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EC1A
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EC8B
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EDB9
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 16, 00]
.text C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7CD9392]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6F61360, 0x24BB1D, 0xE8000020]
---- System - GMER 1.0.15 ----
SSDT F7EF4114 ZwClose
SSDT F7EF40CE ZwCreateKey
SSDT F7EF411E ZwCreateSection
SSDT F7EF40C4 ZwCreateThread
SSDT F7EF40D3 ZwDeleteKey
SSDT F7EF40DD ZwDeleteValueKey
SSDT F7EF410F ZwDuplicateObject
SSDT F7EF40E2 ZwLoadKey
SSDT F7EF40B0 ZwOpenProcess
SSDT F7EF40B5 ZwOpenThread
SSDT F7EF40EC ZwReplaceKey
SSDT F7EF40E7 ZwRestoreKey
SSDT F7EF4123 ZwSetContextThread
SSDT F7EF40D8 ZwSetValueKey
SSDT F7EF40BF ZwTerminateProcess
---- EOF - GMER 1.0.15 ----
Vielen dank im voraus für eure Hilfe. |
