| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet keine Links / Log gepostetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2008, 10:15
| #1 |
 |  Google öffnet keine Links / Log gepostet Ich habe das Problem wie andere hier auch, dass wenn ich einen Link nach einer Google Suche anklicke er mich auf bediddle oder andere Werbeseiten umleitet. Ich kenne mich nicht sonderlich aus, habe aber hier gelesen das man das HijackThis Programm runterladen soll und sein Log posten soll. Links lassen sich von diesem Biard hier z.b. nur noch mit Internet Explorer und nicht mit Mozilla öffnen ... Kann mir jemand " in Laiensprache " helfen ? Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:15, on 10.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\winampa.exe C:\USBStorage\USBDetector.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\drivers\svchost.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Alice\signup\AliceCnn.exe C:\Programme\Mozilla Firefox\firefox.exe c:\programme\antivir personaledition classic\avcenter.exe C:\Programme\AntiVir PersonalEdition Classic\avscan.exe C:\PROGRA~1\FlashGet\flashget.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- End of file - 12515 bytes Geändert von The Sandman (10.09.2008 um 10:53 Uhr) |
|
10.09.2008, 14:20
| #2 |
| /// TB-Ausbilder     | Google öffnet keine Links / Log gepostet Hi,
__________________arbeite bitte die Anleitung zu Malwarebytes ab und lasse alle Funde löschen. Poste den Bericht anschließend hier. lg myrtille
__________________ |
|
10.09.2008, 14:46
| #3 |
| | Google öffnet keine Links / Log gepostet Malwarebytes' Anti-Malware 1.28
__________________Datenbank Version: 1136 Windows 5.1.2600 Service Pack 2 10.09.2008 15:40:57 mbam-log-2008-09-10 (15-40-57).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|H:\|) Durchsuchte Objekte: 193361 Laufzeit: 2 hour(s), 5 minute(s), 5 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 9 Infizierte Speicherprozesse: C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. |
|
10.09.2008, 14:48
| #4 |
| /// TB-Ausbilder | Google öffnet keine Links / Log gepostet Hi, starte deinen Rechner bitte neu und erstelle anschließend ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
10.09.2008, 15:13
| #5 |
| | Google öffnet keine Links / Log gepostet log Teil 1 Code:
ATTFilter Logfile of random's system information tool (written by random/random) Run by XXX at 2008-09-10 16:00:57 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 19 GB (25%) free of 76 GB Total RAM: 2047 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:01:02, on 10.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\winampa.exe C:\USBStorage\USBDetector.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\hphmon04.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Alice\Signup\AliceCnn.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\XXX\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\XXX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- End of file - 12320 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\PROGRA~1\FlashGet\jccatch.dll [2007-06-28 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}] Skype Control Class - C:\WINDOWS\system32\SkypeComm.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Programme\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - T1 - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll [2005-10-11 988672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=C:\Programme\Winamp\winampa.exe [2004-12-20 33792] "USBDetector"=C:\USBStorage\USBDetector.exe [2003-04-01 53248] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2006-11-23 180269] "SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720] "nwiz"=C:\WINDOWS\system32\nwiz.exe [2005-07-08 1519616] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656] "nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240] "HPHUPD04"=C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152] "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416] "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592] "avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [] "updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472] "LightScribe Control Panel"=C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\PROGRA~1\FlashGet\flashget.exe [2007-07-23 1994800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Programme\ICQ6\ICQ.exe [2008-05-18 172280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Programme\Java\jre1.5.0_05\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\g3torrent\g3torrent.exe"="C:\Programme\g3torrent\g3torrent.exe:*:Enabled:g3torrent" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe"="C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe:*:Enabled:Mediator" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe:*:Enabled:TM Engine" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe:*:Enabled:LEXAPI server" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe:*:Enabled:Text processing" "C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word" "C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint" "C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe"="C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe:*:Enabled:SynacastPE" "C:\Programme\PPLive\PPLive.exe"="C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast" "C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel" "C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component" "C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver" "C:\Programme\MaxTV Online\maxtv.exe"="C:\Programme\MaxTV Online\maxtv.exe:*:Enabled:maxtv" "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\AutoRun\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b097d30c-4caf-11dc-8b29-00040e3dc4b5}] shell\AutoRun\command - H:\wd_windows_tools\setup.exe |
|
10.09.2008, 15:14
| #6 |
| | Google öffnet keine Links / Log gepostet log Teil 2 Code:
ATTFilter List of files/folders created in the last three months 2008-09-10 16:00:57 ----D---- C:\rsit 2008-09-10 13:32:48 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes 2008-09-10 13:32:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2008-09-10 13:32:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-10 11:45:28 ----D---- C:\Programme\Trend Micro 2008-09-09 21:16:21 ----A---- C:\WINDOWS\system32\tdsspopup.dll 2008-08-20 01:31:43 ----D---- C:\Programme\Free M4a to MP3 Converter 2008-07-22 13:48:49 ----A---- C:\WINDOWS\NeroDigital.ini 2008-07-21 17:57:02 ----D---- C:\Programme\Gemeinsame Dateien\SureThing Shared 2008-07-21 17:56:57 ----D---- C:\Programme\SureThing CD Labeler 5 2008-07-21 17:43:07 ----D---- C:\Programme\LightScribe 2008-07-21 15:11:06 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Nero 2008-07-21 15:10:45 ----A---- C:\WINDOWS\system32\MsiExec.exe.log 2008-07-21 15:09:11 ----D---- C:\Programme\Nero 2008-07-21 15:09:11 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2008-07-21 15:09:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-07-21 12:27:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe 2008-07-21 12:23:33 ----D---- C:\Programme\Gemeinsame Dateien\LightScribe 2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ulead Systems 2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems 2008-07-19 21:01:04 ----D---- C:\WINDOWS\Noslip 2008-07-10 14:42:10 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Teleca 2008-07-10 14:40:29 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sony Ericsson 2008-07-10 14:40:18 ----D---- C:\Programme\Gemeinsame Dateien\Sony Ericsson Shared 2008-07-10 14:40:16 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared 2008-07-10 14:40:15 ----D---- C:\Programme\Sony Ericsson 2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca 2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson 2008-07-10 14:33:29 ----D---- C:\Programme\Sony 2008-07-08 23:35:09 ----D---- C:\Programme\Allok Video to 3GP Converter 2008-07-08 23:35:09 ----A---- C:\WINDOWS\system32\AVEQ.dll 2008-07-04 13:24:14 ----D---- C:\Programme\ICQ6Toolbar 2008-07-04 13:24:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ 2008-07-04 13:20:14 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ 2008-07-04 13:19:43 ----D---- C:\Programme\ICQ6 2008-06-24 21:02:33 ----D---- C:\Programme\Audiograbber 2008-06-24 16:06:56 ----A---- C:\WINDOWS\UNNeroMediaHome.exe List of drivers R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys [] R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-11-05 82380] R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-05-25 5632] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys [] R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582] R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 AVMUNET;AVM FRITZ! Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-03-11 16384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-26 47360] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 275200] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 DIGIRPS;Digi PortServer-Treiber; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-18 42880] S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360] S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276] S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 dtscsi;dtscsi; C:\WINDOWS\system32\System32\Drivers\dtscsi.sys [] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 huadio;huadio; \??\c:\huadio.tmp [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys [] S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys [] S3 pfsvgae;pfsvgae; \??\C:\DOKUME~1\DOMINI~1\LOKALE~1\Temp\pfsvgae.sys [] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfnth.sys [] S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfntr.sys [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WMIBIOS;%WMIBIOS.ServiceName%; C:\WINDOWS\System32\Drivers\wmibios.sys [2002-10-15 18272] S3 WMIINFO;WMIINFO Driver; C:\WINDOWS\System32\Drivers\wmiinfo.sys [2002-05-13 21184] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] List of services R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761] R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653] R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313] R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-30 66872] R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-19 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-23 654848] S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824] S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704] S3 stllssvr;stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [2007-06-14 74656] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- |
|
10.09.2008, 15:15
| #7 |
| | Google öffnet keine Links / Log gepostet info Code:
ATTFilter info.txt logfile of random's system information tool 2008-09-10 16:01:04
Uninstall list
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace DivX Player-->"C:\Programme\GustoSoft\Ace DivX Player\Uninstall.exe"
Adobe Acrobat 7.0.9 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 6.0.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AFPL Ghostscript 8.51-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.51\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Alice-Installationsdateien entfernen-->C:\Programme\Gemeinsame Dateien\Alice\uninst.exe
Allok Video to 3GP Converter 2.7.2-->"C:\Programme\Allok Video to 3GP Converter\unins000.exe"
Amadis AVI/DIVX/WMV/MPEG/MOV/SWF/FLV/MKV/RM/RMVB Video Converte-->"C:\Programme\Amadis Software\Amadis Video Converter\unins000.exe"
AOL Meine Fotos Bildschirmschoner-->C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe
Apex AVI Converter 6.27-->"C:\Programme\Apex\Apex AVI Converter\unins000.exe"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"
AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BioShock Demo-->C:\Programme\InstallShield Installation Information\{36BBA884-C697-48B6-B496-5F329215E249}\setup.exe -runfromtemp -l0x0007 -removeonly
BlackSite: Area 51-->C:\Programme\InstallShield Installation Information\{8236D2E9-2528-4C5C-ABA3-E0B8B657A297}\Setup.exe -runfromtemp -l0x0007 -removeonly
CDRWIN 6.1-->MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
CloneDVD 4.1.0.23-->"C:\Programme\CloneDVD\unins000.exe"
Combined Community Codec Pack 2007-07-22-->"C:\Programme\Combined Community Codec Pack\unins000.exe"
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Disc2Phone-->MsiExec.exe /X{925936AC-9C9A-4897-874B-60961AAB6D52}
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVDFab Platinum 4.0.5.5 Ghosthunter release-->"C:\Programme\DVDFab Platinum 4\unins000.exe"
DVD-lab PRO 2.0-->"C:\Programme\DVDlabPro2\unins000.exe"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EuroPoker (remove only)-->"C:\Programme\EuroPoker\uninstall.exe"
FEAR-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
FFdshow [2006-08-21 | rev 2546]-->"C:\Programme\ffdshow\unins000.exe"
FIFA 08 Demo-->MsiExec.exe /X{7D1928D2-26FA-45FA-A4DD-A876D7293818}
Firebird SQL Server (D)-->C:\MAGIX\Common\Database\uninstall.exe
FlashGet 1.9.2.1028-->C:\Programme\FlashGet\uninst.exe
FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"
Free M4a to MP3 Converter 6.0-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
HP Speicher-Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageConverter Plus 7.1-->"C:\Programme\ImageConverter Plus\unins000.exe"
ImageConverter-->"C:\Programme\TotalImageConverter\unins000.exe"
IsoBuster 1.7-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jetAudio Basic VX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 2.49 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Langenscheidt T1 6.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}\Setup.exe" -l0x7 UNINSTALL
Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
LightScribe Applications-->MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LimeWire 4.12.11-->"C:\Programme\LimeWire\uninstall.exe"
MAGIX Foto Manager-->C:\MAGIX\Foto_Manager\instslct.exe
MAGIX Media Manager 2004 silver-->C:\MAGIX\Media_Manager_2004\instslct.exe
MAGIX mp3 maker centurion-->C:\MAGIX\mp3_maker_centurion\instslct.exe
MAGIX Music Manager-->C:\MAGIX\Music_Manager\instslct.exe
MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MasterSplitter Program-->C:\Program Files\MasterSplitter\uninstal.exe
MaxTV Online-->"C:\WINDOWS\MaxTV Online\uninstall.exe" "/U:C:\Programme\MaxTV Online\Uninstall\uninstall.xml"
Medal of Honor Airborne Demo-->MsiExec.exe /X{25F28E36-FDBB-11DB-8314-0800200C9A66}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM-->C:\Programme\Miranda IM\uninstall.exe
MKV TO AVI CONVERTER version 3.1-->"C:\Programme\MKVTOAVI\unins000.exe"
Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewLive All Media To Mp3 Converter 5.3-->"C:\Programme\NewLive All Media To Mp3 Converter\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031
Opera-->C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
PartyPokerNet-->"C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pdf995-->C:\Programme\pdf995\setup.exe uninstall
Photosmart 130,230,7150,7345,7350,7550 (nur entfernen)-->C:\Programme\HP Photosmart 11\Printer\hphuni04.exe
PokerStars.net-->C:\Programme\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PPLive 1.2.35-->C:\Programme\PPLive\uninst.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.45-->"C:\Programme\Real Alternative\unins000.exe"
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7 -removeonly
Satellite TV for PC Elite 4.8.8.0 -->C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
SopCast 0.9.8-->C:\Programme\SopCast\uninst.exe
SureThing CD Labeler LightScribe 5.0.581.0-->"C:\Programme\SureThing CD Labeler 5\unins000.exe"
SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Programme\SWiSH Max2\uninstal.log
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TubeBox!-->MsiExec.exe /I{FD637CD9-B3F7-4F3C-BF07-5991A82FE2CC}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.3.2-->C:\Programme\TVUPlayer\uninst.exe
Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ultra DVD Creator 1.7.9-->"C:\Programme\Ultra DVD Creator\unins000.exe"
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
USB Storage Driver-->DelUIDrv.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.5-->C:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vodei Multimedia Processor 2.00-->C:\Programme\Vodei\uninst.exe
Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Junglebook Compatiblity Fix-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{659660d0-edb3-4afb-be92-7ea22a0cae65}.sdb"
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x7 -removeonly
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
x264 Revision 567 x264.nl (remove only)-->"C:\Programme\x264\x264-uninstall.exe"
XVid;-)-->C:\Programme\XVid;-)\Uninstall.exe
YouTube FLV to AVI easy converter 2.1.3-->"C:\Programme\Easiestutils\YouTube FLV to AVI easy converter\unins000.exe"
Security center information
AV: AntiVir PersonalEdition Classic Virenschutz (disabled)
AV: AntiVir PersonalEdition Classic Virenschutz (disabled)
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz (disabled)
AV: Avira AntiVir PersonalEdition
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz (disabled)
FW: NVIDIA Firewall (disabled)
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ImageConverter Plus;;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Gemeinsame Dateien\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"MAYA_SCRIPT_PATH"=
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
10.09.2008, 15:26
| #8 |
| /// TB-Ausbilder | Google öffnet keine Links / Log gepostet Hi, mache bitte folgendes: Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:
Code:
ATTFilter drivers to disable:
TDSSserv.sys
drivers to delete:
tdssserv.sys
Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys
Wie gehts dem Rechner? lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
10.09.2008, 15:36
| #9 |
| | Google öffnet keine Links / Log gepostetCode:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open driver "TDSSserv.sys"
Disablement of driver "TDSSserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv.sys" not found!
Deletion of driver "tdssserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
|
10.09.2008, 15:44
| #10 |
| /// TB-Ausbilder | Google öffnet keine Links / Log gepostet Hi, das sieht soweit eigentlich alles ganz gut aus.  Wie gehts deinem Rechner? Erstell bitte nochmal ein neues Log mit RSIT (log.txt sollte ausreichen.) lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
10.09.2008, 15:48
| #11 |
| | Google öffnet keine Links / Log gepostet log Teil1 Code:
ATTFilter Logfile of random's system information tool (written by random/random) Run by XXX at 2008-09-10 16:44:54 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 19 GB (25%) free of 76 GB Total RAM: 2047 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:59, on 10.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Winamp\winampa.exe C:\USBStorage\USBDetector.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Alice\Signup\AliceCnn.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\XXX\Eigene Dateien\VIREN\RSIT.exe C:\Programme\Trend Micro\HijackThis\XXX.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1 O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- End of file - 12366 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\PROGRA~1\FlashGet\jccatch.dll [2007-06-28 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}] Skype Control Class - C:\WINDOWS\system32\SkypeComm.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Programme\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - T1 - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll [2005-10-11 988672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"=C:\Programme\Winamp\winampa.exe [2004-12-20 33792] "USBDetector"=C:\USBStorage\USBDetector.exe [2003-04-01 53248] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2006-11-23 180269] "SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720] "nwiz"=C:\WINDOWS\system32\nwiz.exe [2005-07-08 1519616] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656] "nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240] "HPHUPD04"=C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152] "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416] "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592] "avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [] "updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472] "LightScribe Control Panel"=C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] C:\PROGRA~1\FlashGet\flashget.exe [2007-07-23 1994800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Programme\ICQ6\ICQ.exe [2008-08-24 173304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Programme\Java\jre1.5.0_05\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\g3torrent\g3torrent.exe"="C:\Programme\g3torrent\g3torrent.exe:*:Enabled:g3torrent" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe"="C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe:*:Enabled:Mediator" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe:*:Enabled:TM Engine" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe:*:Enabled:LEXAPI server" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone" "C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe:*:Enabled:Text processing" "C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word" "C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint" "C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe"="C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe:*:Enabled:SynacastPE" "C:\Programme\PPLive\PPLive.exe"="C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive" "C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast" "C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel" "C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component" "C:\Dokumente und Einstellungen\Dominik Rudloff\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\Dominik Rudloff\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver" "C:\Programme\MaxTV Online\maxtv.exe"="C:\Programme\MaxTV Online\maxtv.exe:*:Enabled:maxtv" "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\AutoRun\AutoRun.exe |
|
10.09.2008, 15:50
| #12 |
| | Google öffnet keine Links / Log gepostet log Teil2 Code:
ATTFilter List of files/folders created in the last three months 2008-09-10 16:33:39 ----D---- C:\Avenger 2008-09-10 16:33:39 ----A---- C:\avenger.txt 2008-09-10 16:00:57 ----D---- C:\rsit 2008-09-10 13:32:48 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes 2008-09-10 13:32:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2008-09-10 13:32:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-09-10 11:45:28 ----D---- C:\Programme\Trend Micro 2008-09-09 21:16:21 ----A---- C:\WINDOWS\system32\tdsspopup.dll 2008-08-20 01:31:43 ----D---- C:\Programme\Free M4a to MP3 Converter 2008-07-22 13:48:49 ----A---- C:\WINDOWS\NeroDigital.ini 2008-07-21 17:57:02 ----D---- C:\Programme\Gemeinsame Dateien\SureThing Shared 2008-07-21 17:56:57 ----D---- C:\Programme\SureThing CD Labeler 5 2008-07-21 17:43:07 ----D---- C:\Programme\LightScribe 2008-07-21 15:11:06 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Nero 2008-07-21 15:10:45 ----A---- C:\WINDOWS\system32\MsiExec.exe.log 2008-07-21 15:09:11 ----D---- C:\Programme\Nero 2008-07-21 15:09:11 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2008-07-21 15:09:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-07-21 12:27:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe 2008-07-21 12:23:33 ----D---- C:\Programme\Gemeinsame Dateien\LightScribe 2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ulead Systems 2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems 2008-07-19 21:01:04 ----D---- C:\WINDOWS\Noslip 2008-07-10 14:42:10 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Teleca 2008-07-10 14:40:29 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sony Ericsson 2008-07-10 14:40:18 ----D---- C:\Programme\Gemeinsame Dateien\Sony Ericsson Shared 2008-07-10 14:40:16 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared 2008-07-10 14:40:15 ----D---- C:\Programme\Sony Ericsson 2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca 2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson 2008-07-10 14:33:29 ----D---- C:\Programme\Sony 2008-07-08 23:35:09 ----D---- C:\Programme\Allok Video to 3GP Converter 2008-07-08 23:35:09 ----A---- C:\WINDOWS\system32\AVEQ.dll 2008-07-04 13:24:14 ----D---- C:\Programme\ICQ6Toolbar 2008-07-04 13:24:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ 2008-07-04 13:20:14 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ 2008-07-04 13:19:43 ----D---- C:\Programme\ICQ6 2008-06-24 21:02:33 ----D---- C:\Programme\Audiograbber 2008-06-24 16:06:56 ----A---- C:\WINDOWS\UNNeroMediaHome.exe List of drivers R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys [] R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-11-05 82380] R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-05-25 5632] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys [] R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582] R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 AVMUNET;AVM FRITZ! Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-03-11 16384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-26 47360] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 275200] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 DIGIRPS;Digi PortServer-Treiber; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-18 42880] S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360] S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276] S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 dtscsi;dtscsi; C:\WINDOWS\system32\System32\Drivers\dtscsi.sys [] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 huadio;huadio; \??\c:\huadio.tmp [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys [] S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys [] S3 pfsvgae;pfsvgae; \??\C:\DOKUME~1\DOMINI~1\LOKALE~1\Temp\pfsvgae.sys [] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfnth.sys [] S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfntr.sys [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WMIBIOS;%WMIBIOS.ServiceName%; C:\WINDOWS\System32\Drivers\wmibios.sys [2002-10-15 18272] S3 WMIINFO;WMIINFO Driver; C:\WINDOWS\System32\Drivers\wmiinfo.sys [2002-05-13 21184] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] List of services R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761] R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653] R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313] R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-30 66872] R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-19 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-23 654848] S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824] S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704] S3 stllssvr;stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [2007-06-14 74656] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- Meinem Rechner geht es wieder bestens ! 1000 Dank an dich !:aplaus: |
|
10.09.2008, 15:54
| #13 |
| /// TB-Ausbilder | Google öffnet keine Links / Log gepostet Hi, da sind noch reste zu sehen. Die müssen noch weg. Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:
Code:
ATTFilter files to delete:
C:\WINDOWS\system32\tdsspopup.dll
Sowie einige Scans auf Dateien, Prozesse und Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
RootkitRevealer scannen lassen
lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
10.09.2008, 17:51
| #14 |
| | Google öffnet keine Links / Log gepostet avenger Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\tdsspopup.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
gmer Code:
ATTFilter GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-10 17:20:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xBA6A2028] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xBA6A1FE0] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xBA695B00] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xBA6965DC] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xBA6A2120] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xBA695B40] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xBA6A1FA4] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xBA6965FC] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xBA6A2076] <-- ROOTKIT !!!
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xBA6A1550] <-- ROOTKIT !!!
SSDT sptd.sys ZwSetValueKey [0xBA6DA0EC]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\SPTD8813.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D6642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6F8056] sptd.sys
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 89E46788
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
Device \FileSystem\Fastfat \FatCdrom 89C484B0
Device \FileSystem\Fastfat \FatCdrom 89A24338
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2D02913-8E35-4FB1-BE5B-1D6CBAD095EF} 89C0DE48
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E20350
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E20350
Device \Driver\Cdrom \Device\CdRom0 89AD3248
Device \FileSystem\Rdbss \Device\FsWrap 89A800E8
Device \FileSystem\Rdbss \Device\FsWrap 89CF0150
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E20350
Device \Driver\Cdrom \Device\CdRom2 89AD3248
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E20350
Device \Driver\USBSTOR \Device\00000074 89BA6278
Device \Driver\Ftdisk \Device\HarddiskVolume5 89E20350
Device \Driver\Cdrom \Device\CdRom3 89AD3248
Device \Driver\nvatabus \Device\00000068 89AD0658
Device \Driver\USBSTOR \Device\00000076 89BA6278
Device \Driver\NetBT \Device\NetBt_Wins_Export 89C0DE48
Device \Driver\USBSTOR \Device\00000077 89BA6278
Device \Driver\USBSTOR \Device\00000079 89BA6278
Device \Driver\NetBT \Device\NetbiosSmb 89C0DE48
Device \FileSystem\Srv \Device\LanmanServer 890DC238
Device \Driver\Disk \Device\Harddisk0\DR0 89E469C0
Device \Driver\NetBT \Device\NetBT_Tcpip_{655FFFE1-939D-4AF3-A824-81F81B05B9CD} 89C0DE48
Device \Driver\nvatabus \Device\0000006a 89AD0658
Device \Driver\Disk \Device\Harddisk1\DR1 89E469C0
Device \Driver\nvatabus \Device\0000006b 89AD0658
Device \Driver\Disk \Device\Harddisk2\DR6 89E469C0
Device \Driver\nvatabus \Device\NvAta0 89AD0658
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890CE0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C3BC40
Device \Driver\nvatabus \Device\NvAta1 89AD0658
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890CE0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C3BC40
Device \Driver\nvatabus \Device\NvAta2 89AD0658
Device \FileSystem\Npfs \Device\NamedPipe 89AE02D0
Device \FileSystem\Npfs \Device\NamedPipe 89C43FB0
Device \Driver\Ftdisk \Device\FtControl 89E20350
Device \FileSystem\Msfs \Device\Mailslot 89AE5B08
Device \FileSystem\Msfs \Device\Mailslot 89B923D0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target1Lun0 8957F690
Device \Driver\a347scsi \Device\Scsi\a347scsi1 8957F690
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 8957F690
Device \FileSystem\Fastfat \Fat 89C484B0
Device \FileSystem\Fastfat \Fat 89A24338
AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89BE3928
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89BE3928
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89BE3928
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89BE3928
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89BE3928
Device \FileSystem\Cdfs \Cdfs 89AE50E8
Device \FileSystem\Cdfs \Cdfs 89BAA5A0
---- Services - GMER 1.0.14 ----
Service system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@000a28aaedf7 0xF3 0x2A 0x22 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@001247160873 0xA7 0x6C 0x76 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@001df61070bd 0xE7 0xCA 0x98 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1322431882
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 821245233
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1571437667
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x7C 0xBB 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@000a28aaedf7 0xF3 0x2A 0x22 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@001247160873 0xA7 0x6C 0x76 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@001df61070bd 0xE7 0xCA 0x98 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x7C 0xBB 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
---- EOF - GMER 1.0.14 ----
Den Rootkit Revealer habe ich installiert und 1,5h scannen lassen und er zeigte dann nur noch links unten " cleaning up " an un es tat sich nichts mehr ... ??? |
|
10.09.2008, 17:59
| #15 |
| /// TB-Ausbilder | Google öffnet keine Links / Log gepostet Hi, da ist RootkitRevealer wohl irgendwo hängen geblieben. Das GMER log sieht allerdings gut aus. Hast du noch Probleme? lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
| Themen zu Google öffnet keine Links / Log gepostet |
| adobe, antivir, avira, bho, bonjour, computer, drivers, excel, explorer, firefox, google, helfen, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, konvertieren, magix, mozilla, nvidia, pdf-datei, problem, programm, rundll, software, system, urlsearchhook, windows, windows xp, windows\system32\drivers, öffnet |
Linear-Darstellung
