| |
| |||||||
Log-Analyse und Auswertung: Google Links (und andere) führen zu Werbung + Partition unformatiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.08.2009, 10:07
| #1 |
 |  Google Links (und andere) führen zu Werbung + Partition unformatiert Hallo, habe seit ein paar Tagen das Problem, dass Google Links bei mir desöfteren zu Werbung führen und nicht zu der angegebenen Seite. Außerdem führen auch noch andere Links von allen möglichen Seiten zu "windowsclick.com" welches sich dann zur Google-Startseite umwandelt. Habe diesen Thread gesehen und würde gern wissen, ob ich auch ein Rootkit hab und die Maßnahmen durchführen soll oder ob es bei mir an etwas anderem liegt. Ein anderes Problem ist, dass meine Partition E: plötzlich als unformatiert angezeigt wird. Ist die Festplatte kaputt oder kanns sein, dass ein Virus schuld daran ist? Außerdem konnte ich Malwarebytes Antimalware und Spybot nicht direkt ausführen, sondern musste erst eine Kopie der .exe machen und diese dann starten. Keine Ahnung, ob das was zu sagen hat, aber ich fands komisch. Hier mein HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 10:59:30, on 27.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\LClock\LClock.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe D:\Progs\ICQ Away Reader\ICQ Away Reader.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\wuauclt.exe D:\Progs\ICQ6.5\ICQ.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Windows Live\Contacts\wlcomm.exe D:\Progs\Opera\opera.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre6\bin\java.exe C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe D:\Progs\HiJackThis\HijackThis.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://192.168.2.1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Progs\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Progs\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Progs\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LanguageShortcut] D:\Progs\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [XboxStat] "C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Startup: ICQ Away Reader.lnk = D:\Progs\ICQ Away Reader\ICQ Away Reader.exe O8 - Extra context menu item: &Alles mit FlashGet laden - D:\Progs\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - D:\Progs\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161598910476 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing) O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe Habe AntiVir, Spybot und Malwarebytes schon durchlaufen lassen und alles bereinigt.. hat leider nichts gebracht. |
|
27.08.2009, 10:14
| #2 | |
  | Google Links (und andere) führen zu Werbung + Partition unformatiert Hi,
__________________das HJ-Log gibt nicht viel her, daher beschleicht mich wieder so ein ungutes Gefühl... Erweitertes Vorgehen: Bitte RSIT und Gmer: RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/) * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. zusätzlich noch MBR-Rootkit Lade den MBR-Rootkitscanner von GMER auf Deine Bootplatte: http://www2.gmer.net/mbr/mbr.exe Merke Dir das Verzeichnis wo Du ihn runtergeladen hast; Start->Ausführen->cmd Wechsle in das Verzeichnis des Downloads und starte durch Eingabe von mbr das Programm... Das Ergebnis sollte so aussehen: Zitat:
poste es im Thread; Was wurde von MAM gelöscht/gefunden? chris
__________________ |
|
27.08.2009, 10:32
| #3 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Hallo, erstmal danke für die schnelle Hilfe..
__________________Dann fang ich mal an: RSIT log.txt Teil 1: Logfile of random's system information tool 1.06 (written by random/random) Run by Patrick at 2009-08-27 11:17:35 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 10 GB (11%) free of 95 GB Total RAM: 2047 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:55, on 27.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\LClock\LClock.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe D:\Progs\ICQ Away Reader\ICQ Away Reader.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\wuauclt.exe D:\Progs\ICQ6.5\ICQ.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Windows Live\Contacts\wlcomm.exe D:\Progs\Opera\opera.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre6\bin\java.exe C:\Dokumente und Einstellungen\Patrick\Desktop\RSIT.exe C:\Programme\trend micro\Patrick.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://192.168.2.1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Progs\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Progs\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Progs\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LanguageShortcut] D:\Progs\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [XboxStat] "C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ICQ Away Reader.lnk = D:\Progs\ICQ Away Reader\ICQ Away Reader.exe O8 - Extra context menu item: &Alles mit FlashGet laden - D:\Progs\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - D:\Progs\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - h**p://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h++p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161598910476 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing) O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- End of file - 9530 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - D:\Progs\FlashGet\jccatch.dll [2007-01-22 69632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - D:\Progs\FlashGet\getflash.dll [2007-01-15 136968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet - D:\Progs\FlashGet\fgiebar.dll [2007-01-15 104200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] "LanguageShortcut"=D:\Progs\PowerDVD\Language\Language.exe [2007-02-07 54832] "LClock"=C:\Programme\LClock\LClock.exe [2004-09-20 65536] ""= [] "Dit"=C:\WINDOWS\Dit.exe [2003-12-30 94208] "CHotkey"=C:\WINDOWS\mHotkey.exe [2004-02-24 508416] "ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816] "XboxStat"=C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-06-29 286720] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2009-01-25 2356088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate] C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-09-21 615696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] C:\WINDOWS\mHotkey.exe [2004-02-24 508416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] D:\Progs\Daemon Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE [2006-07-19 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] D:\Progs\PowerDVD\PDVDServ.exe [2007-02-07 71216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-21 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\Progs\Winamp Pro\winampa.exe [2006-11-21 35328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Microsoft Office Groove Audit Service"=3 C:\Dokumente und Einstellungen\Patrick\Startmenü\Programme\Autostart ICQ Away Reader.lnk - D:\Progs\ICQ Away Reader\ICQ Away Reader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= Geändert von Pat89 (27.08.2009 um 10:41 Uhr) |
|
27.08.2009, 10:36
| #4 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert RSIT log.txt Teil 2: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Progs\ICQ 5.1\ICQLite\ICQLite.exe"="D:\Progs\ICQ 5.1\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "D:\Progs\ICQ 5.1 - Englisch\ICQ Pro7\ICQLite.exe"="D:\Progs\ICQ 5.1 - Englisch\ICQ Pro7\ICQLite.exe:*:Enabled:ICQLite" "D:\Spiele\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe"="C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "D:\Progs\FlashGet\flashget.exe"="D:\Progs\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server" "D:\Progs\PowerDVD\PowerDVD.exe"="D:\Progs\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "D:\Progs\Skype\Phone\Skype.exe"="D:\Progs\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " "D:\Progs\ICQLite 5.1\ICQLite.exe"="D:\Progs\ICQLite 5.1\ICQLite.exe:*:Enabled:ICQ Lite" "D:\Progs\Opera\Opera.exe"="D:\Progs\Opera\Opera.exe:*:Enabled:Opera Internet Browser" "D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe"="D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe:*:Enabled:ICQ Lite" "D:\Progs\ICQ6\ICQ.exe"="D:\Progs\ICQ6\ICQ.exe:*:Enabled:ICQ6" "D:\Spiele\World of Warcraft\WoW-2.4.2-enGB-downloader.exe"="D:\Spiele\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1d784408\Launcher.exe"="C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1d784408\Launcher.exe:*:Enabled:Blizzard Launcher" "D:\Progs\ICQ6.5\ICQ.exe"="D:\Progs\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Progs\Bearshare\BearShare.exe"="D:\Progs\Bearshare\BearShare.exe:*:Disabled:BearShare" "D:\Progs\BitTorrent\bittorrent.exe"="D:\Progs\BitTorrent\bittorrent.exe:*:Disabled:bittorrent" "D:\Progs\Curse\CurseClient.exe"="D:\Progs\Curse\CurseClient.exe:*:Disabled:Curse Client" "D:\Progs\eMule\emule.exe"="D:\Progs\eMule\emule.exe:*:Disabled:eMule" "C:\Programme\Far Cry\Bin32\FarCry.exe"="C:\Programme\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry" "D:\Spiele\Steam\SteamApps\shox_1\counter-strike\hl.exe"="D:\Spiele\Steam\SteamApps\shox_1\counter-strike\hl.exe:*:Disabled:Half-Life Launcher" "C:\Programme\Steam\steamapps\Shox_1\counter-strike\hl.exe"="C:\Programme\Steam\steamapps\Shox_1\counter-strike\hl.exe:*:Disabled:Half-Life Launcher" "C:\Programme\Halo\haloce.exe"="C:\Programme\Halo\haloce.exe:*:Disabled:Halo" "C:\Programme\Steam\steamapps\Shox_1\counter-strike source\hl2.exe"="C:\Programme\Steam\steamapps\Shox_1\counter-strike source\hl2.exe:*:Disabled:hl2" "D:\Spiele\Black and White\runblack.exe"="D:\Spiele\Black and White\runblack.exe:*:Disabled:lh" "C:\Programme\Sony Ericsson\Update Service\ma3platform.exe"="C:\Programme\Sony Ericsson\Update Service\ma3platform.exe:*:Disabled:ma3platform" "D:\Progs\Miranda\Miranda IM\miranda32.exe"="D:\Progs\Miranda\Miranda IM\miranda32.exe:*:Disabled:Miranda IM" "D:\Spiele\Neverwinter Nights II\nwn2main_amdxp.exe"="D:\Spiele\Neverwinter Nights II\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD" "D:\Spiele\Neverwinter Nights II\nwn2main.exe"="D:\Spiele\Neverwinter Nights II\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main" "D:\Spiele\Neverwinter Nights II\nwn2server.exe"="D:\Spiele\Neverwinter Nights II\nwn2server.exe:*:Disabled:Neverwinter Nights 2 Server" "D:\Spiele\Neverwinter Nights II\nwupdate.exe"="D:\Spiele\Neverwinter Nights II\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater" "D:\Spiele\Quake IV\Quake4Ded.exe"="D:\Spiele\Quake IV\Quake4Ded.exe:*:Disabled:Quake 4" "C:\Programme\Bid For Power\Bid For Power\quake3.exe"="C:\Programme\Bid For Power\Bid For Power\quake3.exe:*:Disabled:quake3" "D:\Progs\QIP\qip.exe"="D:\Progs\QIP\qip.exe:*:Disabled:Quiet Internet Pager" "D:\Progs\CryptLoad_1.0.4\RouterClient.exe"="D:\Progs\CryptLoad_1.0.4\RouterClient.exe:*:Disabled:RouterClient" "C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC" "C:\Programme\Titan Quest Immortal Throne\Tqit.exe"="C:\Programme\Titan Quest Immortal Throne\Tqit.exe:*:Disabled:Tqit" "D:\Progs\TVU Player\TVUPlayer.exe"="D:\Progs\TVU Player\TVUPlayer.exe:*:Disabled:TVU Player Component" "D:\Progs\Ventrilo\Ventrilo.exe"="D:\Progs\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf1bcc-76ee-11db-b349-000c76a6ff4e}] shell\AutoRun\command - L:\Launch.exe ======List of files/folders created in the last 1 months====== 2009-08-27 11:17:36 ----D---- C:\Programme\trend micro 2009-08-27 11:17:35 ----D---- C:\rsit 2009-08-26 18:04:51 ----A---- C:\WINDOWS\RCoUn0.exe 2009-08-26 14:16:26 ----A---- C:\WINDOWS\cadkasdeinst01.exe 2009-08-25 20:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-23 17:13:51 ----D---- C:\Prototype 2009-08-23 15:42:26 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Malwarebytes 2009-08-23 15:25:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-23 10:27:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-08-23 10:27:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-08-23 10:27:35 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-08-23 10:27:35 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-08-23 10:27:33 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-08-23 10:27:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-08-23 10:26:21 ----HD---- C:\WINDOWS\msdownld.tmp 2009-08-23 10:11:47 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\DAEMON Tools Pro 2009-08-22 11:52:28 ----A---- C:\WINDOWS\system32\xa.tmp 2009-08-13 00:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 00:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 00:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 00:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 00:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 00:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 00:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 00:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 00:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-10 03:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-08 22:17:19 ----D---- C:\043a37f82b0859dc53769c5432 2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\java.exe 2009-08-02 23:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-08-02 23:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-08-02 23:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ ======List of files/folders modified in the last 1 months====== 2009-08-27 11:17:36 ----RD---- C:\Programme 2009-08-26 19:02:03 ----D---- C:\WINDOWS\Prefetch 2009-08-26 18:49:29 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2009-08-26 18:49:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2009-08-26 18:04:51 ----D---- C:\WINDOWS 2009-08-26 14:39:44 ----D---- C:\WINDOWS\system32 2009-08-26 13:07:51 ----D---- C:\WINDOWS\Temp 2009-08-25 20:25:46 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-25 20:20:03 ----HD---- C:\WINDOWS\inf 2009-08-25 20:20:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-25 20:19:59 ----D---- C:\WINDOWS\system32\drivers 2009-08-25 15:47:08 ----A---- C:\WINDOWS\wininit.ini 2009-08-25 15:14:40 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-25 14:41:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-24 18:13:44 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Spybot - Search & Destroy 2009-08-24 17:51:30 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-24 17:19:22 ----A---- C:\WINDOWS\NeroDigital.ini 2009-08-23 20:44:07 ----D---- C:\WINDOWS\network diagnostic 2009-08-23 10:27:38 ----D---- C:\WINDOWS\system32\DirectX 2009-08-23 09:56:56 ----SHD---- C:\WINDOWS\Installer 2009-08-13 00:20:23 ----A---- C:\WINDOWS\imsins.BAK 2009-08-13 00:19:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-08-13 00:19:00 ----D---- C:\Programme\Outlook Express 2009-08-10 03:12:32 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-09 15:31:06 ----D---- C:\WINDOWS\SxsCaPendDel 2009-08-08 22:33:12 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-08 22:33:09 ----RSD---- C:\WINDOWS\assembly 2009-08-08 22:23:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-08 22:23:10 ----D---- C:\WINDOWS\WinSxS 2009-08-08 22:18:22 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-08 22:18:18 ----D---- C:\WINDOWS\system32\en-us 2009-08-08 22:18:12 ----RSD---- C:\WINDOWS\Fonts 2009-08-07 17:51:44 ----D---- C:\Programme\DivX 2009-08-07 17:51:11 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared 2009-08-05 22:21:20 ----A---- C:\WINDOWS\system.ini 2009-08-05 17:25:04 ----D---- C:\Programme\Java 2009-08-05 10:59:36 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-02 15:15:26 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-04-28 50816] R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys [] R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\D:\Progs\PowerDVD\000.fcl [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-02 271360] R2 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-02-02 18048] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568] R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136] R3 LHidUsbK;SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-07-19 36736] R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-02 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-02 5888] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 UKBFLT;UKBFLT; C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 wbscr;Winbond Smartcard Reader for I/O; C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928] R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792] S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] S3 aj0ilic4;aj0ilic4; C:\WINDOWS\system32\drivers\aj0ilic4.sys [] S3 ajcy51co;ajcy51co; C:\WINDOWS\system32\drivers\ajcy51co.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 cpuz132;cpuz132; \??\C:\DOKUME~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\Progs\Everest\kerneld.wnt [] S3 ggsemc;Sony Ericsson USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-05-24 8704] S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704] S3 PRISM_A00;PRISM 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2004-01-16 380736] S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920] S2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe [] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 StarWindServiceAE;StarWind AE Service; D:\Progs\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] -----------------EOF----------------- Geändert von Pat89 (27.08.2009 um 10:46 Uhr) |
|
27.08.2009, 10:40
| #5 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert RSIT info.txt Teil 1: info.txt logfile of random's system information tool 1.06 2009-08-27 11:18:00 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->D:\Progs\FOLDER~1\FOLDER~2.EXE UnInstall -->MsiExec /X{506DDFBE-983F-4BC3-84B8-65F423B2D798} -->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 7-Zip 4.42-->"D:\Progs\7-Zip\Uninstall.exe" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanAvira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BlackBerry Desktop Software 4.7-->MsiExec.exe /I{84F1B62A-E6F6-458E-BC19-51DBB14055EA} BlackBerry Desktop Software 4.7-->MsiExec.exe /i{84F1B62A-E6F6-458E-BC19-51DBB14055EA} BlackBerry Device Software v4.6.1 für das BlackBerry 8900-Smartphone-->MsiExec.exe /X{976E06C6-79D6-4DA2-B273-51C5BA7B636F} Blaze Media Pro-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3CF1EF0D-29E2-4553-A9ED-4D514B45A07D}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE BSPlayer-->"D:\Progs\BS Player 2\BSplayerPro\uninstall.exe" Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} C-Media Audio-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\C-Media Audio\Uninst.isu" -c"C:\Programme\C-Media Audio\CMIUnInstall.DLL" C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Debugging Tools for Windows-->MsiExec.exe /I{1C943495-B69F-4D41-AE0E-23C57ECD90EE} DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->D:\Progs\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EVEREST Home Edition v2.20-->D:\Progs\Everest\unins000.exe FireTune-->C:\WINDOWS\iun6002.exe "D:\Progs\FireTune\irunin.ini" FlashGet 1.81-->D:\Progs\FlashGet\uninst.exe floAt's Mobile Agent 2-->"C:\Programme\FMA 2\unins000.exe" Freez FLV to MP3 Converter-->"D:\Progs\Freez FLV to MP3 Converter\unins000.exe" HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" ICQ Away Reader 1.4-->"D:\Progs\ICQ Away Reader\unins000.exe" ICQ UIN Backup 1.3-->"D:\Progs\ICQ Tools\ICQ UIN Backup NEU für ICQ6\unins000.exe" ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly iMacros V6.02-->"D:\Progs\iMacros\unins000.exe" IrfanView (remove only)-->D:\Progs\IrfanView\iv_uninstall.exe IsoBuster 2.1-->"D:\Progs\IsoBuster\Uninst\unins000.exe" J2SE Development Kit 5.0 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150050} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD} Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly Malwarebytes' Anti-Malware-->"D:\Progs\Malwarebytes Anti-Malware 1.40\unins000.exe" Medion Flash XL 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst Messenger Plus! Live-->"D:\Progs\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} |
|
27.08.2009, 10:41
| #6 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert RSIT info.txt Teil 2: Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D} MindManager Smart-->D:\Progs\MINDMA~1\UNWISE.EXE D:\Progs\MINDMA~1\INSTALL.LOG Miranda IM-->D:\Progs\Miranda\Miranda IM\uninstall.exe Mozilla Firefox (1.5)-->C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)" Mozilla Firefox (3.5.2)-->C:\Programme\Firefox 2.0\Mozilla Firefox\uninstall\helper.exe Mp3tag v2.42-->D:\Progs\Mp3tag\Mp3tagUninstall.EXE MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL NVIDIA PhysX-->MsiExec.exe /X{506DDFBE-983F-4BC3-84B8-65F423B2D798} OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE} Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1} PartyPoker.net-->"D:\Progs\PartyPoker\PartyPokerNet\Uninstall.exe" "D:\Progs\PartyPoker\PartyPokerNet\install.log" Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661} PDF Reader 2-->C:\WINDOWS\cadkasdeinst01.exe "D:\Progs\PDF Reader 2\" PokerStars.net-->D:\Progs\PokerStars.de\Uninstall.EXE /u:"PokerStars.net" PowerDVD-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000407 /z-uninstall Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Riva FLV Encoder 2.0-->"D:\Progs\Riva Converter\Riva FLV Encoder 2.0\unins000.exe" RouterControl 2.0-->C:\WINDOWS\RCoUn0.exe /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in" Roxio Media Manager-->MsiExec.exe /X{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0} ScummVM 0.9.1-->"D:\Progs\ScummVM\unins000.exe" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73} Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFT Loader 2006-->D:\Progs\SFT Loader\uninstall.exe Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" SIW version 2009-05-12-->"D:\Progs\SIW\unins000.exe" Skype 3.1-->"C:\Programme\Skype\Phone\unins000.exe" Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sony Ericsson Themes Creator 2.54-->D:\Progs\Sony Ericsson\Themes Creator\Uninstall.exe SpeedFan (remove only)-->"D:\Progs\SpeedFan\uninstall.exe" Spybot - Search & Destroy-->"D:\Progs\Spybot - Search & Destroy\unins000.exe" SUPER © Version 2007.bld.23 (July 4, 2007)-->D:\Progs\SUPER\Setup.exe /remove /q0 System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->D:\Progs\Teamspeak\unins000.exe TeamSpeak Overlay BETA 2 (#63)-->"d:\progs\ts overlay\uninstall.exe" Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} Titan Poker-->"C:\WINDOWS\Titan Poker setup.exe" /uninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462} Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742} Update für Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x7 VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VideoLAN VLC media player 0.8.5-test4-->D:\Progs\VLC\uninstall.exe W83L518D-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7 WinAce Archiver-->"D:\Progs\WinAce\SXUNINST.EXE" "D:\Progs\WinAce\SXUNINST.INI" Winamp (remove only)-->"D:\Progs\Winamp Pro\UninstWA.exe" WinAVIVideoConverter-->D:\Progs\WinAVIVideoConverter\unins000.exe Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->D:\Progs\WinRAR\uninstall.exe WinZip-->"D:\Progs\WinZip\WINZIP32.EXE" /uninstall XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 w*w.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 w*w.008k.com 127.0.0.1 008k.com 127.0.0.1 w*w.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 w*w.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: PATRICK-2DCT6O1 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet. Record Number: 87361 Source Name: Service Control Manager Time Written: 20090717153340.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: PATRICK-2DCT6O1 Event Code: 7036 Message: Dienst "Universeller Plug & Play-Gerätehost" befindet sich jetzt im Status "Ausgeführt". Record Number: 87360 Source Name: Service Control Manager Time Written: 20090717130838.000000+120 Event Type: Informationen User: Computer Name: PATRICK-2DCT6O1 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Universeller Plug & Play-Gerätehost" gesendet. Record Number: 87359 Source Name: Service Control Manager Time Written: 20090717130837.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: PATRICK-2DCT6O1 Event Code: 7036 Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 87358 Source Name: Service Control Manager Time Written: 20090717124411.000000+120 Event Type: Informationen User: Computer Name: PATRICK-2DCT6O1 Event Code: 7036 Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet". Record Number: 87357 Source Name: Service Control Manager Time Written: 20090717124403.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: PATRICK-2DCT6O1 Event Code: 0 Message: Record Number: 3388 Source Name: RoxLiveShare9 Time Written: 20090205233845.000000+060 Event Type: Informationen User: Computer Name: PATRICK-2DCT6O1 Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 3387 Source Name: SecurityCenter Time Written: 20090205233716.000000+060 Event Type: Informationen User: Computer Name: PATRICK-2DCT6O1 Event Code: 4096 Message: Record Number: 3386 Source Name: Avira AntiVir Time Written: 20090205233618.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: PATRICK-2DCT6O1 Event Code: 105 Message: The service was started. Record Number: 3385 Source Name: ATI Smart Time Written: 20090205233601.000000+060 Event Type: Informationen User: Computer Name: PATRICK-2DCT6O1 Event Code: 302 Message: msnmsgr (2312) \\.\C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\patrick.msn@web.de\SharingMetadata\Working\database_D2A0_DBEC_A0DB_D557\dfsr.db: Das Datenbankmodul hat erfolgreich die Schritte zur Wiederherstellung abgeschlossen. Record Number: 3384 Source Name: ESENT Time Written: 20090205165444.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\;C:\Programme\Support Tools\;C:\Programme\Gemeinsame Dateien\DivX Shared\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip -----------------EOF----------------- GMER (schlug direkt an): GMER 1.0.15.15077 [e0qsv2oh.exe] - http://www.gmer.net Rootkit quick scan 2009-08-27 11:23:38 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 8A914230 ZwEnumerateKey Code 8A913610 ZwFlushInstructionCache Code 8A91574E IofCallDriver Code 8A92AF16 IofCompleteRequest Code 8A90E74D ZwSaveKey Code 8A5E0615 ZwSaveKeyEx ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8AB501F8 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\UAClxtjppirmt.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- MBR: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully BIOS signateure not found MBAM: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2682 Windows 5.1.2600 Service Pack 3 23.08.2009 17:04:34 mbam-log-2009-08-23 (17-04-34).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 329358 Laufzeit: 1 hour(s), 19 minute(s), 13 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\npclntax.dll (Adware.Zango) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3CF1EF0D-29E2-4553-A9ED-4D514B45A07D}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully. C:\Programme\Path of Neo\mat\Clone\For_Clone_DVD_From_MiRROR.exe (Malware.Packer) -> Quarantined and deleted successfully. C:\Programme\Path of Neo\mat\Retail\For_EU_Retail.exe (Malware.Packer) -> Quarantined and deleted successfully. C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully. D:\Progs\BS Player 2\BSP2.12\BSPlayer_2.12.941\KeyGen\keygen.exe (Trojan.Hacktool) -> Not selected for removal. D:\Progs\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully. D:\Progs\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully. D:\Progs\SC MP3 WAV Converter\scmpw6.exe (Adware.Zango) -> Quarantined and deleted successfully. D:\RECYCLER\S-1-5-21-606747145-1547161642-725345543-1004\Dd6.8\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. PS: Mein PC scheint ziemlich zugemüllt zu sein.. Geändert von Pat89 (27.08.2009 um 10:47 Uhr) |
|
27.08.2009, 10:51
| #7 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Hi, wir müssen erst den Rootkit aus dem Weg räumen, dann noch mal mit MAM und Avira drüber. Der Rootkit schützt einige Komponenten, so dass die sich immer wieder neu "herstellen/Runterladen" können... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird Danach MAM updaten und von der Leine lassen, fullscan: Danach bitte noch einen mit AVIRA wie folgt: Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-a...tellungen.html Führe einen Systemscan durch und poste das Ergebnis! chris Ps.: Wegen dem Keylogger unbedingt von einem sauberen PC aus die Passwörter ändern!
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
27.08.2009, 16:05
| #8 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Soo.. endlich fertig ^^ Combofix: ComboFix 09-08-26.05 - Patrick 27.08.2009 12:22.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1663 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Patrick\Desktop\ComboFix2.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\run.log c:\windows\system32\BReWErS.dll c:\windows\system32\drivers\UAClxtjppirmt.sys c:\windows\system32\nerocheck.exe c:\windows\system32\skinboxer43.dll c:\windows\system32\UACbpjegpyncf.db c:\windows\system32\UAChcqotjfrxr.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACkjyxejnoea.dll c:\windows\system32\UACnhmpaijaor.dll c:\windows\system32\UACoelxewlkyt.dat c:\windows\system32\UACxuvpxyowir.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((( Dateien erstellt von 2009-07-27 bis 2009-08-27 )))))))))))))))))))))))))))))) . 2009-08-27 09:24 . 2009-08-27 09:25 -------- d-----w- C:\MBR 2009-08-27 09:17 . 2009-08-27 09:17 -------- d-----w- c:\programme\trend micro 2009-08-27 09:17 . 2009-08-27 09:18 -------- d-----w- C:\rsit 2009-08-26 16:04 . 2009-05-19 11:49 330344 ----a-w- c:\windows\RCoUn0.exe 2009-08-26 12:16 . 2009-08-26 12:16 74240 ----a-w- c:\windows\cadkasdeinst01.exe 2009-08-23 15:13 . 2009-08-27 09:16 -------- d-----w- C:\Prototype 2009-08-23 13:42 . 2009-08-23 13:42 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Malwarebytes 2009-08-23 13:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 13:25 . 2009-08-23 13:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-23 13:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-23 08:11 . 2009-08-23 08:11 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\DAEMON Tools Pro 2009-08-23 07:56 . 2009-08-23 07:56 12862 ----a-r- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe 2009-08-12 16:56 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-08 20:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 20:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 20:17 . 2009-08-08 20:17 -------- d-----w- C:\043a37f82b0859dc53769c5432 2009-08-08 20:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 20:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-05 15:24 . 2009-08-05 15:24 152576 ----a-w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-05 08:59 . 2009-08-05 08:59 206336 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 16:49 . 2006-10-23 12:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2009-08-25 12:41 . 2007-02-07 09:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-24 16:13 . 2007-02-07 09:52 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Spybot - Search & Destroy 2009-08-24 15:49 . 2009-03-28 12:45 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS 2009-08-24 15:18 . 2007-02-11 13:11 154 ----a-w- c:\windows\system32\mslck.dat 2009-08-23 08:11 . 2006-11-10 10:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-22 09:52 . 2009-08-22 09:52 784890 ----a-w- c:\windows\system32\xa.tmp 2009-08-18 19:27 . 2008-11-28 16:16 256 ----a-w- c:\windows\system32\pool.bin 2009-08-12 22:19 . 2006-12-20 14:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-08-08 21:47 . 2006-10-23 11:30 101648 ----a-w- c:\dokumente und einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-08 20:23 . 2003-04-02 12:00 80754 ----a-w- c:\windows\system32\perfc007.dat 2009-08-08 20:23 . 2003-04-02 12:00 451374 ----a-w- c:\windows\system32\perfh007.dat 2009-08-07 15:51 . 2006-10-23 12:33 -------- d-----w- c:\programme\DivX 2009-08-07 15:51 . 2009-03-14 22:26 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared 2009-08-05 15:25 . 2006-10-23 14:52 -------- d-----w- c:\programme\Java 2009-08-05 08:59 . 2006-10-23 10:03 206336 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 13:15 . 2008-08-04 00:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Blizzard Entertainment 2009-07-25 03:23 . 2008-12-14 11:40 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2003-04-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2006-10-23 11:04 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-12 14:58 . 2006-11-06 19:15 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\teamspeak2 2009-06-25 08:25 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2003-04-02 12:00 737792 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2003-04-02 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2003-04-02 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2003-04-02 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2003-04-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2003-04-02 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-17 09:44 . 2009-06-16 13:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2009-06-17 09:44 . 2009-06-16 13:20 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 13:22 . 2006-11-10 22:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-06-15 10:43 . 2003-04-02 12:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2003-04-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:19 . 2009-03-15 19:05 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2003-04-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2006-10-23 10:03 1296896 ----a-w- c:\windows\system32\quartz.dll 2006-09-16 16:01 . 2006-10-23 12:04 60526 ----a-w- c:\programme\mozilla firefox\components\jar50.dll 2006-09-16 16:01 . 2006-10-23 12:04 49256 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll 2006-09-16 16:01 . 2006-10-23 12:04 166000 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll 2006-05-03 09:06 . 2007-08-10 17:04 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2007-08-10 17:04 31232 --sh--r- c:\windows\system32\msfDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "LanguageShortcut"="d:\progs\PowerDVD\Language\Language.exe" [2007-02-07 54832] "LClock"="c:\programme\LClock\LClock.exe" [2004-09-19 65536] "XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Dit"="Dit.exe" - c:\windows\Dit.exe [2003-12-29 94208] "CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416] "ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Patrick\Startmen\Programme\Autostart\ ICQ Away Reader.lnk - d:\progs\ICQ Away Reader\ICQ Away Reader.exe [2009-3-19 548864] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Microsoft Office Groove Audit Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Progs\\ICQ 5.1 - Englisch\\ICQ Pro7\\ICQLite.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Firefox 2.0\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Progs\\FlashGet\\flashget.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "d:\\Progs\\PowerDVD\\PowerDVD.exe"= "d:\\Progs\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "d:\\Progs\\Opera\\Opera.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Progs\\ICQ6.5\\ICQ.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Progs\\BitTorrent\\bittorrent.exe"= "d:\\Progs\\eMule\\emule.exe"= "d:\\Progs\\Miranda\\Miranda IM\\miranda32.exe"= "d:\\Progs\\CryptLoad_1.0.4\\RouterClient.exe"= "d:\\Progs\\Ventrilo\\Ventrilo.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programme\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [24.10.2006 13:14 53760] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24.10.2006 19:48 3712] R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [28.03.2009 14:45 13440] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24.10.2006 16:50 11672] R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [12.04.2009 02:21 19928] S3 cpuz132;cpuz132;\??\c:\dokume~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys --> c:\dokume~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\progs\Everest\kerneld.wnt [18.08.2005 01:00 7168] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23.10.2006 12:16 24704] S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [23.10.2006 12:16 380736] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhalt des "geplante Tasks" Ordners 2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://192.168.2.1/ IE: &Alles mit FlashGet laden - d:\progs\FlashGet\jc_all.htm IE: &Mit FlashGet laden - d:\progs\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Mozilla\Firefox\Profiles\e3z5h6km.Patrick\ FF - prefs.js: browser.search.selectedEngine - YouTube FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\Firefox 2.0\Mozilla Firefox\plugins\npmozax.dll FF - plugin: d:\progs\DivX\DivX Content Uploader\npUpload.dll FF - plugin: d:\progs\Opera\program\plugins\npdivx32.dll FF - plugin: d:\progs\Opera\program\plugins\npdsplay.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin2.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin3.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin4.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin5.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin6.dll FF - plugin: d:\progs\Opera\program\plugins\npqtplugin7.dll FF - plugin: d:\progs\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\progs\Opera\program\plugins\npwmsdrm.dll ---- FIREFOX Richtlinien ---- FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.interval - 100000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 4 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: intl.accept_languages - de, en, en-us FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.switch.threshold - 650000 c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 12:31 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet012\Services\EverestDriver] "ImagePath"="\??\d:\progs\Everest\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet012\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\d:\progs\PowerDVD\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-606747145-1547161642-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:9d,e1,91,1d,3c,37,34,8f,51,46,bf,db,a9,1d,9b,cd,bf,7c,db,35,04, da,9b,72,f6,30,d5,1a,90,6f,6c,8c,93,93,f3,8f,27,ec,0b,37,9e,67,94,cb,3c,a7,\ "rkeysecu"=hex:d2,be,92,ff,ea,c2,e2,37,0c,44,e3,e1,46,2c,aa,4f . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2009-08-27 12:35 ComboFix-quarantined-files.txt 2009-08-27 10:34 Vor Suchlauf: 18 Verzeichnis(se), 10.994.688.000 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 11.785.011.200 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 291 --- E O F --- 2009-08-25 18:20 |
|
27.08.2009, 16:08
| #9 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert MBAM: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2705 Windows 5.1.2600 Service Pack 3 27.08.2009 14:31:59 mbam-log-2009-08-27 (14-31-59).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 131827 Laufzeit: 1 hour(s), 45 minute(s), 58 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnhmpaijaor.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxuvpxyowir.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UAClxtjppirmt.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047238.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047239.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047240.dll (Rogue.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. AntiVir: Avira AntiVir Personal Report file date: Donnerstag, 27. August 2009 15:16 Scanning for 1665449 virus strains and unwanted programs. Licensed to: Avira AntiVir Personal - FREE Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PATRICK-2DCT6O1 Version information: BUILD.DAT : 8.2.0.353 17048 Bytes 15.5.2009 12:02:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 25.11.2008 15:51:02 AVSCAN.DLL : 8.1.4.0 40705 Bytes 18.7.2008 15:03:25 LUKE.DLL : 8.1.4.5 164097 Bytes 18.7.2008 15:03:25 LUKERES.DLL : 8.1.4.0 12033 Bytes 18.7.2008 15:03:25 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 00:48:20 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.6.2009 11:34:44 ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.8.2009 17:02:43 ANTIVIR3.VDF : 7.1.5.172 194560 Bytes 27.8.2009 13:15:24 Engineversion : 8.2.1.7 AEVDF.DLL : 8.1.1.1 106868 Bytes 30.4.2009 20:15:25 AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26.8.2009 16:49:14 AESCN.DLL : 8.1.2.4 127348 Bytes 23.7.2009 14:10:09 AERDL.DLL : 8.1.2.4 430452 Bytes 14.7.2009 23:42:18 AEPACK.DLL : 8.1.3.18 401783 Bytes 27.5.2009 17:48:52 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 22.6.2009 12:00:18 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18.8.2009 16:51:35 AEHELP.DLL : 8.1.6.0 233846 Bytes 18.8.2009 16:51:17 AEGEN.DLL : 8.1.1.59 356725 Bytes 26.8.2009 16:49:12 AEEMU.DLL : 8.1.0.9 393588 Bytes 18.10.2008 01:08:49 AECORE.DLL : 8.1.7.6 184694 Bytes 23.7.2009 14:09:47 AEBB.DLL : 8.1.0.3 53618 Bytes 18.10.2008 01:08:46 AVWINLL.DLL : 1.0.0.12 15105 Bytes 18.7.2008 15:03:25 AVPREF.DLL : 8.0.2.0 38657 Bytes 18.7.2008 15:03:25 AVREP.DLL : 8.0.0.3 155688 Bytes 21.4.2009 15:08:30 AVREG.DLL : 8.0.0.1 33537 Bytes 18.7.2008 15:03:25 AVARKT.DLL : 1.0.0.23 307457 Bytes 17.4.2008 15:13:45 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18.7.2008 15:03:24 SQLITE3.DLL : 3.3.17.1 339968 Bytes 17.4.2008 15:13:46 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18.7.2008 15:03:25 NETNT.DLL : 8.0.0.1 7937 Bytes 17.4.2008 15:13:46 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18.7.2008 15:03:20 RCTEXT.DLL : 8.0.52.0 86273 Bytes 18.7.2008 15:03:20 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\programme\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: off Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Donnerstag, 27. August 2009 15:16 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'javaw.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ICQ Away Reader.exe' - '1' Module(s) have been scanned Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'XBoxStat.exe' - '1' Module(s) have been scanned Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned Scan process 'mHotkey.exe' - '1' Module(s) have been scanned Scan process 'Dit.exe' - '1' Module(s) have been scanned Scan process 'LClock.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [21]: Das Gerät ist nicht bereit. Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [21]: Das Gerät ist nicht bereit. Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Das Gerät ist nicht bereit. Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Das Gerät ist nicht bereit. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '72' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Dokumente und Einstellungen\Patrick\Desktop\Programme\610_Gamez_For_Sony_Ericsson.rar [0] Archive type: RAR --> Worms_Forts_3D_W550_K750_K700.jar [1] Archive type: ZIP --> META-INF/MANIFEST.MF [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus [NOTE] The file was deleted! C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\CryptLoad_1.1.8 (1).rar [0] Archive type: RAR --> router\FRITZ!Box\nc.exe [DETECTION] Contains recognition pattern of the SPR/Tool.NetCat.B program [NOTE] The file was deleted! C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\CryptLoad_1.1.8.rar [0] Archive type: RAR --> router\FRITZ!Box\nc.exe [DETECTION] Contains recognition pattern of the SPR/Tool.NetCat.B program [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChcqotjfrxr.dll.vir [DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan [NOTE] The file was deleted! C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkjyxejnoea.dll.vir [DETECTION] Is the TR/TDss.BI Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047241.dll [DETECTION] Is the TR/TDss.BI Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047242.dll [DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\closeapp.exe [DETECTION] Contains recognition pattern of the APPL/CloseApp application [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <BACKUP> D:\Progs\Sony Ericsson Games\Boost.Mobile.1805.Games.Pack.March.2007.J2ME.Retail.RDX.zip [0] Archive type: ZIP --> sbmgp37b.zip [1] Archive type: ZIP --> sbmgp37.r01 [2] Archive type: RAR --> BoostPro.jar [WARNING] No further files can be extracted from this archive. The archive will be closed --> sbmgp37h.zip [1] Archive type: ZIP --> sbmgp37.r07 [2] Archive type: RAR --> metro_us_lrg.jar [WARNING] No further files can be extracted from this archive. The archive will be closed --> sbmgp37l.zip [1] Archive type: ZIP --> sbmgp37.r11 [2] Archive type: RAR --> SimonSays.jar [WARNING] No further files can be extracted from this archive. The archive will be closed --> sbmgp37i.zip [1] Archive type: ZIP --> sbmgp37.r08 [2] Archive type: RAR --> NBA_F5_i730.jar [WARNING] No further files can be extracted from this archive. The archive will be closed --> sbmgp37a.zip [1] Archive type: ZIP --> sbmgp37.r00 [2] Archive type: RAR --> baberuth.jar [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Spiele\addons\CurseSetup-2.0.0.14 ZWEI.exe [0] Archive type: NSIS --> ProgramFilesDir/Updater.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP204\A0047538.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was deleted! D:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP204\A0047547.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.Xpstyle.U program [NOTE] The file was deleted! D:\Tools\ETrustAntivirus\English\eAV_S.Win\AlertCab.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> alert.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\English\eAV_S.Win\Cpackage.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> AVH32DLL.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\English\eAV_S.Win\webpkg.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> inoweb.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\eTrust Update\eTrustAntiviursupdatefull.exe [0] Archive type: CAB SFX (self extracting) --> \QO46360.exe [1] Archive type: RSRC --> Object [2] Archive type: CAB (Microsoft) --> Arclib.dll [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\French\eAV_S.Win\AlertCab.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> alert.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\French\eAV_S.Win\Cpackage.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> AVH32DLL.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\German\eAV_S.Win\AlertCab.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> alert.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\German\eAV_S.Win\Cpackage.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> AVH32DLL.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\Spanish\eAV_S.Win\AlertCab.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> alert.exe [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Tools\ETrustAntivirus\Spanish\eAV_S.Win\Cpackage.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> AVH32DLL.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'E:\' <RECOVER> End of the scan: Donnerstag, 27. August 2009 17:01 Used time: 1:44:49 Hour(s) The scan has been done completely. 18789 Scanning directories 837063 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 12 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 837049 Files not concerned 9566 Archives were scanned 22 Warnings 12 Notes Vielen Dank für die Hilfe!! Kann wieder auf E: zugreifen und es scheint auch keine Werbung bei (Google-)Links rauszukommen.. Top Support hier! Hoffe mein System ist nun sauber ^^ |
|
28.08.2009, 18:45
| #10 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Habe nun noch einen Scan mit Prevx gemacht und folgendes gefunden: http://img42.imageshack.us/img42/5130/prevx.jpg Da ich für das Programm keine Lizenz hab, kann ich die Sachen nicht entfernen.. was nun? |
|
31.08.2009, 07:40
| #11 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Hi, lasse folgende Files mal online (virustotal.com) prüfen und poste das Ergebnis: Code:
ATTFilter c:\windows\rcoun0.exe
c:\windows\titan poker setup.exe
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.08.2009, 14:48
| #12 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert rcoun0.exe: MD5: 0467ede1d7b8874e64e5301adb017018 First received: 2008.12.19 00:57:53 UTC Date: 2009.08.28 12:40:33 UTC [>3D] Results: 1/41 Permalink: Virustotal. MD5: 0467ede1d7b8874e64e5301adb017018 Medium Risk Malware titan poker: MD5: 7eae9c5dc9ccf4a89f9425c5e4193c35 First received: 2007.01.16 14:19:20 UTC Date: 2009.07.04 01:08:04 UTC [>58D] Results: 27/40 Permalink: Virustotal. MD5: 7eae9c5dc9ccf4a89f9425c5e4193c35 Infostealer Heuristic.LooksLike.Trojan.Agent.I a variant of Win32/PTCasino Pat |
|
31.08.2009, 15:53
| #13 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Hi, das ist dann wohl tatsächlich was faul, daher räumen wir noch etwas auf: Wenn Du auf die Poker-Teile verzichten kannst, dann deinstalliere sie, auf jeden Fall Avenger laufen lassen, HJ nur wenn Du sie deinstalliert hast: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter icq status checker.exe
Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
c:\windows\rcoun0.exe
c:\windows\titan poker setup.exe
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.08.2009, 19:47
| #14 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert icq status checker: MD5: 788792ff216c7fdc658af6913e0466ae First received: 2007.04.10 15:25:13 UTC Date: 2008.10.17 22:05:52 UTC [>317D] Results: 2/32 Permalink: Virustotal. MD5: 788792ff216c7fdc658af6913e0466ae Suspicious Trojan/Worm Win32.Malware.gen#ASPack!90 (suspicious) Avenger: Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\rcoun0.exe" deleted successfully.
Error: file "c:\windows\titan poker setup.exe" not found!
Deletion of file "c:\windows\titan poker setup.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Die Einträge hab ich gefixt.. den ICQ Status Checker auch noch mit dem Avenger löschen? Das Teil brauch ich eh nich.. Danke schonmal |
|
01.09.2009, 06:29
| #15 |
| | Google Links (und andere) führen zu Werbung + Partition unformatiert Hi, ja... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Google Links (und andere) führen zu Werbung + Partition unformatiert |
| antivir, avira, bho, browser, excel, festplatte, firefox, google, hijack, hijackthis, home, internet, internet explorer, kaputt, maßnahme, mozilla, object, plug-in, problem, rootkit, rundll, server, software, starten., system, virus, werbung, windows xp |
Linear-Darstellung
