| |
| |||||||
Log-Analyse und Auswertung: Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.11.2009, 22:22
| #1 |
 |  Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Hallo allerseits, seit einigen Tagen plagen mich zwei Probleme: AntiVir meldet ständig folgende beide Funde: TR/PCK.tdss.Z.230 in C:\Windows\System32\tdlclk.dll TR/Crypt.ZPACK.Gen in C:\Windows\System32\tdlcmd.dll Nach Quarantäne bzw. Löschen in AntiVir treten die beide Funde kurz danach wieder auf; TR/PCK.tdss.Z.230 she hüfig, AntiVir meldet Fund ca. im 5-Minuten-Takt. Da AntiVir beide anscheinend nicht entfernen kann, habe ich es nach Suche hier auch mit Malwarebytes versucht; infizierte Dateien werden gefunden, löschbar sind sie, aber auch hier tritt Meldung kurz danach wieder auf. Außergewöhnlichkeiten am Rechner sind mir keine aufgefallen, keine Pop-Ups, keine langsamere Rechnerleistung und auch kein Umleiten auf unbekannte Seiten. Software fragwürdiger Herkunft, Cracks o.ä., die verseucht gewesen sein könnten, habe ich nicht installiert. Ich habe gemäß der Anleitung den CCleaner ausgeführt, Malwarebytes-Anti-Malware nochmal durchlaufen lassen (dort die Funde dann gelöscht) und dann die RSIT-Logs erstellt... ich hänge alles unten an. Würde mich sehr freuen, wenn mir jemand helfen könnte! Vielen Dank! |
|
25.11.2009, 23:58
| #2 |
| /// Selecta Jahrusso   | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Poste bitte alle Logfiles in Code-Tags. Klicke antworten --> # danach [code]text[/code] So sollte das dann hier aussehen nach dem antworten: Code:
ATTFilter deine Logfile
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. schritt 1 Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
schritt 2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT
schritt 3
Manche Logs sind sehr lange, bitte in mehrere Posts aufteilen. Danke
__________________ |
|
26.11.2009, 18:22
| #3 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Vielen Dank für die schnelle Antwort!
__________________Ich weiß, dass das viel Arbeit sein kann, die Dinger zu finden und dass eine Formatierung schneller wäre... würde es aber gerne versuchen aufgrund der Daten auf dem Rechner; Formatieren würde ich gerne nur im Notfall. Ich arbeite mal deine Schritte ab: Schritt 1: erledigt. Alle Häkchen entspr. gesetzt, Schritt 2: hier die OTL Scans: Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 26.11.2009 18:06:06 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,55% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 63,30 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 661,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{0216DA39-95B3-4D8A-9043-B748E0726C14}" = Gothic III - Götterdämmerung 1.08.9 Patch
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3CF44BDE-BDDC-4510-A5CF-EBE97D1B8F73}" = eXperience112
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{48FEB597-0410-4A17-B134-0DEF3083B944}" = eMusic Download Manager
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C0628AE-4901-4AE4-B749-B9B3A36E656C}" = Microsoft IntelliType Pro 2.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB2347E4-153B-4194-AA3B-97C0A662B369}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Baphomets Fluch - Der Engel des Todes
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ankh" = Ankh
"Ankh - Heart of Osiris" = Ankh - HdO
"Ankh 3 - Kampf der Götter_is1" = Ankh 3 - Kampf der Götter
"AnyDVD" = AnyDVD
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Drakensang_is1" = Drakensang (Patch Version 1.01)
"Firebird SQL Server D" = Firebird SQL Server (D)
"FLVPlayer" = FLV Player 1.3.3
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Jack Keane" = Jack Keane
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS)
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MozBackup_is1" = MozBackup 1.4.5
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.42
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"NVIDIA Drivers" = NVIDIA Drivers
"Overclocked" = Overclocked
"PCCloneEX" = PCCloneEX
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealAlt_is1" = Real Alternative 1.7.5
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SystemRequirementsLab" = System Requirements Lab
"tento.XT_is1" = tento.XT v1.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2009 02:58:56 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.11.2009 03:02:24 | Computer Name = NAME-669645BBA2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung superantispyware.exe, Version 4.30.0.1004,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00018fea.
Error - 20.11.2009 03:03:16 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3802, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.11.2009 04:37:17 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.11.2009 04:42:38 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.11.2009 04:43:04 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.11.2009 17:14:57 | Computer Name = NAME-669645BBA2 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 490
Description = svchost (1136) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 470
Description = Catalog Database (1136) Datenbank C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
Error - 23.11.2009 13:30:23 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SUPERAntiSpyware.exe, Version 4.30.0.1004,
Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 24.11.2009 12:59:23 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.11.2009 14:26:34 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.11.2009 16:09:26 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.11.2009 16:10:09 | Computer Name = NAME-669645BBA2 | Source = DCOM | ID = 10010
Description = Der Server "{1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.11.2009 17:18:15 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2009 14:02:09 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2009 16:53:19 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2009 18:43:20 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2009 18:43:53 | Computer Name = NAME-669645BBA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
Error - 26.11.2009 12:52:56 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
26.11.2009, 18:30
| #4 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... OTL.txt Teil 1 Code:
ATTFilter OTL logfile created on: 26.11.2009 18:06:06 - Run 1 OTL by OldTimer - Version 3.1.11.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,55% Memory free 3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 63,30 Gb Free Space | 27,18% Space Free | Partition Type: NTFS Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 661,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-669645BBA2 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2009.11.11 10:44:44 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009.10.28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe PRC - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe PRC - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.02.20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe PRC - [2008.02.20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2008.02.20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe PRC - [2007.11.06 19:02:24 | 04,102,656 | ---- | M] () -- C:\Programme\PCCloneEX\PCCloneEX.EXE PRC - [2007.10.20 15:34:33 | 00,455,168 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe PRC - [2007.10.10 06:28:32 | 00,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2007.08.16 06:41:35 | 00,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2007.02.01 10:13:06 | 00,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe PRC - [2006.12.15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_11\bin\jusched.exe PRC - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2006.08.23 23:38:28 | 00,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2006.08.16 12:33:12 | 01,826,816 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EA Downloader\Core.exe PRC - [2006.06.26 15:55:04 | 00,227,840 | ---- | M] (Fujitsu Siemens Computers) -- C:\WINDOWS\fscreg.exe PRC - [2006.05.10 13:42:32 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2005.10.26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2005.08.10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2005.07.11 11:34:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe PRC - [2005.06.23 19:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2005.06.08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe PRC - [2005.05.19 14:47:36 | 00,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe PRC - [2005.04.07 19:46:59 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004.12.02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe PRC - [2004.06.16 06:03:26 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2004.06.16 06:02:54 | 00,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe PRC - [2004.05.06 15:47:22 | 01,159,168 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe PRC - [2004.03.23 12:20:24 | 00,147,968 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe PRC - [2003.06.18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe PRC - [2002.04.11 19:47:52 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\point32.exe PRC - [2001.06.12 09:20:24 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Keyboard\type32.exe PRC - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE ========== Modules (SafeList) ========== MOD - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2008.02.20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll MOD - [2006.08.25 08:46:46 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2002.04.11 19:47:52 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\Msh_zwf.dll MOD - [2002.04.11 19:47:52 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\point32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2005.08.10 13:26:14 | 01,527,900 | ---- | M] (The Firebird Project) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf) SRV - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.07 10:15:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.07 10:15:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.09.13 08:45:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.09.13 08:45:55 | 00,000,000 | ---D | M] [2008.08.26 21:16:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2009.10.29 07:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\extensions [2009.11.14 09:26:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.12.21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll [2007.12.21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll [2009.08.19 17:25:35 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.19 17:25:35 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.19 17:25:35 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.13 10:21:25 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.19 17:25:35 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( ) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [POINTER] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RCSystem] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts) O4 - HKCU..\Run: [fsc-reg] C:\windows\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256376449531 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.16 16:23:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ] O32 - AutoRun File - [2009.07.20 14:07:04 | 00,003,496 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.08.17 11:14:02 | 00,000,000 | R--D | M] - D:\autostarter -- [ CDFS ] O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoStarter.exe -- [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () O33 - MountPoints2\{aceb1ccc-24b7-11dd-a7dd-001676c7c5fb}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell - "" = AutoRun O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.11.16 17:15:34 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 14 Days ========== |
|
26.11.2009, 18:32
| #5 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Otl.txt Teil 2 Code:
ATTFilter ========== Files/Folders - Created Within 14 Days ========== [2009.11.26 18:04:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2009.11.25 20:25:00 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\Programme\trend micro [2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\rsit [2009.11.17 17:47:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009.11.15 10:45:15 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner [2009.11.14 11:07:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com [2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2009.11.14 00:12:55 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe [2009.11.14 00:07:57 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl [2009.11.13 23:53:45 | 00,000,000 | ---D | C] -- C:\VundoFix Backups [2009.11.13 23:52:47 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe [2006.11.15 10:48:56 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009.11.26 18:07:48 | 00,012,800 | ---- | M] () -- C:\WINDOWS\System32\tdlclk.dll [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\OTL.exe [2009.11.26 17:53:56 | 00,195,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009.11.26 17:53:45 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.11.26 17:53:02 | 00,054,112 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2009.11.26 17:52:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.11.26 17:52:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.11.26 17:52:34 | 21,448,00768 | -HS- | M] () -- C:\hiberfil.sys [2009.11.25 23:53:15 | 07,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2009.11.25 23:53:15 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx [2009.11.25 23:53:15 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx [2009.11.25 23:53:15 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx [2009.11.25 23:51:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.11.25 20:08:59 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2009.11.24 20:10:36 | 00,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.23 17:40:45 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2009.11.20 07:59:41 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2009.11.20 07:59:35 | 04,276,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2009.11.17 21:10:05 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\rdkdc [2009.11.15 10:45:16 | 00,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2009.11.14 11:07:13 | 00,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009.11.14 00:12:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe [2009.11.13 23:52:47 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.11.25 20:08:54 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe [2009.11.17 21:10:05 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\rdkdc [2009.11.15 10:45:16 | 00,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2009.11.14 11:07:13 | 00,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.08 18:10:27 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2008.05.08 18:10:26 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.05.08 18:10:11 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll [2008.02.25 13:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008.02.20 20:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008.02.20 20:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2008.02.03 15:05:44 | 00,000,120 | ---- | C] () -- C:\WINDOWS\buhl.ini [2008.02.03 15:04:55 | 00,000,636 | ---- | C] () -- C:\WINDOWS\wiso.ini [2007.12.31 15:12:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2007.11.29 23:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2007.11.28 22:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.11.26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007.11.03 21:01:14 | 00,000,288 | ---- | C] () -- C:\WINDOWS\vtmb.ini [2007.09.02 09:43:53 | 00,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.08.13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2007.07.26 16:37:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.26 16:37:15 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.02.28 19:18:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI [2006.12.23 14:04:51 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2006.12.23 14:04:51 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2006.12.14 22:08:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.11 20:55:33 | 00,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.10 23:01:11 | 00,004,583 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2006.12.10 19:41:02 | 00,003,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.12.10 19:30:40 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.12.10 18:59:27 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2006.12.10 18:48:44 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.11.16 23:43:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.11.16 17:21:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.11.16 17:21:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.11.16 17:21:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.11.16 17:21:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.11.16 17:20:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.11.16 17:18:53 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.11.16 17:18:19 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini [2006.11.16 17:17:05 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2006.11.16 17:09:10 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.11.16 16:26:21 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.11.16 16:22:01 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.11.15 10:50:21 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.11.15 10:50:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.11.15 10:50:20 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.11.15 10:50:19 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.11.15 10:46:09 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2006.10.22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.10.02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2002.04.11 19:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll ========== LOP Check ========== [2008.10.18 14:34:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy [2008.04.09 19:35:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2007.12.09 14:52:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay [2008.11.20 21:33:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fallout3 [2008.10.31 21:07:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2006.11.16 17:20:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2007.02.02 21:19:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2007.02.24 16:01:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.03.14 19:27:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009.09.13 08:48:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.12 10:26:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006.12.11 21:55:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh [2008.11.12 19:58:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh - Heart of Osiris [2008.04.09 19:36:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2006.12.15 21:49:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo [2007.10.03 15:37:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech [2006.12.24 00:09:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2008.11.19 20:34:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mp3tag [2007.02.02 21:20:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia [2007.02.28 18:58:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite [2006.12.19 21:16:10 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM [2007.10.30 07:10:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft [2007.02.24 16:04:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca [2007.11.12 19:15:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp [2006.12.10 19:41:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template [2006.12.10 19:05:23 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2009.10.25 20:43:48 | 32,832,4136 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-DEU.exe < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\eventlog.dll [1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 03:22:10 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\scecli.dll [1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 03:22:23 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\netlogon.dll [1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 03:22:19 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys [2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys [2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys [2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < End of report > |
|
26.11.2009, 22:24
| #6 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... So, und hier noch... Schritt 3: Gmer-Scan: Code:
ATTFilter GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-26 22:12:35
Windows 5.1.2600 Service Pack 2
Running: 1q7xnioc.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB02BA2D0]
SSDT BAEFE236 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB02BDC60]
SSDT BAEFE22C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB02BDD40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB02BA950]
SSDT BAEFE23B ZwDeleteKey
SSDT BAEFE245 ZwDeleteValueKey
SSDT BAEFE24A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB02BA7A0]
SSDT BAEFE218 ZwOpenProcess
SSDT BAEFE21D ZwOpenThread
SSDT BAEFE254 ZwReplaceKey
SSDT BAEFE24F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB02BAAC0]
SSDT BAEFE240 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB02250B0]
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xBA746380]
? srescan.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E57360, 0x32E00D, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB8C91B80, 0x37FC7, 0xE0000060]
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB03C1000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB0403000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB041E000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xAF916000, 0x459C1, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAF8C3300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBABB0300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\atapi \Device\Ide\IdePort0 [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
|
|
27.11.2009, 14:23
| #7 |
| /// Selecta Jahrusso | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.11.2009, 17:44
| #8 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... So, hier das ComboFix-Log: Teil 1: Code:
ATTFilter ComboFix 09-11-26.02 - *** 27.11.2009 17:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2045.1656 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8738C054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {87622484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000008-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {80544BC7-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87510664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A2B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A483C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A652C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875C15AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875D7384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875DBB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875F43F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875F7B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87604DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87608DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876117D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8762E65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87641BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87642054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87643DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8764485C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876483FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8764CBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87662C0C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8767A47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8768B65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87694DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87698DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876B6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876B783C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876BD83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876C6C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D5B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876DBC04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876E5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876FEAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877014A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87721054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87724054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8774586C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87746DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87786374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8778FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877AE47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877F95CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87807BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8785EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {878D4BF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8790B6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87969DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8796AB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8796FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {879B2BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87AA7A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87B16A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87BC4A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87FB772C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {880303F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88033054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88056334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8805B83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8806166C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {880742AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8807D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88099674-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88108494-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {881093DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8811F64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8814F2AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88152884-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8815D3B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88167654-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8816B47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {881985CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88215DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8829085C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8833E66C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {883D7BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8851883C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88574A24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8857C634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885A2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885B931C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885ECB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885F1844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885F5BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88605A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88614DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8861AB7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8861EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8863483C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8865A284-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88668C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8866FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88678BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8868064C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8869E5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8869EBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886AB2BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886C732C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886DF774-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886E13C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886F98EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88716BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8876F2CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8878DA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88817624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888366E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8883749C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888DADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888E13DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {889A2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {889A54F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88AD66A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88AFC484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88B2DBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88B8F65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88BDF19C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88C0EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88CFF224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88DBC924-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88DDE30C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E08584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E395AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E73BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7E1DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7E984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E9A844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88EA66F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88EAE9FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F1FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F2E3FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F7265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F7F2A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F9D52C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F9D83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FA0844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FA4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FCBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FCF5C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FD63F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FF1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FF9BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FFBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89001BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8900929C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890106E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902DBC4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902E65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8903329C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89048754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89060AE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8907FA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908597C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909065C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909824C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890BB6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890C054C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890C0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890D7BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890E9B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8911696C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8911DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89162374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89189DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891B17BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891D2C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891EA504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8929865C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932957C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8942ABFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894B02BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894B3434-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895C1A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895C76AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895DC6FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895F1554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896025CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896086E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8963FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896513F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965833C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896583EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965BA2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8969E67C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896AC504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896B142C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896CD894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896F4DDC-FFA4-00DE-0D24-347CA8A3377C}
|
|
27.11.2009, 17:46
| #9 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Teil 2 Code:
ATTFilter AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897354EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89748974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897493C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89757364-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897658EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8976F984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8977FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8979C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897A38AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AF814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897B5784-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897D5A84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898195BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8981B234-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8983085C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898309D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89856294-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898D5964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898EC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8990B804-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8995D98C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8996FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997079C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997A554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997D504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89985604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8998979C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {899945D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8999541C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8999BBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {899FF564-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BAB40540-FFA4-00DE-0D24-347CA8A3377C}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Images
c:\recycler\S-1-5-21-657154122-107968962-1548325518-1003
c:\windows\system32\tdlclk.dll
Infizierte Kopie von c:\windows\system32\DRIVERS\atapi.sys wurde gefunden und desinfiziert
Kopie von - Kitty ate it :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2009-10-27 bis 2009-11-27 ))))))))))))))))))))))))))))))
.
2009-11-25 19:17 . 2009-11-25 20:54 -------- d-----w- C:\rsit
2009-11-25 19:17 . 2009-11-25 20:54 -------- d-----w- c:\programme\trend micro
2009-11-17 16:47 . 2009-11-17 16:47 -------- d--h--w- c:\windows\PIF
2009-11-15 09:45 . 2009-11-15 09:45 -------- d-----w- c:\programme\CCleaner
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\programme\SUPERAntiSpyware
2009-11-13 22:53 . 2009-11-13 22:53 -------- d-----w- C:\VundoFix Backups
2009-11-12 06:43 . 2009-11-12 06:43 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2009-11-05 17:56 . 2009-11-05 17:56 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2009-11-02 18:44 . 2009-11-02 18:44 -------- d-----w- c:\programme\iPod
2009-11-02 18:44 . 2009-11-02 18:45 -------- d-----w- c:\programme\iTunes
2009-11-02 18:39 . 2009-11-02 18:39 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 16:25 . 2009-11-02 16:25 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2009-11-02 16:24 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-02 16:24 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-02 16:24 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-02 16:24 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-02 16:24 . 2009-11-02 16:24 -------- d-----w- c:\programme\Avira
2009-11-02 16:24 . 2009-11-02 16:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 21:24 . 2006-12-10 18:02 -------- d-----w- c:\programme\Mozilla Thunderbird
2009-11-14 10:06 . 2009-10-04 12:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-13 23:08 . 2007-01-07 14:27 -------- d-----w- c:\programme\Java
2009-11-10 16:23 . 2009-11-10 16:22 20575113 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2009_11_10_06_53_41_full.dmp.zip
2009-11-02 18:44 . 2009-03-14 18:24 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2009-10-31 08:28 . 2007-08-07 04:42 16936643 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2006-05-03 09:06 . 2008-05-08 17:10 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-05-08 17:10 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43 . 2008-05-08 17:10 27648 --sh--w- c:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\windows\fscreg.exe 20091126" [X]
"EA Core"="c:\programme\Electronic Arts\EA Downloader\Core.exe" [2006-08-16 1826816]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCSystem"="c:\programme\Creative\Shared Files\Module Loader\DLLML.exe RCSystem * -Startup" [X]
"Muscbrigade"="c:\musicbrigade\Musicbrigade.exe check" [X]
"AudioDrvEmulator"="c:\programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"PCCloneEX"="c:\programme\PCCloneEX\PCCloneEX.EXE" [2007-11-06 4102656]
"Zone Labs Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-10-10 36352]
"VolPanel"="c:\programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-08-16 524288]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-09-04 417792]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"IntelliType"="c:\programme\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"CTDVDDET"="c:\programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"AnyDVD"="c:\programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-10-20 455168]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-10-28 141600]
" Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-20 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WISO Mein Sparbuch heute.lnk - c:\programme\WISO\Sparbuch 2009\meinsparbuchheute.exe [2009-2-8 1119528]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [11.11.2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [11.11.2009 10:44 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27.07.2007 09:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27.07.2007 11:46 251680]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.11.2009 17:24 108289]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [16.11.2006 17:20 1527900]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [11.11.2009 10:44 7408]
.
Inhalt des "geplante Tasks" Ordners
2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\dokumente und einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPOJI610.dll
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-POINTER - point32.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 17:16
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1738359562-3088748936-3465165708-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,34,96,10,3e,f6,33,5a,d1,ef,4d,c1,5a,b9,8a,59,88,b9,67,e4,13,81,41,
00,51,f8,a7,01,a9,e7,ab,33,ea,49,37,6a,01,66,33,8c,6c,22,9d,36,30,50,5b,cc,\
"??"=hex:c6,98,90,50,43,42,6d,65,40,d6,52,14,5f,3e,10,37
[HKEY_USERS\S-1-5-21-1738359562-3088748936-3465165708-1006\Software\SecuROM\License information*]
"datasecu"=hex:27,2a,78,1a,20,bc,d6,1b,6e,4f,c4,92,8d,58,5e,7c,6a,d1,e2,88,66,
25,ef,27,2d,b7,30,a7,77,c6,af,d7,b7,39,cf,1e,10,0a,3b,98,57,08,11,19,41,6a,\
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
.
Zeit der Fertigstellung: 2009-11-27 17:20
ComboFix-quarantined-files.txt 2009-11-27 16:20
Vor Suchlauf: 23 Verzeichnis(se), 67.776.401.408 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 67.727.785.984 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 498845CA82D1DC097BC456938BF257AD
|
|
27.11.2009, 18:55
| #10 |
| /// Selecta Jahrusso | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... schritt 1 Zweiter Lauf mit Gmer
schritt 2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.11.2009, 20:00
| #11 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Hier der neue Gmer-Scan: Teil 1: Code:
ATTFilter GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-27 19:36:02
Windows 5.1.2600 Service Pack 2
Running: 1q7xnioc.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys
---- Modules - GMER 1.0.15 ----
Module Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) BA6FC000-BA730000 (212992 bytes)
Module SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) BACBC000-BACBF000 (12288 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) BA918000-BA921000 (36864 bytes)
Module srescan.sys BA928000-BA933000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation) B9791000-B9D6B000 (6135808 bytes)
Module \SystemRoot\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation) B9744000-B977D000 (233472 bytes)
Module \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) B96A2000-B9721000 (520192 bytes)
Module \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) B9629000-B965D000 (212992 bytes)
Module \SystemRoot\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) BAC88000-BAC90000 (32768 bytes)
Module \SystemRoot\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.) BAC90000-BAC97000 (28672 bytes)
Module \SystemRoot\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) BAC98000-BAC9D000 (20480 bytes)
Module \SystemRoot\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG) BAE08000-BAE0A000 (8192 bytes)
Module \??\C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH) B95C8000-B9604000 (245760 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) BACA0000-BACA6000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BACB0000-BACB5000 (20480 bytes)
Module \SystemRoot\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd) B0FD5000-B10F7000 (1187840 bytes)
Module \SystemRoot\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) B0FA6000-B0FD5000 (192512 bytes)
Module \SystemRoot\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd) B0F7D000-B0FA6000 (167936 bytes)
Module \SystemRoot\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) B0EE1000-B0F7D000 (638976 bytes)
Module \SystemRoot\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.) B0EA0000-B0ECC000 (180224 bytes)
Module \SystemRoot\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.) B0D59000-B0EA0000 (1339392 bytes)
Module \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH) B0CFA000-B0D59000 (389120 bytes)
Module \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) B0B9D000-B0BFC000 (389120 bytes)
Module \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) B0B56000-B0B7B000 (151552 bytes)
Module \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) BABE8000-BABEE000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) B0AA0000-B0ABC000 (114688 bytes)
Module \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) BAE5E000-BAE60000 (8192 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 178.24 /NVIDIA Corporation) BF9D4000-BFF9C000 (6062080 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) B05E8000-B05FC000 (81920 bytes)
Module \??\C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH) B021D000-B0273000 (352256 bytes)
Module \SystemRoot\system32\DRIVERS\atksgt.sys B013A000-B017D000 (274432 bytes)
Module \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.) B0358000-B0367000 (61440 bytes)
Module \SystemRoot\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) B02F0000-B02F3000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\lirsgt.sys BABC0000-BABC5000 (20480 bytes)
Module \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) BABB0000-BABB5000 (20480 bytes)
Module \SystemRoot\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd) ADBAB000-ADBFF000 (344064 bytes)
Module \??\C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys (GMER) AD914000-AD92B000 (94208 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation) 128
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation) 0x00A60000
Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 272
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 344
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation) 360
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 604
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\Programme\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x10000000
Process C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 656
Library C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.DLL (iPodService Resource Library (32 Bit)/Apple Inc.) 0x10000000
Library C:\Programme\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x009A0000
Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 668
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation) 700
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000
Process C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) 744
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 756
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 944
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1052
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1148
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1196
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe 1316
Library C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1348
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 1360
Library C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 0x00400000
Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x50000000
Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x01CC0000
Library C:\WINDOWS\system32\ZoneLabs\zpy.dll (Python Core/Python Software Foundation) 0x1E000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x10000000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd 0x00D20000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd 0x00D30000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd 0x1D100000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd 0x1E1D0000
Library C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC) 0x00D40000
Library C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC) 0x00D50000
Library C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC) 0x00F60000
Library C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC) 0x04000000
Library C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC) 0x50E00000
Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x01C80000
Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x013F0000
Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x52600000
Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x52800000
Library C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC) 0x01420000
Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC) 0x50200000
Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x01640000
Library C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC) 0x50A00000
Library C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC) 0x02FB0000
Library C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC) 0x030C0000
Library C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0407.dll (zlquarantine/Zone Labs Inc.) 0x032F0000
Library C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC) 0x03300000
Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x51E00000
Library C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC) 0x035E0000
Library C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0407.dll (zlsre/Zone Labs Inc.) 0x034B0000
Library C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC) 0x03620000
Library C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC) 0x034C0000
Library C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll (HttpBlocker plug-in/Zone Labs, LLC) 0x03860000
Library C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll 0x038A0000
Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x53200000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
|
|
27.11.2009, 20:01
| #12 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Teil 2: Code:
ATTFilter Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1684
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\SUGG1LMK.DLL (Language Monitor for Status Monitor/Samsung Electronics.) 0x00A90000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x00AA0000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SUGG1UI.DLL (Printer Driver User Interface/Microsoft Corporation) 0x6A900000
Process C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 1724
Library C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 1744
Library C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
Library C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00BC0000
Library C:\Programme\Avira\AntiVir Desktop\sqlite3.dll 0x00D10000
Process C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 1944
Library C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000
Library C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00A00000
Library C:\Programme\Avira\AntiVir Desktop\sqlite3.dll 0x00D80000
Library C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00A30000
Library C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH) 0x00A50000
Library C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x01120000
Library C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01150000
Library C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01190000
Library C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x014E0000
Library C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01570000
Library C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015A0000
Library C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015F0000
Library C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01680000
Library C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x01700000
Library C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01760000
Library C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x017B0000
Library C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x019C0000
Library C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01A10000
Library C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01A80000
Library C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01B00000
Library C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01B20000
Process C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 1956
Library C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 1968
Library C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) 2000
Library C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.) 2168
Library C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll (Audio Driver Emulator DLL/Creative Technology Ltd.) 0x10000000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\CTAudSel.dll (CTAudSel library/Creative Technology Ltd) 0x00A70000
Library C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd) 0x00AC0000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x00E00000
Library C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd) 0x00E40000
Library C:\WINDOWS\SYSTEM32\CTMMACTL.DLL 0x01090000
Library C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd) 0x02000000
Process C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions) 2180
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll 0x00320000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions) 0x01240000
Library C:\Programme\Sony Ericsson\Mobile2\Device Manager\SpecificMPM.dll (Mobile Phone Monitor specific device management dll./SonyEricsson) 0x01040000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll 0x01060000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\SpecificUSB.dll (USB specific device management dll./Popwire AB) 0x01070000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\tlib_log.dll (Telecalib Logging, Dynamic Link Library used for logging./Popwire AB) 0x010B0000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll 0x010E0000
Process C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC) 2200
Library C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC) 0x00400000
Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x50000000
Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x01CC0000
Library C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC) 0x10000000
Library C:\Programme\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC) 0x50400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x00AD0000
Library C:\Programme\Zone Labs\ZoneAlarm\framewrk_Loc0407.dll (ZoneAlarm Framework Module/Zone Labs Inc.) 0x00AF0000
Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x00C70000
Library C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC) 0x04000000
Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x01C80000
Library C:\Programme\Zone Labs\ZoneAlarm\zlclient_Loc0407.dll (ZoneAlarm/Zone Labs Inc.) 0x00DA0000
Library C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC) 0x04100000
Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x52600000
Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x52800000
Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x51E00000
Library C:\Programme\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC) 0x01800000
Library C:\Programme\Zone Labs\ZoneAlarm\alert_Loc0407.zap (Alerts Plugin Module/Zone Labs Inc.) 0x01170000
Library C:\Programme\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC) 0x01180000
Library C:\Programme\Zone Labs\ZoneAlarm\cam_Loc0407.zap (Anti-virus-Überwachungsmodul/Zone Labs Inc.) 0x011A0000
Library C:\Programme\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC) 0x01840000
Library C:\Programme\Zone Labs\ZoneAlarm\email_Loc0407.zap (Email Plugin Module/Zone Labs Inc.) 0x011B0000
Library C:\Programme\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC) 0x01C00000
Library C:\Programme\Zone Labs\ZoneAlarm\filter_Loc0407.zap (Filter Plugin Module/Zone Labs Inc.) 0x011C0000
Library C:\Programme\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC) 0x01880000
Library C:\Programme\Zone Labs\ZoneAlarm\firewall_Loc0407.zap (Firewall Plugin Module/Zone Labs Inc.) 0x011D0000
Library C:\Programme\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC) 0x50C00000
Library C:\Programme\Zone Labs\ZoneAlarm\idlock_Loc0407.zap (ZoneAlarmPro/Zone Labs Inc.) 0x011E0000
Library C:\Programme\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC) 0x018C0000
Library C:\Programme\Zone Labs\ZoneAlarm\privacy_Loc0407.zap (Privacy Plugin Module/Zone Labs Inc.) 0x01200000
Library C:\Programme\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC) 0x01900000
Library C:\Programme\Zone Labs\ZoneAlarm\programs_Loc0407.zap (Programs Plugin Module/Zone Labs Inc.) 0x01210000
Library C:\Programme\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC) 0x01240000
Library C:\Programme\Zone Labs\ZoneAlarm\security_Loc0407.zap (Overview Plugin Module/Zone Labs Inc.) 0x012B0000
Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x53200000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd) 2292
Library C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd) 0x00400000
Library C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSel.dll (CTAudSel library/Creative Technology Ltd) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl (VolPanel.crl/Creative Technology Ltd) 0x61000000
Library C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd) 0x00CE0000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x01020000
Library C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd) 0x01060000
Library C:\Programme\Creative\Shared Files\mxlib.dll (Creative Mixer Library/Creative Technology Ltd.) 0x011F0000
Library C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL (Creative Audio Device Control Interface/Creative Technology Ltd) 0x02000000
Library C:\WINDOWS\SYSTEM32\CTDC0000.DLL (Creative Audio Device Control Module/Creative Technology Ltd) 0x01300000
Library C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd) 0x01450000
Library C:\Programme\Creative\Shared Files\CTTheme.dll (Creative Theme Engine DLL/Creative Technology Ltd) 0x014B0000
Library C:\Programme\Creative\Shared Files\CtrlSrc.dll (Creative Theme Engine RTX Base Control DLL/Creative Technology Ltd) 0x01220000
Library C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd) 0x012F0000
Library C:\Programme\Creative\Shared Files\GDICtrl.skc (Creative Theme Engine GDI Controls plug-in/Creative Technology Ltd) 0x014E0000
Library C:\Programme\Creative\Shared Files\GDICtrl2.skc (Creative Theme Engine GDI2 Controls plug-in/Creative Technology Ltd) 0x01540000
Library C:\Programme\Creative\Shared Files\GDICtrl3.skc (Creative Theme Engine GDI3 Controls plug-in/Creative Technology Ltd) 0x01580000
Library C:\Programme\Creative\Shared Files\RtxCtrl.skc (Creative Theme Engine RTX Controls Plug-In/Creative Technology Ltd) 0x015A0000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)
|
|
27.11.2009, 20:02
| #13 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Teil 3: Code:
ATTFilter Process C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB) 2308
Library C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll 0x00330000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll (Application Launcher/Sony Ericsson Mobile Communications AB) 0x00CA0000
Library C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll (Application Launcher/Sony Ericsson Mobile Communications AB) 0x00E50000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions) 0x00D20000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe 2316
Library C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.) 2324
Library C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.dll (Remote Control System Module/Creative Technology Ltd.) 0x10000000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.CRL (Remote Control System Resources/Creative Technology Ltd.) 0x00A70000
Library C:\Programme\Creative\Shared Files\Module Loader\OSD\PanelSvc.dll (PanelSvc DLL/Creative Technology Ltd.) 0x00AA0000
Library C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd) 0x01800000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x01B40000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RcHidUsb.dll (USB HID Remote Control Receiver Device Plugin/Creative Technology Ltd) 0x01790000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCIDM.dll (Infra Drive IR Device Plugin/Creative Technology Ltd.) 0x01B90000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCKSIRWp.dll (Sound Blaster USB Remote Control Receiver Device Wrapper Plugin/Creative Technology Ltd) 0x01BA0000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCSBUSB.DLL (SoundBlaster USB IR Plugin /Creative Technology Ltd) 0x01BB0000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\rcks1k.dll (SB Extigy IR Plugin /Creative Technology Ltd.) 0x01BC0000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXMod.dll (EAX Module/Creative Technology Ltd.) 0x01BD0000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RemoteEA.CRL (EAX resource module/Creative Technology Ltd) 0x01BF0000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXCADI.DLL (EAXCADI Implementation/Creative Technology Ltd.) 0x01C00000
Library C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\CTAudSel.dll (CTAudSel library/Creative Technology Ltd) 0x01C10000
Library C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd) 0x01C40000
Library C:\Programme\Creative\ShareDLL\CADI\CTPreset.dll (CADI Helper COM Preset/Creative Technology Ltd.) 0x02020000
Library C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd) 0x02080000
Library C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd) 0x02000000
Process C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB) 2332
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB) 0x00400000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll (ShowMfcDialog DLL/Sony Ericsson Mobile Communications AB) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0407.DLL (capires0407/Popwire AB) 0x10300000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll 0x01190000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll (cellphone_object Module/Sony Ericsson Mobile Communications AB) 0x10400000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll (ecsmoddata/Sony Ericsson Mobile Communications AB) 0x011A0000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msmeirsock_object.dll (MSMEIrSock_object Module/Sony Ericsson Mobile Communications AB) 0x10F00000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ms98irsock_object.dll (MS98IrSock_object Module/Sony Ericsson Mobile Communications AB) 0x10D00000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll (MSIrSock_object Module/Sony Ericsson Mobile Communications AB) 0x10E00000
Library C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll (cabmain/Sony Ericsson Mobile Communications AB) 0x02200000
Process C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE 2356
Library C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\WINDOWS\system32\RUNDLL32.EXE (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation) 2372
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation) 0x00A50000
Library C:\WINDOWS\system32\NVRSDE.DLL (NVIDIA German language resource library/NVIDIA Corporation) 0x00AF0000
Process C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation) 2424
Library C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft IntelliType Pro/Microsoft Corporation) 2440
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.) 2484
Library C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\Lang\DataLayer_ger.nlr (DataLayer 2 Module/Nokia) 0x10000000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB) 2492
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll 0x00320000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd) 2500
Library C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd) 0x01000000
Library C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd) 0x02000000
Library C:\WINDOWS\SYSTEM32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x10000000
Library C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd) 0x00CF0000
Library C:\WINDOWS\SYSTEM32\PIAPROXY.DLL (E-mu Plug-in Architecture Device Driver Proxy/Creative Technology Ltd) 0x00D10000
Process C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd) 2508
Library C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd) 0x01000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd) 0x10000000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\WINDOWS\system32\ctxfispk.dll (Ctxfispk.dll/Creative Technology Ltd) 0x00A80000
Library C:\WINDOWS\system32\ctxfibtn.dll (CTXFIBTN DLL/Creative Technology Ltd) 0x00C70000
Library C:\WINDOWS\CTXFIGER.DLL 0x00C90000
Process C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd) 2516
Library C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd) 0x01000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd) 2528
Library C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\Shared Files\CTAudNav.dll (CTAudNav/Creative Technology Ltd) 0x10000000
Process C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 2584
Library C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x00400000
Library C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2592
Library C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
Library C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00C00000
Library c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00C90000
Library c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00CB0000
Library c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00D10000
Library c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00D30000
Library c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00D60000
Library c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00DB0000
Library c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x00DD0000
Library c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x00F30000
Library c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x00F50000
|
|
27.11.2009, 20:04
| #14 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... Teil 4: Code:
ATTFilter Process C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 2600
Library C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00A50000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x009C0000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll 0x009D0000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00B20000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00C20000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll 0x00A20000
Library C:\Programme\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL (iTunesHelper Ressourcebibliothek/Apple Inc.) 0x01370000
Library C:\Programme\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x013A0000
Library C:\Programme\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000
Library C:\Programme\QuickTime\QTSystem\QTCF.dll 0x68A40000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.) 0x01650000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x016F0000
Library C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll 0x01760000
Library C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x023B0000
Process C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.) 2684
Library C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts) 2724
Library C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Process C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 2744
Library C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) 0x00400000
Library C:\Programme\PC Connectivity Solution\NclTools.dll (NCL Tools/Nokia) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\PC Connectivity Solution\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.) 0x01490000
Library C:\Programme\PC Connectivity Solution\Transports\NCLRSMM.dll (Serial cable/Nokia Corp.) 0x01600000
Library C:\Programme\PC Connectivity Solution\Transports\NCLUSBMM.dll (Nokia USB media module/Nokia Corp.) 0x01830000
Library C:\Programme\PC Connectivity Solution\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia Corp.) 0x01960000
Process C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd) 2756
Library C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd) 0x00400000
Library C:\Programme\Creative\MediaSource\Detector\CTIntrfc.dll (CTIntrfc/Creative Technology Ltd) 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\MediaSource\Detector\CTDetect.Crl (Creative MediaSource Detector Resource Library/Creative Technology Ltd) 0x00A70000
Library C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd) 0x02000000
Library C:\Programme\Creative\MediaSource\Detector\DtctrMgr.det (Creative MediaSource Detector Manager/Creative Technology Ltd) 0x00A90000
Library C:\Programme\Creative\MediaSource\Detector\Hdd.det (Harddisk Detector Plugin/Creative Technology Ltd) 0x00AA0000
Library C:\Programme\Creative\Shared Files\ThmRes.DLL (Creative Theme Engine Theme Resources DLL/Creative Technology Ltd) 0x00AB0000
Library C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd) 0x00AD0000
Library C:\Programme\Creative\MediaSource\Detector\Disc.det (Disc Detector Plugin/Creative Technology Ltd) 0x00AF0000
Process C:\WINDOWS\system32\wuauclt.exe (Windows Update Automatic Updates/Microsoft Corporation) 3608
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Process C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.) 3860
Library C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75790000
Library C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd) 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH) [SYSTEM] ACEDRV05
Service C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH) [AUTO] acedrv10
Service C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH) [AUTO] acehlp10
Service C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\WINDOWS\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) [MANUAL] AnyDVD
Service C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt
Service C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX.DLL
Service C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) [AUTO] Creative Service for CDROM Access
Service C:\WINDOWS\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.) [MANUAL] CT20XUT.DLL
Service C:\WINDOWS\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\WINDOWS\system32\CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX.DLL
Service C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) [AUTO] CTAudSvcService
Service C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\WINDOWS\system32\CTEAPSFX.DLL (APS FX Plug-in/Creative Technology Ltd) [MANUAL] CTEAPSFX.DLL
Service C:\WINDOWS\system32\CTEDSPFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTEDSPFX.DLL
Service C:\WINDOWS\system32\CTEDSPIO.DLL (E-MU E-DSP I/O Plugin/Creative Technology Ltd) [MANUAL] CTEDSPIO.DLL
Service C:\WINDOWS\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd) [MANUAL] CTEDSPSY.DLL
Service C:\WINDOWS\system32\CTERFXFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX.DLL
Service C:\WINDOWS\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.) [MANUAL] CTEXFIFX.DLL
Service C:\WINDOWS\system32\CTHWIUT.DLL (Creative Utility Effects/Creative Technology Ltd.) [MANUAL] CTHWIUT.DLL
Service C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\WINDOWS\system32\CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX.DLL
Service C:\WINDOWS\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.) [AUTO] DgiVecp
Service C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation) [MANUAL] e1express
Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.) [MANUAL] ElbyCDFL
Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) [AUTO] ElbyCDIO
Service C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG) [MANUAL] ElbyDelay
Service C:\WINDOWS\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:\MAGIX\Common\Database\bin\fbserver.exe (Firebird SQL Server/The Firebird Project) [MANUAL] FirebirdServerMAGIXInstance
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd) [MANUAL] ha20x2k
Service C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt
Service MSDTC Bridge 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com) [MANUAL] SASENUM
Service C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\WINDOWS\system32\DRIVERS\SE26bus.sys (Sony Ericsson Device 038 Driver Driver/MCCI) [MANUAL] SE26bus
Service C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys (Sony Ericsson Device 038 USB WMC Modem Filter Driver/MCCI) [MANUAL] SE26mdfl
Service C:\WINDOWS\system32\DRIVERS\SE26mdm.sys (Sony Ericsson Device 038 USB WMC Modem WDM Driver/MCCI) [MANUAL] SE26mdm
Service C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys (Sony Ericsson Device 038 USB WMC Device Management Driver/MCCI) [MANUAL] SE26mgmt
Service C:\WINDOWS\system32\DRIVERS\se26nd5.sys (Sony Ericsson Device 038 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI) [MANUAL] se26nd5
Service C:\WINDOWS\system32\DRIVERS\SE26obex.sys (Sony Ericsson Device 038 USB WMC OBEX Interface Device Driver/MCCI) [MANUAL] SE26obex
Service C:\WINDOWS\system32\DRIVERS\se26unic.sys (Sony Ericsson Device 038 USB Ethernet Emulation/MCCI) [MANUAL] se26unic
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc) [BOOT] Si3114r5
Service C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) [BOOT] SiFilter
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC) [BOOT] srescan
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [MANUAL] ssmdrv
Service C:\WINDOWS\system32\Drivers\SSPORT.sys [AUTO] SSPORT
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) [SYSTEM] vsdatant
Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) [AUTO] vsmon
Service Windows Workflow Foundation 3.0.0.0
---- EOF - GMER 1.0.15 ----
|
|
27.11.2009, 20:09
| #15 |
| | Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... ... und hier die OTL.txt! Teil 1: Code:
ATTFilter OTL logfile created on: 27.11.2009 19:51:55 - Run 3 OTL by OldTimer - Version 3.1.11.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,05% Memory free 3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,58% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 62,99 Gb Free Space | 27,05% Space Free | Partition Type: NTFS Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 279,39 Gb Total Space | 39,64 Gb Free Space | 14,19% Space Free | Partition Type: FAT32 Computer Name: NAME-669645BBA2 Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\OTL.exe PRC - [2009.10.28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe PRC - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe PRC - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.02.20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe PRC - [2008.02.20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2008.02.20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe PRC - [2007.02.01 10:13:06 | 00,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe PRC - [2006.12.15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_11\bin\jusched.exe PRC - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2006.05.10 13:42:32 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2005.08.10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2005.07.11 11:34:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2005.04.07 19:46:59 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004.12.02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe PRC - [2004.08.04 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2004.05.06 15:47:22 | 01,159,168 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe PRC - [2004.03.23 12:20:24 | 00,147,968 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe PRC - [2003.06.18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe PRC - [2001.06.12 09:20:24 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Keyboard\type32.exe PRC - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE ========== Modules (SafeList) ========== MOD - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2008.02.20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll MOD - [2006.08.25 08:46:46 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2005.08.10 13:26:14 | 01,527,900 | ---- | M] (The Firebird Project) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf) SRV - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.07 10:15:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.07 10:15:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.09.13 08:45:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.09.13 08:45:55 | 00,000,000 | ---D | M] [2008.08.26 21:16:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Extensions [2009.10.29 07:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\extensions [2009.11.14 09:26:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.12.21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll [2007.12.21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll [2009.08.19 17:25:35 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.19 17:25:35 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.19 17:25:35 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.13 10:21:25 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.19 17:25:35 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( ) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE () O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RCSystem] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts) O4 - HKCU..\Run: [fsc-reg] C:\windows\fscreg.exe (Fujitsu Siemens Computers) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256376449531 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.16 16:23:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ] O32 - AutoRun File - [2009.07.20 14:07:04 | 00,003,496 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.08.17 11:14:02 | 00,000,000 | R--D | M] - D:\autostarter -- [ CDFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.11.16 17:15:34 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16891947461378048) |
|
| Themen zu Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... |
| anleitung, antivir, antivir meldet, c:\windows, ccleaner, dateien, entfernen, folge, folgende, gelöscht, infizierte, infizierte dateien, löschen, malwarebytes, meldet, meldung, pop-ups, probleme, quarantäne, rechner, seite, suche, system, system32, tr/pck.tdss.z.230, umleiten, unbekannte, verseucht, windows |
Textbox.
.
Linear-Darstellung
