| |
| |||||||
Log-Analyse und Auswertung: Google Redirect / Umleitung bei jeder Suche - Rootkit?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.01.2010, 11:51
| #1 |
| |  Google Redirect / Umleitung bei jeder Suche - Rootkit? Hallo, seit gestern leitet mich Google bei jeder Suche auf irgendeine andere Seite weiter. Meistens ist es irgendwas mit zetaclicks4.com Habe CCleaner, Malwarebytes, RSIT und HijackThis laufen lassen. Dann habe ich in HijackThis folgende Einträge gefixt: Code:
ATTFilter O1 - Hosts: 89.149.210.109 www.google.com
O1 - Hosts: 89.149.210.109 www.google.de
O1 - Hosts: 89.149.210.109 www.google.fr
O1 - Hosts: 89.149.210.109 www.google.co.uk
O1 - Hosts: 89.149.210.109 www.google.com.br
O1 - Hosts: 89.149.210.109 www.google.it
O1 - Hosts: 89.149.210.109 www.google.es
O1 - Hosts: 89.149.210.109 www.google.co.jp
O1 - Hosts: 89.149.210.109 www.google.com.mx
O1 - Hosts: 89.149.210.109 www.google.ca
O1 - Hosts: 89.149.210.109 www.google.com.au
O1 - Hosts: 89.149.210.109 www.google.nl
O1 - Hosts: 89.149.210.109 www.google.co.za
O1 - Hosts: 89.149.210.109 www.google.be
O1 - Hosts: 89.149.210.109 www.google.gr
O1 - Hosts: 89.149.210.109 www.google.at
O1 - Hosts: 89.149.210.109 www.google.se
O1 - Hosts: 89.149.210.109 www.google.ch
O1 - Hosts: 89.149.210.109 www.google.pt
O1 - Hosts: 89.149.210.109 www.google.dk
O1 - Hosts: 89.149.210.109 www.google.fi
O1 - Hosts: 89.149.210.109 www.google.ie
O1 - Hosts: 89.149.210.109 www.google.no
O1 - Hosts: 89.149.210.109 search.yahoo.com
O1 - Hosts: 89.149.210.109 us.search.yahoo.com
O1 - Hosts: 89.149.210.109 uk.search.yahoo.com
Da ich hier jedoch über viele weitere Probleme gelesen habe, will ich sichergehen, dass mein System in Ordnung ist, insbesondere, dass kein Rootkit drauf ist. Ich poste euch deshalb im nächsten Beitrag meine Logs und bitte euch um Hilfe. Ein Neuaufsetzen des Systems wird nicht nötig sein, oder? |
|
14.01.2010, 11:57
| #2 |
| | Google Redirect / Umleitung bei jeder Suche - Rootkit? Logs:
__________________HJT von gestern abend: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:07, on 13.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe e:\Programme\Norton GoBack\GBPoll.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE E:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\FreePDF_XP\fpassist.exe E:\Programme\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\Microsoft ActiveSync\wcescomm.exe E:\Programme\Roboform\RoboTaskBarIcon.exe E:\PROGRA~1\MICROS~4\rapimgr.exe E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE E:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINDOWS\system32\wuauclt.exe E:\Programme\Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\Tom\Eigene Dateien\Downloads\ht\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h*p://www.bwin.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rrze.uni-erlangen.de:80 O1 - Hosts: 89.149.210.109 www.google.com O1 - Hosts: 89.149.210.109 www.google.de O1 - Hosts: 89.149.210.109 www.google.fr O1 - Hosts: 89.149.210.109 www.google.co.uk O1 - Hosts: 89.149.210.109 www.google.com.br O1 - Hosts: 89.149.210.109 www.google.it O1 - Hosts: 89.149.210.109 www.google.es O1 - Hosts: 89.149.210.109 www.google.co.jp O1 - Hosts: 89.149.210.109 www.google.com.mx O1 - Hosts: 89.149.210.109 www.google.ca O1 - Hosts: 89.149.210.109 www.google.com.au O1 - Hosts: 89.149.210.109 www.google.nl O1 - Hosts: 89.149.210.109 www.google.co.za O1 - Hosts: 89.149.210.109 www.google.be O1 - Hosts: 89.149.210.109 www.google.gr O1 - Hosts: 89.149.210.109 www.google.at O1 - Hosts: 89.149.210.109 www.google.se O1 - Hosts: 89.149.210.109 www.google.ch O1 - Hosts: 89.149.210.109 www.google.pt O1 - Hosts: 89.149.210.109 www.google.dk O1 - Hosts: 89.149.210.109 www.google.fi O1 - Hosts: 89.149.210.109 www.google.ie O1 - Hosts: 89.149.210.109 www.google.no O1 - Hosts: 89.149.210.109 search.yahoo.com O1 - Hosts: 89.149.210.109 us.search.yahoo.com O1 - Hosts: 89.149.210.109 uk.search.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "E:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [openvpn-gui] e:\Programme\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Programme\Roboform\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = E:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: RF - Formular ausfüllen - file://E:\Programme\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://E:\Programme\Roboform\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://E:\Programme\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{813F49C9-1827-4186-A89D-494B52320101}: NameServer = 192.168.0.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - e:\Programme\Norton GoBack\GBPoll.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - e:\Programme\OpenVPN\bin\openvpnserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10264 bytes Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Tom at 2010-01-13 22:42:18 Microsoft Windows XP Professional Service Pack 3 System drive C: has 2 GB (18%) free of 10 GB Total RAM: 1023 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:21, on 13.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe e:\Programme\Norton GoBack\GBPoll.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE E:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\FreePDF_XP\fpassist.exe E:\Programme\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\Microsoft ActiveSync\wcescomm.exe E:\Programme\Roboform\RoboTaskBarIcon.exe E:\PROGRA~1\MICROS~4\rapimgr.exe E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE E:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINDOWS\system32\wuauclt.exe E:\Programme\Firefox\firefox.exe C:\Dokumente und Einstellungen\Tom\Eigene Dateien\Downloads\RSIT.exe C:\Dokumente und Einstellungen\Tom\Eigene Dateien\Downloads\ht\Tom.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bwin.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rrze.uni-erlangen.de:80 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "E:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [openvpn-gui] e:\Programme\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Programme\Roboform\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = E:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: RF - Formular ausfüllen - file://E:\Programme\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://E:\Programme\Roboform\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://E:\Programme\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{813F49C9-1827-4186-A89D-494B52320101}: NameServer = 192.168.0.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - e:\Programme\Norton GoBack\GBPoll.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - e:\Programme\OpenVPN\bin\openvpnserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9165 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\sicherung.job C:\WINDOWS\tasks\Thundersave.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] E:\Programme\Roboform\roboform.dll [2009-08-05 5960520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - E:\Programme\Roboform\roboform.dll [2009-08-05 5960520] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-05-14 55296] "HP Software Update"=E:\Programme\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "nwiz"=nwiz.exe /install [] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320] "openvpn-gui"=e:\Programme\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184] "TomcatStartup 2.5"=C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-11-12 245760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "H/PC Connection Agent"=E:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "RoboForm"=E:\Programme\Roboform\RoboTaskBarIcon.exe [2009-08-05 160592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2006-01-18 229416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] e:\Programme\DAEMON Tools\daemon.exe [2006-11-12 157592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe [2007-09-28 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] E:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] E:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware] C:\Programme\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] E:\Programme\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] E:\Programme\Roboform\RoboTaskBarIcon.exe [2009-08-05 160592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] e:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2005-05-31 1415824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2008-12-19 136600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-11-12 245760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoUpdate Monitor.lnk] C:\PROGRA~1\Sophos\AUTOUP~1\ALMon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] E:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Norton GoBack.lnk] E:\PROGRA~1\NORTON~1\GBTray.exe [2004-08-13 803976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk] E:\PROGRA~1\MICROS~1\Office\1031\OLFSNT40.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "Sophos AutoUpdate Service"=2 "SAVService"=2 "SAVAdminService"=2 "iPod Service"=3 "IDriverT"=3 "GBPoll"=2 "AntiVirService"=2 "AntiVirScheduler"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart HP Digital Imaging Monitor.lnk - E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe HP Image Zone Schnellstart.lnk - E:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Programme\Gamers.IRC\mirc.exe"="E:\Programme\Gamers.IRC\mirc.exe:*:Enabled:mIRC" "D:\Steam\steamapps\w1ldth1ng\counter-strike\hl.exe"="D:\Steam\steamapps\w1ldth1ng\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "E:\Programme\eMule\emule.exe"="E:\Programme\eMule\emule.exe:*:Enabled:eMule" "E:\Programme\ICQ\Icq.exe"="E:\Programme\ICQ\Icq.exe:*:Enabled:ICQ" "C:\Programme\Nortel Networks\Extranet.exe"="C:\Programme\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client" "C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw" "E:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="E:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "E:\Programme\Orbitdownloader\orbitnet.exe"="E:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader" "E:\Programme\HLSW\hlsw.exe"="E:\Programme\HLSW\hlsw.exe:*:Enabled:hlsw" "D:\Steam\steamapps\w1ldth1ng\day of defeat\hl.exe"="D:\Steam\steamapps\w1ldth1ng\day of defeat\hl.exe:*:Enabled:Half-Life Launcher" "E:\Programme\FlashGet\flashget.exe"="E:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Programme\Firefox\firefox.exe"="E:\Programme\Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "E:\Programme\eMule\Incoming\Foxit Pdf Reader Pro 2.2.2129 Foxit Pdf Editor 2.0 Build 1011 Foxit Library\Foxit Reader&Editor&Library\PDFEdit_en.exe"="E:\Programme\eMule\Incoming\Foxit Pdf Reader Pro 2.2.2129 Foxit Pdf Editor 2.0 Build 1011 Foxit Library\Foxit Reader&Editor&Library\PDFEdit_en.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files!" "E:\Programme\SopCast\SopCast.exe"="E:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary" "E:\Programme\SopCast\adv\SopAdver.exe"="E:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary" "E:\Programme\Microsoft ActiveSync\rapimgr.exe"="E:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\Programme\Microsoft ActiveSync\wcescomm.exe"="E:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\Programme\Microsoft ActiveSync\WCESMgr.exe"="E:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Programme\Microsoft ActiveSync\rapimgr.exe"="E:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\Programme\Microsoft ActiveSync\wcescomm.exe"="E:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\Programme\Microsoft ActiveSync\WCESMgr.exe"="E:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c51e52-e192-11dd-9a61-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f6f1d36-9ea0-11dd-99de-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93928675-e1a1-11de-9c13-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93928677-e1a1-11de-9c13-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0554d9c-bc88-11dd-9a18-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baaa159d-bbbc-11dd-9a14-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baaa159f-bbbc-11dd-9a14-444553544200}] shell\AutoRun\command - J:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baaa15a0-bbbc-11dd-9a14-444553544200}] shell\AutoRun\command - J:\AutoRun.exe ======File associations====== .js - edit - .js - open - .txt - open - ======List of files/folders created in the last 1 months====== 2010-01-13 22:31:40 ----D---- C:\rsit 2010-01-13 22:31:40 ----D---- C:\Programme\trend micro 2010-01-13 21:46:54 ----D---- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Malwarebytes 2010-01-13 18:48:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-13 18:10:55 ----D---- C:\WINDOWS\BDOSCAN8 2009-12-27 18:09:34 ----A---- C:\WINDOWS\mHotkey.exe 2009-12-27 18:09:34 ----A---- C:\WINDOWS\Instit.ini 2009-12-27 18:09:34 ----A---- C:\WINDOWS\InstIt.exe 2009-12-27 18:09:34 ----A---- C:\WINDOWS\HKNTDLL.dll ======List of files/folders modified in the last 1 months====== 2010-01-13 22:31:40 ----RD---- C:\Programme 2010-01-13 22:29:51 ----D---- C:\WINDOWS 2010-01-13 22:29:42 ----D---- C:\WINDOWS\Temp 2010-01-13 22:03:33 ----D---- C:\WINDOWS\Minidump 2010-01-13 22:03:33 ----D---- C:\WINDOWS\Debug 2010-01-13 22:03:28 ----D---- C:\WINDOWS\Prefetch 2010-01-13 21:46:55 ----HD---- C:\Config.Msi 2010-01-13 21:46:54 ----SHD---- C:\WINDOWS\Installer 2010-01-13 21:46:41 ----D---- C:\WINDOWS\system32\drivers 2010-01-13 21:46:39 ----D---- C:\WINDOWS\system32 2010-01-13 21:46:17 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-01-13 21:46:08 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-13 18:10:58 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-13 18:10:55 ----HD---- C:\WINDOWS\inf 2010-01-13 18:10:47 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-13 18:08:48 ----D---- C:\Programme\Sophos 2010-01-13 18:08:44 ----D---- C:\Programme\Gemeinsame Dateien 2010-01-13 18:08:43 ----SD---- C:\WINDOWS\Tasks 2010-01-02 23:10:02 ----D---- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\dvdcss 2009-12-27 22:04:56 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-27 18:10:17 ----SH---- C:\boot.ini 2009-12-27 18:10:17 ----A---- C:\WINDOWS\win.ini 2009-12-27 18:10:17 ----A---- C:\WINDOWS\system.ini 2009-12-27 18:09:34 ----HD---- C:\Programme\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2006-02-23 32768] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465] R2 GBFSHook;GBFSHook; C:\WINDOWS\system32\drivers\GBFSHook.sys [2004-08-13 16132] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-04-05 9817] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-05 137392] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920] R3 SISNIC;SiS-PCI-Fast Ethernet- Adaptertreiber; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768] R3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040] R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-05 137392] S3 a8ejpxqs;a8ejpxqs; C:\WINDOWS\system32\drivers\a8ejpxqs.sys [] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860] S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-05 25280] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-05-22 34576] S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys [] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 DTSRVC;Portrait Displays Display Tune Service; C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe [2007-09-28 65536] R2 GBPoll;GoBack Polling Service; e:\Programme\Norton GoBack\GBPoll.exe [2004-08-13 763016] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-19 152984] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 OpenVPNService;OpenVPN Service; e:\Programme\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2008-05-22 92792] S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S4 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2006-03-13 33832] S4 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2006-03-07 191016] S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] -----------------EOF----------------- |
|
14.01.2010, 11:58
| #3 |
| | Google Redirect / Umleitung bei jeder Suche - Rootkit? RSIT info.txt von gestern abend (da sind noch die "Hosts" drinnen)
__________________Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-01-13 22:32:04
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AFPL Ghostscript 8.54-->e:\Programme\gs\uninstgs.exe "e:\Programme\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->e:\Programme\gs\uninstgs.exe "e:\Programme\gs\fonts\uninstal.txt"
AI RoboForm (All Users)-->"E:\Programme\Roboform\rfwipeout.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir PersonalEdition Classic-->C:\Programme\AntiVir PersonalEdition Classic\setup.exe /REMOVE
Biet-O-Matic v2.10.1-->E:\PROGRA~1\BIET-O~1\UNWISE.EXE E:\PROGRA~1\BIET-O~1\install.log
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
C2matrix FireHawk v1.23-->"E:\Programme\Microsoft ActiveSync\C2matrix FireHawk\unins000.exe"
CCleaner-->"e:\Programme\CCleaner\uninst.exe"
Citrix Presentation Server Client - Nur Web-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
DivX Player-->e:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
eMule-->"E:\Programme\eMule\Uninstall.exe"
FLV Player 1.3.3-->"e:\Programme\FLVPlayer\uninstall.exe"
Foxit PDF Editor-->E:\Programme\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->e:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
Gamers.IRC 5.21-->e:\Programme\Gamers.IRC\uninstall.exe
GSview 4.8-->e:\Programme\Ghostgum\gsview\uninstgs.exe "e:\Programme\Ghostgum\gsview\uninstal.txt"
Half-Life: Opposing Force-->D:\HALF-L~1\UNWISE.EXE /u D:\HALF-L~1\OPFOR.LOG
Half-Life-->C:\WINDOWS\IsUninst.exe -fd:\Half-Life\Uninst.isu -c"d:\Half-Life\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
HLSW v1.1.6-->"e:\Programme\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Color LaserJet 2820/2830/2840 2.0-->"E:\Programme\HP\Digital Imaging\{1030DCDC-2425-407d-BEE1-13558B837FCA}\setup\hpzscr01.exe" -datfile hppscr01.dat
HP Extended Capabilities 4.7-->E:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->E:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP My Display-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x7 -removeonly
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
ICQ-->E:\PROGRA~1\ICQ\ICQUninstall.EXE
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 4.7.0 (Full)-->"e:\Programme\K-Lite Codec Pack\unins000.exe"
LiveUpdate 2.5 (Symantec Corporation)-->C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Luchterhand - StV-->C:\WINDOWS\IsUn0407.exe -fe:\Programme\Luchterhand\StV\Uninst.isu
Malwarebytes' Anti-Malware-->"e:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MDR CD (Edition 7)-->C:\WINDOWS\IsUn0407.exe -fe:\programme\mdr\Uninst.isu
MetaFrame Presentation Server Webclient für Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Voice Command DE PPC 1.60 for M2M-->MsiExec.exe /X{D654B29B-4F7C-4AE3-B837-5B124B375D1A}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
mIRC-->"E:\Programme\Gamers.IRC\mirc.exe" -uninstall
Mozilla Firefox (3.5.7)-->E:\Programme\Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.8)-->E:\Programme\Thunderbird\uninstall\uninstall.exe /ua "1.5.0.8 (de)"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Multimedia Keyboard Driver Ver1.0 (KB-0108)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe"
Norton GoBack 4.0 (Symantec Corporation)-->MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenVPN 2.0.9-gui-1.0.3-->e:\Programme\OpenVPN\Uninstall.exe
PartyPoker-->"e:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "e:\Programme\PartyGaming\PartyPoker\install.log"
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF2Word v1.2-->"e:\Programme\PDF2Word v1.2\unins000.exe"
Pivot Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x7 -removeonly
Quake III Arena Point Release 1.32-->C:\WINDOWS\unvise32.exe e:\spiele\quake iii\uninstal5.log
Quake III Arena-->C:\WINDOWS\IsUninst.exe -f"e:\spiele\Quake III\QIII.isu"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Ricochet-->"D:\Steam\steam.exe" steam://uninstall/60
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x7 -removeonly
SDK-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Programme\Sierra On-Line\sutil32.exe uninstall
SIW version 2009-02-24-->"e:\Programme\SIW\unins000.exe"
SmartTools Publishing · Falz- und Lochmarken-Assistent-->E:\PROGRA~1\SMARTT~1\FLASSI~1\UNWISE.EXE E:\PROGRA~1\SMARTT~1\FLASSI~1\INSTALL.LOG
SopCast 3.0.3-->e:\Programme\SopCast\uninst.exe
Spb Mobile Shell-->E:\Programme\Microsoft ActiveSync\Spb Mobile Shell\Uninstall.exe Spb Mobile Shell
Spb Wireless Monitor-->E:\Programme\Microsoft ActiveSync\Spb Wireless Monitor\Uninstall.exe Spb Wireless Monitor
SpeedFan (remove only)-->"e:\Programme\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4-->"e:\Programme\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Steam-->D:\Steam\UNWISE.EXE D:\Steam\INSTALL.LOG
Sven Co-op v1.9-->d:\Half-Life\Uninstall_SvenCoop.exe
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->e:\Programme\Teamspeak2_RC2\unins000.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->E:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"e:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
WinPcap 4.1 beta4-->C:\Programme\WinPcap\uninstall.exe
WinRAR Archivierer-->e:\Programme\WinRAR\uninstall.exe
WinZip-->"e:\Programme\WinZip\WINZIP32.EXE" /uninstall
World of Padman-->E:\Spiele\World of Padman\UnWoP.exe
XP-Clean-->MsiExec.exe /I{95F48480-6D51-49A5-BFC3-7D8043AC5386}
======Hosts File======
89.149.210.109 www.google.com
89.149.210.109 www.google.de
89.149.210.109 www.google.fr
89.149.210.109 www.google.co.uk
89.149.210.109 www.google.com.br
89.149.210.109 www.google.it
89.149.210.109 www.google.es
89.149.210.109 www.google.co.jp
89.149.210.109 www.google.com.mx
89.149.210.109 www.google.ca
======Security center information======
AV: Avira AntiVir PersonalEdition Classic (outdated)
======System event log======
Computer Name: A
Event Code: 10009
Message: DCOM konnte mit dem Computer "K" unter Verwendung eines beliebigen, konfigurierten
Protokolls keine Daten austauschen.
Record Number: 566595
Source Name: DCOM
Time Written: 20100106223423.000000+060
Event Type: Fehler
User:
Computer Name: A
Event Code: 10009
Message: DCOM konnte mit dem Computer "K" unter Verwendung eines beliebigen, konfigurierten
Protokolls keine Daten austauschen.
Record Number: 566594
Source Name: DCOM
Time Written: 20100106223351.000000+060
Event Type: Fehler
User:
Computer Name: A
Event Code: 10009
Message: DCOM konnte mit dem Computer "K" unter Verwendung eines beliebigen, konfigurierten
Protokolls keine Daten austauschen.
Record Number: 566593
Source Name: DCOM
Time Written: 20100106223318.000000+060
Event Type: Fehler
User:
Computer Name: A
Event Code: 10009
Message: DCOM konnte mit dem Computer "K" unter Verwendung eines beliebigen, konfigurierten
Protokolls keine Daten austauschen.
Record Number: 566592
Source Name: DCOM
Time Written: 20100106223246.000000+060
Event Type: Fehler
User:
Computer Name: A
Event Code: 10009
Message: DCOM konnte mit dem Computer "K" unter Verwendung eines beliebigen, konfigurierten
Protokolls keine Daten austauschen.
Record Number: 566591
Source Name: DCOM
Time Written: 20100106223213.000000+060
Event Type: Fehler
User: A
=====Application event log=====
Computer Name: W
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 5
Source Name: SecurityCenter
Time Written: 20080531013228.000000+120
Event Type: Informationen
User:
Computer Name: W
Event Code: 7
Message: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer wurde erfolgreich durchgeführt von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Record Number: 4
Source Name: crypt32
Time Written: 20080530161743.000000+120
Event Type: Informationen
User:
Computer Name: W
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 3
Source Name: SecurityCenter
Time Written: 20080530120708.000000+120
Event Type: Informationen
User:
Computer Name: W
Event Code: 1517
Message: Die Registrierung des Benutzers "" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.
Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.
Record Number: 2
Source Name: Userenv
Time Written: 20080529224457.000000+120
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: W1LD
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 1
Source Name: SecurityCenter
Time Written: 20080529183855.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
HJT von gerade eben (da sieht man nichts mehr von den Hosts): Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:39, on 14.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe e:\Programme\Norton GoBack\GBPoll.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE E:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\FreePDF_XP\fpassist.exe E:\Programme\OpenVPN\bin\openvpn-gui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\Microsoft ActiveSync\wcescomm.exe E:\Programme\Roboform\RoboTaskBarIcon.exe E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe E:\PROGRA~1\MICROS~4\rapimgr.exe C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE E:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe E:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\Tom\Eigene Dateien\Downloads\ht\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h*p://www.bwin.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht*tp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht*tp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h*ttp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*ttp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rrze.uni-erlangen.de:80 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programme\Roboform\roboform.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "E:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [openvpn-gui] e:\Programme\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Programme\Roboform\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = E:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: RF - Formular ausfüllen - file://E:\Programme\Roboform\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://E:\Programme\Roboform\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://E:\Programme\Roboform\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Programme\Roboform\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Programme\Roboform\RoboFormComSavePass.html O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Programme\Roboform\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{813F49C9-1827-4186-A89D-494B52320101}: NameServer = 192.168.0.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - e:\Programme\Norton GoBack\GBPoll.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - e:\Programme\OpenVPN\bin\openvpnserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9229 bytes |
|
14.01.2010, 15:12
| #4 |
| | Google Redirect / Umleitung bei jeder Suche - Rootkit? Anti-Maleware-Log von gerade: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3554
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
14.01.2010 14:46:05
mbam-log-2010-01-14 (14-46-05).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 213073
Laufzeit: 1 hour(s), 30 minute(s), 55 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\Half-Life\gearbox\DQ2249.ICD (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Programme\Firefox\dm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
E:\Programme\Firefox\pm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\Programme\Gamers.IRC\bin\dll\dmu.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\Programme\Gamers.IRC\bin\dll\nHTMLn_2.95.dll (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Programme\Gamers.IRC\bin\dll\SysTray.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
F:\NEU\2008\SOFTWARE\MIRC\MIRC.6.3..keygenerator. Manuales. instrucions scripts.(Pack.by.eLs0M)\Setup+Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\NEU\2008\SOFTWARE\MIRC\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG\keygen.exe (Backdoor.GF) -> Quarantined and deleted successfully.
Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-14 15:21:57
Windows 5.1.2600 Service Pack 3
Running: umc3nwku.exe; Driver: C:\DOKUME~1\Tom\LOKALE~1\Temp\pgtdipob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF7539A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7539E20]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F5D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Antivir H+BEDV Datentechnik GmbH File Filter Driver Manager (XP/2003)/H+BEDV Datentechnik GmbH)
AttachedDevice \FileSystem\Ntfs \Ntfs GBFSHook.SYS (Norton GoBack File System Hook Driver/Symantec Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (*** hidden *** ) [MANUAL] MBAMSwissArmy <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Habe noch diese Log von MBR.exe: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
Geändert von dft83 (14.01.2010 um 15:24 Uhr) |
|
18.01.2010, 15:17
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google Redirect / Umleitung bei jeder Suche - Rootkit?Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Google Redirect / Umleitung bei jeder Suche - Rootkit? |
| .com, beitrag, ccleaner, code, einträge, folge, folgende, funktioniert, google, google redirect, hijack, hijackthis, hosts, laufen, leitet, malwarebytes, nötig, probleme, redirect, rootkit, rootkit?, rsit, seite, suche, system, umleitung |
Linear-Darstellung
