| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TDDS installiert sich nach deinstallation und reboot wieder neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.05.2010, 17:46
| #1 |
 |  TDDS installiert sich nach deinstallation und reboot wieder neu Hallo zusammen, ich habe das Problem das mein Norton ständig die svchost und meine firefox.exe anmeckert "Https Tidserv Request" oder auch "Https Tidserv Request 2" Diese Aktionen werden allesamt geblockt. Folgendes habe ich schon ausprobiert: - Den CCleaner benutzt wie hier im Forum beschrieben. - Malwarebytes-Anti-Malware im Quick und Ausführlichen Modus benutzt und alles was gefunden wurde gelöscht Hier mein Log hierzu (Full Scan): Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4074
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
07.05.2010 15:12:07
mbam-log-2010-05-07 (15-12-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 266903
Laufzeit: 1 Stunde(n), 7 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier das Logfile: Code:
ATTFilter 15:41:22:609 2992 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
15:41:22:609 2992 ================================================================================
15:41:22:609 2992 SystemInfo:
15:41:22:609 2992 OS Version: 5.1.2600 ServicePack: 3.0
15:41:22:609 2992 Product type: Workstation
15:41:22:609 2992 ComputerName: ***
15:41:22:609 2992 UserName: ***
15:41:22:609 2992 Windows directory: C:\WINDOWS
15:41:22:609 2992 Processor architecture: Intel x86
15:41:22:609 2992 Number of processors: 2
15:41:22:609 2992 Page size: 0x1000
15:41:22:609 2992 Boot type: Normal boot
15:41:22:609 2992 ================================================================================
15:41:22:609 2992 UnloadDriverW: NtUnloadDriver error 2
15:41:22:609 2992 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:41:23:343 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:41:23:343 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992 wfopen_ex: Trying to KLMD file open
15:41:23:343 2992 wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:41:23:343 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992 wfopen_ex: Trying to KLMD file open
15:41:23:343 2992 wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992 Initialize success
15:41:23:343 2992
15:41:23:343 2992 Scanning Services ...
15:41:24:171 2992 Raw services enum returned 397 services
15:41:24:187 2992
15:41:24:187 2992 Scanning Kernel memory ...
15:41:24:187 2992 Devices to scan: 10
15:41:24:187 2992
15:41:24:187 2992 Driver Name: Disk
15:41:24:187 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:187 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:187 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:187 2992 IRP_MJ_READ : B8108D1F
15:41:24:187 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:187 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:187 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:187 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:187 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:187 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:187 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:187 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:187 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:187 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:187 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:187 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:187 2992 IRP_MJ_POWER : B810AC82
15:41:24:187 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:187 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:187 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:187 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:203 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:203 2992
15:41:24:203 2992 Driver Name: Disk
15:41:24:203 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:203 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:203 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:203 2992 IRP_MJ_READ : B8108D1F
15:41:24:203 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:203 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:203 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:203 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:203 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:203 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:203 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:203 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:203 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:203 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:203 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:203 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:203 2992 IRP_MJ_POWER : B810AC82
15:41:24:203 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:203 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:203 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:203 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:218 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992
15:41:24:218 2992 Driver Name: Disk
15:41:24:218 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:218 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:218 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:218 2992 IRP_MJ_READ : B8108D1F
15:41:24:218 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:218 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:218 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:218 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:218 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:218 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:218 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:218 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:218 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:218 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:218 2992 IRP_MJ_POWER : B810AC82
15:41:24:218 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:218 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:218 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:218 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:234 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992
15:41:24:234 2992 Driver Name: Disk
15:41:24:234 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:234 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:234 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:234 2992 IRP_MJ_READ : B8108D1F
15:41:24:234 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:234 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:234 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:234 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:234 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:234 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:234 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:234 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_POWER : B810AC82
15:41:24:234 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:234 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:234 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992
15:41:24:234 2992 Driver Name: Disk
15:41:24:234 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:234 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:234 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:234 2992 IRP_MJ_READ : B8108D1F
15:41:24:234 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:234 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:234 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:234 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:234 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:234 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:234 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:234 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:234 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:234 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:234 2992 IRP_MJ_POWER : B810AC82
15:41:24:234 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:234 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:234 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:234 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:250 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992
15:41:24:250 2992 Driver Name: Disk
15:41:24:250 2992 IRP_MJ_CREATE : B810EBB0
15:41:24:250 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:250 2992 IRP_MJ_CLOSE : B810EBB0
15:41:24:250 2992 IRP_MJ_READ : B8108D1F
15:41:24:250 2992 IRP_MJ_WRITE : B8108D1F
15:41:24:250 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:250 2992 IRP_MJ_FLUSH_BUFFERS : B81092E2
15:41:24:250 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_DEVICE_CONTROL : B81093BB
15:41:24:250 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
15:41:24:250 2992 IRP_MJ_SHUTDOWN : B81092E2
15:41:24:250 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:250 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_POWER : B810AC82
15:41:24:250 2992 IRP_MJ_SYSTEM_CONTROL : B810F99E
15:41:24:250 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:250 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992
15:41:24:250 2992 Driver Name: atapi
15:41:24:250 2992 IRP_MJ_CREATE : B7F146F2
15:41:24:250 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:24:250 2992 IRP_MJ_CLOSE : B7F146F2
15:41:24:250 2992 IRP_MJ_READ : 804F4562
15:41:24:250 2992 IRP_MJ_WRITE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_EA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_EA : 804F4562
15:41:24:250 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:24:250 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_DEVICE_CONTROL : B7F14712
15:41:24:250 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F10852
15:41:24:250 2992 IRP_MJ_SHUTDOWN : 804F4562
15:41:24:250 2992 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:24:250 2992 IRP_MJ_CLEANUP : 804F4562
15:41:24:250 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_SET_SECURITY : 804F4562
15:41:24:250 2992 IRP_MJ_POWER : B7F1473C
15:41:24:250 2992 IRP_MJ_SYSTEM_CONTROL : B7F1B336
15:41:24:250 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:24:250 2992 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:24:250 2992 IRP_MJ_SET_QUOTA : 804F4562
15:41:24:265 2992 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:265 2992
15:41:24:265 2992 Driver Name: atapi
15:41:24:265 2992 IRP_MJ_CREATE : 8A331EE4
15:41:24:265 2992 IRP_MJ_CREATE_NAMED_PIPE : 8A331EE4
15:41:24:265 2992 IRP_MJ_CLOSE : 8A331EE4
15:41:24:265 2992 IRP_MJ_READ : 8A331EE4
15:41:24:265 2992 IRP_MJ_WRITE : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_EA : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_EA : 8A331EE4
15:41:24:265 2992 IRP_MJ_FLUSH_BUFFERS : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_VOLUME_INFORMATION : 8A331EE4
15:41:24:265 2992 IRP_MJ_DIRECTORY_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_DEVICE_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_SHUTDOWN : 8A331EE4
15:41:24:265 2992 IRP_MJ_LOCK_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_CLEANUP : 8A331EE4
15:41:24:265 2992 IRP_MJ_CREATE_MAILSLOT : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_SECURITY : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_SECURITY : 8A331EE4
15:41:24:265 2992 IRP_MJ_POWER : 8A331EE4
15:41:24:265 2992 IRP_MJ_SYSTEM_CONTROL : 8A331EE4
15:41:24:265 2992 IRP_MJ_DEVICE_CHANGE : 8A331EE4
15:41:24:265 2992 IRP_MJ_QUERY_QUOTA : 8A331EE4
15:41:24:265 2992 IRP_MJ_SET_QUOTA : 8A331EE4
15:41:24:265 2992 Driver "atapi" infected by TDSS rootkit!
15:41:24:281 2992 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:281 2992 File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 15:41:24:281 2992 Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
15:41:24:281 2992 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:41:24:375 2992 vfvi6
15:41:24:453 2992 !dsvbh1
15:41:25:687 2992 dsvbh2
15:41:25:687 2992 fdfb2
15:41:25:687 2992 Backup copy found, using it..
15:41:25:781 2992 will be cured on next reboot
15:41:25:781 2992 Reboot required for cure complete..
15:41:25:812 2992 Cure on reboot scheduled successfully
15:41:25:812 2992
15:41:25:812 2992 Completed
15:41:25:812 2992
15:41:25:812 2992 Results:
15:41:25:812 2992 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
15:41:25:812 2992 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:41:25:812 2992 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:41:25:812 2992
15:41:25:812 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:41:25:812 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:41:25:812 2992 UnloadDriverW: NtUnloadDriver error 1
15:41:25:812 2992 KLMD(ARK) unloaded successfully
Hier das Logfile: Code:
ATTFilter Norman TDSS Cleaner
Version 1.9.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/04/27 16:10:07
Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/04/27 16:10:07, Variants: 55720
Scan started: 07/05/2010 15:49:53
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: PC-Name\Benutzer
Running anti-TDSS module:
TDSS/TDL3 Rootkit Detected
Infected driver successfully cured
Reboot required to complete rootkit disinfection
Running post-scan cleanup routine:
Number of files found: 0
Number of archives unpacked: 0
Number of files scanned: 0
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 39s
- Spybot SD ausgeführt -> keine Spyware gefunden - RSIT ausgeführt Log.txt Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by Benutzer at 2010-05-07 18:25:20 Microsoft Windows XP Professional Service Pack 3 System drive C: has 31 GB (61%) free of 51 GB Total RAM: 2030 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:25:33, on 07.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\idt\intelxpv_v103\wdm\STacSV.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Logitech\Easy Synchronization\servicestub.exe C:\Programme\MagicTune Premium\MagicTuneEngine.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe d:\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe D:\iTunes\iTunesHelper.exe C:\Programme\IDT\WDM\sttray.exe C:\Programme\Citrix\ICA Client\concentr.exe D:\Sony Ericsson PC Suite\SEPCSuite.exe C:\Programme\Citrix\ICA Client\wfcrun32.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\MagicTune Premium\GammaTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\MagicTune Premium\MagicTune.exe C:\Dokumente und Einstellungen\Markus\Desktop\RSIT.exe C:\Programme\trend micro\Markus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Programme\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "d:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262193160640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262197682203 O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECF2FB7-7C81-4A11-BAE4-FAF9D9E207EA}: NameServer = 212.114.152.1,212.114.153.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Programme\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - d:\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programme\idt\intelxpv_v103\wdm\STacSV.exe -- End of file - 10429 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}] SnapFlash Class - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll [2002-12-03 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-17 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "Bluetooth Connection Assistant"=LBTWIZ.EXE -silent [] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=D:\iTunes\iTunesHelper.exe [2009-07-13 292128] "SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2009-03-12 483422] "ConnectionCenter"=C:\Programme\Citrix\ICA Client\concentr.exe [2009-09-12 103768] "nwiz"=nwiz.exe /installquiet [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"=d:\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe GammaTray.lnk - C:\Programme\MagicTune Premium\GammaTray.exe Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Programme\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632] "{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA" "D:\ICQ6.5\ICQ.exe"="D:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Curse\CurseClient.exe"="D:\Curse\CurseClient.exe:*:Enabled:Curse Client" "E:\Celetania\Celetania.exe"="E:\Celetania\Celetania.exe:*:Enabled:Celetania" "D:\Sony Ericsson Media Manager\MediaManager.exe"="D:\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "D:\appleJuice\gui\AJCoreGUI.exe"="D:\appleJuice\gui\AJCoreGUI.exe:*:Enabled:appleJuice Client (GUI)" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df6cc934-1e2a-11df-bbb6-0019d1463bec}] shell\AutoRun\command - M:\DPFMate.exe ======List of files/folders created in the last 1 months====== 2010-05-07 15:45:51 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.45.51_log.txt 2010-05-07 15:41:22 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.41.22_log.txt 2010-05-06 22:14:56 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_22.14.56_log.txt 2010-05-06 21:44:08 ----D---- C:\rsit 2010-05-06 21:44:08 ----D---- C:\Programme\trend micro 2010-05-06 20:30:28 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_20.30.28_log.txt 2010-05-06 00:17:28 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes 2010-05-06 00:17:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-06 00:17:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-06 00:09:06 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Uniblue 2010-05-06 00:09:00 ----D---- C:\Programme\Uniblue 2010-05-05 23:57:06 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.57.06_log.txt 2010-05-05 23:46:05 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.46.05_log.txt 2010-05-05 20:55:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation 2010-05-05 20:39:57 ----RASHOT---- C:\WINDOWS\winstart.bat 2010-05-05 20:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-05-05 20:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$ 2010-05-05 20:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-05-05 20:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-05-05 20:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-05-05 20:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-05-05 20:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-05-05 20:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-05-05 20:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$ 2010-05-05 20:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-05-05 20:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-05-05 20:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-05-05 20:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-05-05 20:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-05-05 20:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-05-05 20:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-05-05 20:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-05-05 20:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-05-05 20:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-05-05 20:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-05-05 20:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-05-05 20:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-05-05 20:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-05-05 20:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-05-05 20:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-05-05 20:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-05-05 20:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-05-05 20:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-05-05 20:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-05-05 20:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-05-05 20:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-05-05 20:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-05-05 20:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-05-05 20:23:04 ----SHD---- C:\Config.Msi 2010-05-05 20:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-05-05 20:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-05-05 20:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-05-05 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-05-05 20:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-05-05 20:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-05-05 20:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-05-05 20:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-05-05 20:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-05-05 20:20:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-05-05 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-05-05 20:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-05-05 20:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-05-05 20:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-05-05 20:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-05-05 20:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-05-05 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-05-05 20:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-05-05 20:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-05-05 20:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-05-05 20:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-05-05 20:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-05-05 20:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-05-05 20:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-05-05 20:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-05-05 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-05-05 20:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-05-05 20:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-05-05 20:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-05-05 20:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-05-05 20:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-05-05 20:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-05-05 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-05-05 20:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-05-05 20:16:57 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll 2010-04-26 20:02:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix ======List of files/folders modified in the last 1 months====== 2010-05-07 17:24:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-05-07 16:44:39 ----D---- C:\WINDOWS\Temp 2010-05-07 15:54:02 ----D---- C:\WINDOWS\Prefetch 2010-05-07 15:51:57 ----D---- C:\WINDOWS\system32 2010-05-07 15:51:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-07 15:50:37 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-07 15:50:03 ----D---- C:\WINDOWS\system32\drivers 2010-05-07 15:49:56 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-07 15:47:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-07 15:44:15 ----D---- C:\WINDOWS 2010-05-07 13:54:06 ----D---- C:\WINDOWS\Debug 2010-05-07 13:53:29 ----D---- C:\Programme\CCleaner 2010-05-06 22:42:32 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Skype 2010-05-06 21:44:08 ----RD---- C:\Programme 2010-05-06 21:36:09 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\skypePM 2010-05-06 20:48:12 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-05-06 17:47:55 ----D---- C:\WINDOWS\Microsoft.NET 2010-05-06 17:47:41 ----RSD---- C:\WINDOWS\assembly 2010-05-06 17:23:40 ----D---- C:\WINDOWS\system32\Restore 2010-05-06 17:23:00 ----D---- C:\Programme\Spybot - Search & Destroy 2010-05-06 00:29:34 ----SHD---- C:\System Volume Information 2010-05-06 00:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$ 2010-05-06 00:03:22 ----HD---- C:\WINDOWS\inf 2010-05-05 20:56:20 ----SHD---- C:\WINDOWS\Installer 2010-05-05 20:55:53 ----D---- C:\WINDOWS\Help 2010-05-05 20:55:53 ----D---- C:\Programme\NVIDIA Corporation 2010-05-05 20:54:54 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-05-05 20:51:33 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-05 20:47:24 ----D---- C:\Programme\XP-Clean Speed 2010-05-05 20:33:37 ----D---- C:\WINDOWS\system32\wbem 2010-05-05 20:33:37 ----D---- C:\WINDOWS\AppPatch 2010-05-05 20:28:41 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-05 20:27:57 ----D---- C:\Programme\Movie Maker 2010-05-05 20:26:46 ----D---- C:\WINDOWS\WinSxS 2010-05-05 20:21:13 ----D---- C:\Programme\Outlook Express 2010-05-05 20:19:19 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-05 20:18:10 ----D---- C:\Programme\Messenger 2010-05-05 17:26:09 ----SD---- C:\WINDOWS\Tasks 2010-04-26 20:02:17 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\ICAClient 2010-04-26 20:02:03 ----D---- C:\Programme\Citrix 2010-04-26 19:47:12 ----RD---- C:\Programme\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2009-08-22 259632] R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-02-04 482432] R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [] R1 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSxpx86.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2009-08-22 308272] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2009-08-22 43696] R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2009-08-22 217136] R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys [] R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys [] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-28 17024] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-10-28 30299] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-10-28 44003] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-04 241296] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-07-29 43392] R3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-01-17 13184] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288] R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVEX15.SYS [] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2009-08-22 89904] R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS [2009-08-22 33072] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS [2009-08-22 36400] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-10-05 18167] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-28 54488] S3 catchme;catchme; \??\C:\cf\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544] S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728] S3 skfilt;skfilt; C:\WINDOWS\system32\drivers\skfilt.sys [2008-02-12 1670016] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-10-05 47104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-10-28 163840] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-17 153376] R2 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Programme\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536] R2 MagicTuneEngine;MagicTuneEngine; C:\Programme\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208] R2 Norton AntiVirus;Norton AntiVirus; C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 OMSI download service;Sony Ericsson OMSI download service; d:\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 STacSV;Audio Service; c:\programme\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-07-13 542496] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-08-20 73728] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
07.05.2010, 17:48
| #2 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu Hier habe ich noch die info.txt
__________________Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-05-07 18:25:35
======Uninstall list======
-->"C:\Programme\Creative\USB Headsets\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALLa
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALLa
-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{8548A86C-3FCE-4019-88EE-A52820207988}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AddOn Studio for World of Warcraft-->MsiExec.exe /I{DE0F56E1-F6E1-44D6-B568-A592C800404D}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
appleJuice Client-->"d:\appleJuice\unins000.exe"
Astroburn Lite-->D:\Programme\Astroburn Lite\uninst.exe
Avanquest update-->"C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
BLASC 2.0-->D:\buffed\UnInstaller.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother P-touch Address Book 1.0-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{98E9B724-0E62-4812-B6CC-C6A228BBC562}
Brother P-touch Editor 4.2-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{003447F5-0058-4B77-9C1E-50488F77C4A7}
Brother QL-Series User's Guide-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDex extraction audio-->"D:\CDex_170b2\uninstall.exe"
Celetania-->E:\Celetania\uninst.exe
Citrix Online Plug-in - Web-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpress.exe /uninstall /cleanup
Citrix Online Plug-in (DV)-->MsiExec.exe /I{CF53CF7C-D996-43EB-9904-DBED57C25625}
Citrix Online Plug-in (HDX)-->MsiExec.exe /I{812424AC-A8B5-44E6-8D48-07E939D1AD9A}
Citrix Online Plug-in (USB)-->MsiExec.exe /I{55392E52-1AAD-44C4-BE49-258FFE72434F}
Citrix Online Plug-in (Web)-->MsiExec.exe /I{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 /remove
Creative Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
Creative USB Headsets-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5B3A354B-C059-4861-A85B-CA46F1089E15}\SETUP.EXE" -l0x7 /remove
Crimson Editor (remove only)-->D:\Crimson Editor\uninstall.exe
Curse Client-->D:\Curse\uninstall.exe
Dark Basic Professional Trial-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D472BD7-7600-49E7-81AA-1930DC671E01}\Setup.exe" -l0x9
DivX Codec-->D:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DVD Decrypter (Remove Only)-->"D:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"D:\DVD Shrink\unins000.exe"
FlashCatcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{867AE74B-855F-4ABD-BCA1-7B4C0ECF2DD9}\setup.exe"
Free FLV Converter V 6.7-->"D:\Free FLV Converter\unins000.exe"
GIMP 2.4.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Gitarrero Beginner 1.01 Demo-->D:\GitarreroDemo\unins000.exe
Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe D:\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Fotodruck-Programm-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Programme\Hewlett-Packard\Photo Printing\hpiunPC.dll
hp psc 900 series-->C:\WINDOWS\system32\hpocon09.exe /u 1206278301 /d "hp psc 900 series"
HP Share-to-Web-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l7
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
jv16 PowerTools 2009-->"C:\Programme\jv16 PowerTools 2009\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
MagicTune Premium-->C:\Programme\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
MetaFrame Presentation Server Webclient für Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{09298F26-A95C-31E2-9D95-2C60F586F075}
Microsoft Visual Studio Shell 2008 - ENU-->MsiExec.exe /I{97E3C3BF-76AC-4DEA-BF8A-434F1EA5F272}
Mobile Phone Suite Easy Synchronization-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x7
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.3)-->D:\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero 9 Trial-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus-->C:\Programme\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.8.0.41\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
NVIDIA Texture Tools 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8D06241-617C-42AB-B9C7-D9BA5A377D10}\setup.exe" -l0x9
Pacific Poker-->D:\PROGRA~1\PACIFI~1\UNWISE.EXE D:\PROGRA~1\PACIFI~1\INSTALL.LOG
Pinnacle device drivers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F866D37-22D0-435D-94F1-31A64D566D0E}\Setup.exe" -l0x7
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe D:\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
proDAD Heroglyph 1.0-->"C:\Programme\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp
ProtectDisc Helper Driver 10-->C:\Programme\ProtectDisc Driver Installer\uninstall_v10.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Runes of Magic-->"E:\Runes of Magic\unins000.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}
Sony Ericsson PC Suite 6.009.00-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0007 -removeonly
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x7 UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7 UNINSTALL
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->D:\Teamspeak2_RC2\unins000.exe
TMPGEnc 4.0 XPress-->MsiExec.exe /I{EC62A668-2E2D-46F9-A999-0812F1699245}
Uniblue RegistryBooster-->"C:\Programme\Uniblue\RegistryBooster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->d:\VideoLAN\VLC\uninstall.exe
Warhammer Online - Age of Reckoning-->"E:\Warhammer Online - Age of Reckoning\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->D:\WinRAR\uninstall.exe
World of Warcraft-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.96-->"C:\Programme\XnView\unins000.exe"
XP-Clean Speed-->MsiExec.exe /I{E5ADAEB8-000D-428B-A2A7-C43A789D4705}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norton AntiVirus
======System event log======
Computer Name: PC-Name
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".
Record Number: 49099
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User:
Computer Name: PC-Name
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".
Record Number: 49098
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User:
Computer Name: PC-Name
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.
Record Number: 49097
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: PC-Name
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.
Record Number: 49096
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: PC-Name
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 49095
Source Name: Service Control Manager
Time Written: 20100412072345.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name:PC-Name
Event Code: 0
Message:
Record Number: 26256
Source Name: iPod Service
Time Written: 20091016180812.000000+120
Event Type: Informationen
User:
Computer Name: PC-Name
Event Code: 35
Message: Der Dienst 'Norton AntiVirus' wurde gestartet.
Record Number: 26255
Source Name: Norton AntiVirus
Time Written: 20091016180811.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: PC-Name
Event Code: 34
Message: Der Dienst 'Norton AntiVirus' startet.
Record Number: 26254
Source Name: Norton AntiVirus
Time Written: 20091016180810.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: PC-Name
Event Code: 0
Message:
Record Number: 26253
Source Name: btwdins
Time Written: 20091016180807.000000+120
Event Type: Informationen
User:
Computer Name:PC-Name
Event Code: 1
Message:
Record Number: 26252
Source Name: Bonjour Service
Time Written: 20091016180806.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\Intel\DMIX;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TEXTURE_TOOLS_DIR"=C:\Programme\NVIDIA Corporation\NVIDIA Texture Tools 2\bin
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Leider hat das alle nichts geholfen, denn die oben genannen Warnungen/Meldungen erscheinen noch immer :-( Danach ins Internet gegangen, es gab keine Fehlermeldungen mehr. Rechner neu gestartet und zack..... das gleiche Problem wieder. Ich habe jetzt schon via Google und Forumsuche etliche Beiträge gefunden, nur komme ich nun alleine nicht mehr weiter. Danke schon einmal im voraus für Eure Hilfe |
|
13.05.2010, 19:04
| #3 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu Hallo zusammen,
__________________ich habe heute einmal allen Mut zusammengenommen und ComboFix ausprobiert. Und was soll ich sagen?  Es hat geklappt! Der Tdds ist verschwunden.  Anschliessend noch fix Malwarebytes' Anti-Malware ausgeführt => nichts gefunden. Auch mein Norton meckert nicht. Gibt es eine (mehr oder weniger) zuverlässige Methode zu sagen das er nun vollständig weg ist? |
|
13.05.2010, 19:42
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TDDS installiert sich nach deinstallation und reboot wieder neuZitat:
Poste aber bitte mal das Combofix Logfile.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2010, 21:58
| #5 | |
| | TDDS installiert sich nach deinstallation und reboot wieder neuZitat:
Hier das Log von Combofix und danke schon mal fürs durchsehen des selbigen ;-) Code:
ATTFilter ComboFix 10-05-12.04 - Markus 13.05.2010 15:54:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2030.1612 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Markus\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eSellerateEngine.dll
c:\windows\system32\st322000.dll
Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-04-13 bis 2010-05-13 ))))))))))))))))))))))))))))))
.
2010-05-13 13:44 . 2010-05-13 13:48 -------- d-----w- C:\Combo-Fix
2010-05-07 16:41 . 2010-05-07 16:41 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Eigene Dateien
2010-05-07 16:41 . 2010-05-07 16:41 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-05-07 13:49 . 2009-03-12 10:53 1550613 ----a-w- c:\windows\system32\drivers\sthda.sys
2010-05-07 13:47 . 2008-04-13 18:53 264832 -c--a-w- c:\windows\system32\dllcache\http.sys
2010-05-07 13:47 . 2008-04-13 18:53 264832 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-07 13:47 . 2008-01-17 14:45 13184 ----a-w- c:\windows\system32\drivers\mtictwl.sys
2010-05-06 19:44 . 2010-05-07 16:25 -------- d-----w- c:\programme\trend micro
2010-05-06 19:44 . 2010-05-06 19:44 -------- d-----w- C:\rsit
2010-05-06 18:40 . 2010-05-07 13:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-06 18:40 . 2010-05-05 21:58 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-05-06 15:28 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-05-06 15:28 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-05-06 15:28 . 2008-04-14 02:02 73472 -c--a-w- c:\windows\system32\dllcache\sr.sys
2010-05-06 15:28 . 2008-04-14 02:02 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2010-05-05 22:17 . 2010-05-05 22:17 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\Malwarebytes
2010-05-05 22:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 22:17 . 2010-05-05 22:17 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-05 22:17 . 2010-05-05 22:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-05 22:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 22:09 . 2010-05-05 22:09 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\Uniblue
2010-05-05 22:09 . 2010-05-05 22:09 -------- d-----w- c:\programme\Uniblue
2010-05-05 18:55 . 2010-05-05 18:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-05-05 18:39 . 2010-05-05 18:39 2 --shatr- c:\windows\winstart.bat
2010-05-05 18:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-05 18:16 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 18:15 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-05 18:15 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-05 18:15 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-05 15:38 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-05 15:15 . 2010-05-05 15:15 -------- d-s---w- c:\dokumente und einstellungen\NetworkService\UserData
2010-04-26 18:02 . 2009-09-12 20:34 66928 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_zh-TW.dll
2010-04-26 18:02 . 2009-09-12 20:33 66928 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_zh-CN.dll
2010-04-26 18:02 . 2009-09-12 20:33 75120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ru.dll
2010-04-26 18:02 . 2010-04-26 18:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix
2010-04-26 18:02 . 2009-09-12 21:11 75120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_en.dll
2010-04-26 18:02 . 2009-09-12 21:09 1049952 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpress.exe
2010-04-26 18:02 . 2009-09-12 20:35 71024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ko.dll
2010-04-26 18:02 . 2009-09-12 20:32 71024 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ja.dll
2010-04-26 18:02 . 2009-09-12 20:31 75120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_fr.dll
2010-04-26 18:02 . 2009-09-12 20:30 75120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_es.dll
2010-04-26 18:02 . 2009-09-12 20:29 75120 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_de.dll
2010-04-26 18:02 . 2010-04-26 18:02 -------- d-----w- c:\dokumente und einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Citrix
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 13:33 . 2008-03-23 13:39 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\Skype
2010-05-13 12:14 . 2008-03-23 13:41 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\skypePM
2010-05-10 21:11 . 2010-01-24 01:00 535488 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-05-07 15:24 . 2009-12-30 13:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-07 13:51 . 2006-02-28 12:00 81126 ----a-w- c:\windows\system32\perfc007.dat
2010-05-07 13:51 . 2006-02-28 12:00 452300 ----a-w- c:\windows\system32\perfh007.dat
2010-05-07 11:53 . 2009-05-05 20:01 -------- d-----w- c:\programme\CCleaner
2010-05-06 19:00 . 2009-05-05 19:43 41 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows NT\msqlite.dll
2010-05-06 15:23 . 2009-12-30 13:30 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-05-05 18:55 . 2009-02-07 15:25 -------- d-----w- c:\programme\NVIDIA Corporation
2010-05-05 18:47 . 2009-05-05 19:43 -------- d-----w- c:\programme\XP-Clean Speed
2010-05-05 18:39 . 2009-12-30 16:35 228 ----a-w- c:\windows\system32\edacded0.dat
2010-04-26 18:02 . 2008-03-31 23:29 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\ICAClient
2010-04-26 18:02 . 2008-03-31 23:28 -------- d-----w- c:\programme\Citrix
2010-04-26 17:47 . 2008-03-23 13:38 -------- d-----r- c:\programme\Skype
2010-04-05 19:49 . 2009-04-17 19:05 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\XnView
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-29 18:28 . 2010-03-29 18:28 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2010-03-09 11:09 . 2006-02-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:41 . 2006-02-28 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:41 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2010-05-07 13:50 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2006-02-28 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-04 00:50 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="d:\sony ericsson pc suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Easy Synchronization"="c:\programme\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-07-13 292128]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-03-12 483422]
"ConnectionCenter"="c:\programme\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-28 565309]
GammaTray.lnk - c:\programme\MagicTune Premium\GammaTray.exe [2008-12-29 36864]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\programme\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"d:\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Curse\\CurseClient.exe"=
"e:\\Celetania\\Celetania.exe"=
"d:\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\appleJuice\\gui\\AJCoreGUI.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [07.05.2010 15:50 65584]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [07.05.2010 15:50 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [07.05.2010 15:49 201848]
R2 Norton AntiVirus;Norton AntiVirus;c:\programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [04.02.2010 22:03 117640]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [07.05.2010 15:49 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.08.2009 01:26 102448]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [07.05.2010 15:49 27632]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [09.04.2009 12:31 1670016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1008000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\NAV\1008000.029\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1008000.029\ccHPx86.sys --> c:\windows\system32\Drivers\NAV\1008000.029\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [08.05.2010 09:48 329592]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe [28.11.2009 09:23 90112]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [23.05.2009 09:11 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [23.05.2009 09:11 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [23.05.2009 09:11 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [23.05.2009 09:11 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [23.05.2009 09:11 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [23.05.2009 09:11 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [23.05.2009 09:11 117544]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.heise.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {9ECF2FB7-7C81-4A11-BAE4-FAF9D9E207EA} = 212.114.152.1,212.114.153.1
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\dokumente und einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\b91ug6q7.default\
FF - prefs.js: browser.search.selectedEngine - World of Warcraft-Arsenal
FF - prefs.js: browser.startup.homepage - hxxp://www.heise.de
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npicaN.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\videolan\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
d:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-nwiz - nwiz.exe
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-13 15:59
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programme\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2010-05-13 16:00:37
ComboFix-quarantined-files.txt 2010-05-13 14:00
ComboFix2.txt 2009-12-30 18:53
Vor Suchlauf: 10 Verzeichnis(se), 32.664.125.440 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.670.773.248 Bytes frei
- - End Of File - - 8C84AB5F4A6D536E4B6406B0C92F052B
|
|
14.05.2010, 09:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TDDS installiert sich nach deinstallation und reboot wieder neu Das sieht gut aus. Merkst Du auch ne Verbesserung am System jetzt? CF hat da eine manipulierte Systemdatei erkannt und ein Original zurückkopiert. Mach bitte mal zur Kontrolle Logfiles mit GMER und OSAM.
__________________ --> TDDS installiert sich nach deinstallation und reboot wieder neu |
|
14.05.2010, 16:31
| #7 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu Also subjektiv merke ich ein schnelleres öffnen des firefox und ein schnelleres umschalten aus dem Vollbildmodus hin zum desktop. Wobei das wahrscheinlich auch an dem fehlenden "meckern" des norton liegt ;-) Hier meine beiden Logfiles: GMER: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 17:19:00
Windows 5.1.2600 Service Pack 3
Running: nepslpt5.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kfwiypoc.sys
---- System - GMER 1.0.15 ----
SSDT 88AB19C8 ZwAlertResumeThread
SSDT 8A10B7F8 ZwAlertThread
SSDT 88A334C0 ZwAllocateVirtualMemory
SSDT 88B0ECA0 ZwAssignProcessToJobObject
SSDT 8A3A84A0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB41B7210]
SSDT 88A26AC0 ZwCreateMutant
SSDT 88A20070 ZwCreateSymbolicLinkObject
SSDT 88A345B0 ZwCreateThread
SSDT 88AAF5E0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB41B7490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB41B79F0]
SSDT 8A45A818 ZwDuplicateObject
SSDT 88A32BB0 ZwFreeVirtualMemory
SSDT 88B0F1F0 ZwImpersonateAnonymousToken
SSDT 88B0FBF8 ZwImpersonateThread
SSDT 8A04C898 ZwLoadDriver
SSDT 88A32A10 ZwMapViewOfSection
SSDT 88B0F5F0 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xB41B77A0]
SSDT 8A46C118 ZwOpenProcess
SSDT 88AAD050 ZwOpenProcessToken
SSDT 89772720 ZwOpenSection
SSDT 8A465200 ZwOpenThread
SSDT 88A20B80 ZwProtectVirtualMemory
SSDT 8976C050 ZwResumeThread
SSDT 88AAC050 ZwSetContextThread
SSDT 88A32738 ZwSetInformationProcess
SSDT 88AAFA48 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB41B7C40]
SSDT 89772CA0 ZwSuspendProcess
SSDT 88AAA050 ZwSuspendThread
SSDT 88B0D050 ZwTerminateProcess
SSDT 88B07050 ZwTerminateThread
SSDT 8976F050 ZwUnmapViewOfSection
SSDT 88A32F80 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A17380, 0x566445, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB6950700, 0x2919C, 0xE0000060]
init C:\WINDOWS\system32\drivers\skfilt.sys entry point in "init" section [0xB3F83430]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xB3438000, 0x4549F, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\BTHUSB \Device\000000ab bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000ad bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf 0xB1 0x6F 0xDF 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07 0x0E 0xBB 0xEC 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTmylyarmyqv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf 0xB1 0x6F 0xDF 0xB8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07 0x0E 0xBB 0xEC 0x0A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:46:06 on 14.05.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation" - C:\WINDOWS\system32\btcpl.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv10" (acedrv10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv10.sys "acehlp10" (acehlp10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acehlp10.sys "ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys "Bluetooth Protocol Stack" (BTKRNL) - "Broadcom Corporation" - C:\WINDOWS\System32\drivers\btkrnl.sys "Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation" - C:\WINDOWS\System32\drivers\btaudio.sys "btwhid" (btwhid) - "Broadcom Corporation" - C:\WINDOWS\System32\DRIVERS\btwhid.sys "catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vserial.sys "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100505.001\IDSxpx86.sys "InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys (File not found) "InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MagicTune" (MagicTune) - "Samsung Electronics, Inc. " - C:\WINDOWS\System32\drivers\MTiCtwl.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100513.041\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100513.041\NAVEX15.SYS "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NAV\1106000.020\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NAV\1106000.020\SYMEFA.SYS "Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vsb.sys "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation" - C:\WINDOWS\System32\DRIVERS\btport.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation" - C:\WINDOWS\System32\Drivers\btwusb.sys "WpdUsb" (WpdUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wpdusb.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? - (File not found | COM-object registry key not found) {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} "WidImg Class" - "Broadcom Corporation" - C:\WINDOWS\system32\btxppanel.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {FE24CD78-7C63-465D-8787-4EDF7FC79895} "ShellExecuteHook class" - ? - C:\Programme\Logitech\Easy Synchronization\shellexecutehook.dll (File found, but it contains no detailed information) {F552DDE6-2090-4bf4-B924-6141E87789A5} "ShellObj Class" - "Greatis Software, LLC" - C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation" - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\OFFICE11\msohev.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\OLKFSTUB.DLL {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\WinRAR\rarext.dll (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {E5ABEB00-B357-4884-9949-77B2C71A7EE3} "{E5ABEB00-B357-4884-9949-77B2C71A7EE3}" - ? - (File not found | COM-object registry key not found) / hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm "Flash Catcher" - ? - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm (File not found) "ICQ6" - "ICQ, Inc." - D:\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} "SnapFlash Class" - "justDo Software" - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.DLL {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "GammaTray.lnk" - ? - C:\Programme\MagicTune Premium\GammaTray.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation" - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "CurseClientStartup.ccip" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\CurseClientStartup.ccip "desktop.ini" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "d:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Bluetooth Connection Assistant" - ? - LBTWIZ.EXE -silent (File not found) "ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup "Easy Synchronization" - ? - C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe (File found, but it contains no detailed information) "iTunesHelper" - "Apple Inc." - "D:\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "Share-to-Web Namespace Daemon" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Easy Synchronization" - ? - C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation" - C:\WINDOWS\system32\bthcrp.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation" - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe "Logitech Easy Synchronization" (Logitech Easy Synchronization) - ? - C:\Programme\Logitech\Easy Synchronization\servicestub.exe (File found, but it contains no detailed information) "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MagicTuneEngine" (MagicTuneEngine) - ? - C:\Programme\MagicTune Premium\MagicTuneEngine.exe (File found, but it contains no detailed information) "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe "Norton AntiVirus" (NAV) - "Symantec Corporation" - C:\Programme\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Sony Ericsson OMSI download service" (OMSI download service) - ? - d:\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
14.05.2010, 16:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TDDS installiert sich nach deinstallation und reboot wieder neu Sieht ok aus. Mach auch bitte zurweiteren Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2010, 13:06
| #9 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu soderle, beide programme ausgeführt, hier das log mbam: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4103
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.05.2010 11:51:28
mbam-log-2010-05-15 (11-51-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 259210
Laufzeit: 1 Stunde(n), 13 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SUPERAntiSpyware nachdem er mit dem scannen fertig war, bin ich auf "Weiter". anschliessend wurde der rechner neu gestartet. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/15/2010 at 01:41 PM
Application Version : 4.37.1000
Core Rules Database Version : 4939
Trace Rules Database Version: 2751
Scan type : Complete Scan
Total Scan Time : 01:05:13
Memory items scanned : 718
Memory threats detected : 0
Registry items scanned : 6679
Registry threats detected : 2
File items scanned : 133601
File threats detected : 11
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Markus\Cookies\markus@rotator.adjuggler[1].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.zanox[2].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.adc-serv[2].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@interclick[1].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@zanox[2].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@adserver.adtechus[1].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.yieldmanager[2].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@webmasterplan[2].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@im.banner.t-online[1].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\Markus\Cookies\markus@adsrv.admediate[1].txt
Trojan.Agent/Gen-Alureon
HKU\S-1-5-19\Software\h8srt
HKU\S-1-5-20\Software\h8srt
|
|
16.05.2010, 18:33
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TDDS installiert sich nach deinstallation und reboot wieder neu Sieht an sich ok aus, aber ein paar inkative Rest vom Rootkit sind da noch. Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
c:\system32\drivers\H8SRTmylyarmyqv.sys
registry keys to delete:
HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys
drivers to delete:
H8SRTd.sys
H8SRTd
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2010, 09:56
| #11 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu hello! Hier habe ich zum einen das erstellte Logfile. Scheint so als ob es nicht funktioniert hat oder? müsste die folgende Zeile in deinem Script statt Code:
ATTFilter c:\system32\drivers\H8SRTmylyarmyqv.sys
Code:
ATTFilter c:\WINDOWS\system32\drivers\H8SRTmylyarmyqv.sys
Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "c:\system32\drivers\H8SRTmylyarmyqv.sys"
Deletion of file "c:\system32\drivers\H8SRTmylyarmyqv.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Registry key "HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd.sys" not found!
Deletion of driver "H8SRTd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd" not found!
Deletion of driver "H8SRTd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
hxxp://www.file-upload.net/download-2523202/backup.zip.html danke und gruß |
|
17.05.2010, 13:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TDDS installiert sich nach deinstallation und reboot wieder neu Ups, ja im Pfad fehlte ein WINDOWS  Aber anscheinend war die Datei eh schon weg. Mach mal bitte zur Kontrolle ein frisches GMER Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2010, 19:30
| #13 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu Hallo Cosinus! Ich habe den Avenger nochmals mit dem richtigen Pfad ausprobiert, aber er hat wieder nicht gefunden *freu* Ich bin heute leider heute erst dazu gekommen das neue Gmer-Log zu produzieren und hier ist es schon: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-18 20:17:49
Windows 5.1.2600 Service Pack 3
Running: 40e9rbcd.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kfwiypoc.sys
---- System - GMER 1.0.15 ----
SSDT 8A0843B0 ZwAlertResumeThread
SSDT 8A1F2258 ZwAlertThread
SSDT 896E3F40 ZwAllocateVirtualMemory
SSDT 8A003378 ZwAssignProcessToJobObject
SSDT 8A234EA8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4160210]
SSDT 897F86E0 ZwCreateMutant
SSDT 8A0CDD58 ZwCreateSymbolicLinkObject
SSDT 8A5C4008 ZwCreateThread
SSDT 8A0495B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB4160490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB41609F0]
SSDT 896E4410 ZwDuplicateObject
SSDT 89781BB8 ZwFreeVirtualMemory
SSDT 89FEFAD0 ZwImpersonateAnonymousToken
SSDT 8A04EAD0 ZwImpersonateThread
SSDT 8A15DAF0 ZwLoadDriver
SSDT 89781A18 ZwMapViewOfSection
SSDT 8A168360 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xB41607A0]
SSDT 89720E38 ZwOpenProcess
SSDT 8A1CC1D8 ZwOpenProcessToken
SSDT 8A171058 ZwOpenSection
SSDT 89720CE8 ZwOpenThread
SSDT 897C6378 ZwProtectVirtualMemory
SSDT 8A1E6A30 ZwResumeThread
SSDT 89FFD200 ZwSetContextThread
SSDT 89781620 ZwSetInformationProcess
SSDT 8A1606B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4160C40]
SSDT 8A168A20 ZwSuspendProcess
SSDT 8A2194D8 ZwSuspendThread
SSDT 8A113878 ZwTerminateProcess
SSDT 8A234008 ZwTerminateThread
SSDT 89FF9228 ZwUnmapViewOfSection
SSDT 896E3930 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D3C 805045D8 4 Bytes JMP 190A8A04
.text ntkrnlpa.exe!ZwCallbackReturn + 2DD0 8050466C 4 Bytes CALL A4D9B87D
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB69C0380, 0x566445, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB68F9700, 0x2919C, 0xE0000060]
init C:\WINDOWS\system32\drivers\skfilt.sys entry point in "init" section [0xB3F0A430]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xB3207000, 0x4549F, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\BTHUSB \Device\000000b0 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\BTHUSB \Device\000000ae bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf 0xB1 0x6F 0xDF 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07 0x0E 0xBB 0xEC 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf 0xB1 0x6F 0xDF 0xB8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07 0x0E 0xBB 0xEC 0x0A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
|
|
18.05.2010, 20:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TDDS installiert sich nach deinstallation und reboot wieder neu Sieht ok aus, noch Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2010, 21:59
| #15 |
| | TDDS installiert sich nach deinstallation und reboot wieder neu Nein, es sieht alles wieder blendet aus. Ein ganz ganz großes  von mir für deine Hilfe.Grüße |
|
| Themen zu TDDS installiert sich nach deinstallation und reboot wieder neu |
| antivirus, bho, bonjour, browser, browseui preloader, curse, desktop, device driver, down, einstellungen, eraser, error, excel, firefox.exe, focus, fontcache, heuristics, hijack, hijackthis, hkus\s-1-5-18, installation, intrusion prevention, logfile, malwarebytes' anti-malware, mein log, msiexec, neu starten, norman, problem, required, rootkit, routine, rundll, scan, security, senden, skype.exe, spyware, starten, studio, svchost, symantec, visual studio, windows xp, write |
Linear-Darstellung
