| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.07.2010, 08:22
| #1 |
 |  TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hallo zusammen, hab ein kleines Problem, die oben angegebene Datei läßt sich nicht entfernen. Die Datei ist nach dem booten immer wieder da. Ich hoffe das ich alle nötigen Log-Dateien angehängt habe. Vielen Dank schon im Voraus Gruß, Sascha Hier die Log-Datei von Malwarebytes : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19.07.2010 08:53:37 mbam-log-2010-07-19 (08-53-37).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152751 Laufzeit: 7 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\cyitlzra.sys (Backdoor.IEbooot) -> No action taken. -------------------------------------------------------------------------- RSIT-Info: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-07-19 08:55:38
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT! by Sage Premium 2008 (10.0)-->C:\Programme\InstallShield Installation Information\{0580A7ED-75C0-44EA-B90F-2C566C79B8E4}\setup.exe -runfromtemp -l0x0407
ActLook-->C:\WINDOWS\ActLook Uninstaller.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Avira AntiVir Premium-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!Fernzugang-->MsiExec.exe /X{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}
Baphomets Fluch - Der schlafende Drache-->C:\WINDOWS\unvise32.exe C:\Programme\THQ\Baphomets Fluch - Der schlafende Drache\uninstal.log
Brother MFL-Pro Suite MFC-490CW-->"C:\Programme\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C2 -removeonly
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
COMODO Internet Security-->C:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Decker Maschinenelemente-->MsiExec.exe /I{24D18C8F-7C7C-4620-9A8E-71145762A2A0}
Dell Sicherungs- und Wiederherstellungs-Manager-->MsiExec.exe /I{842EFEDE-6700-4CC8-802A-444C7F927021}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Programme\DellTPad\Uninstap.exe ADDREMOVE
Dienstprogramm für Dell Wireless WLAN Karte-->"C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Programme\Dell\Dell Wireless WLAN Card"
DWGeditor-->MsiExec.exe /X{56DCD20A-E558-4396-AF59-14D15AA737BB}
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
Free YouTube Download 2.4-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
FreePDF (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
FTP-Watchdog-->MsiExec.exe /X{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}
GameShadow-->MsiExec.exe /I{D98C9637-93DA-44DB-B73A-B11A1192AB26}
GIMP 2.6.8-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{75AE638F-750A-11DF-96D5-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.70-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.70\uninstal.txt"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HPP-21-->C:\Programme\Hitecrcd\HPP-21\Uninstall.exe
IsoBuster 1.5-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Access 2003 Runtime-->MsiExec.exe /I{901C0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (ACT7)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-Abwärtskompatibilität-->MsiExec.exe /I{741D603B-85BB-4077-A779-4FCBAAF3AA3E}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Mozilla Firefox (3.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
Nokia Software Updater-->MsiExec.exe /X{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}
NSS (remove only)-->C:\Programme\NSS\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0}
PDF-XChange 3-->"C:\Programme\Tracker Software\PDF-XChange 3\unins000.exe"
PhotoView 360-->MsiExec.exe /I{736D2DAD-3D87-4CAA-8646-83D238AD68E0}
PowerDVD DX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7 -cluninstall
PrintKey2000-->C:\WINDOWS\unin0407.exe -fC:\Programme\PrintKey2000\DeIsL1.isu -cC:\Programme\PrintKey2000\_ISREG32.DLL
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Rigs of Rods 0.36.2-->C:\Programme\Rigs of Rods 0.36.2\uninst.exe
Sage Office Line-->MsiExec.exe /I{23637147-34AA-4C9C-A1D1-58B6419A3767}
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Silent Hunter III-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1031
SimCity 4 Deluxe-->C:\Programme\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
USB2.0 Card Reader Software-->"C:\Programme\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Voice Tracer-->C:\Programme\InstallShield Installation Information\{B7908330-93A8-4DB1-B6EE-6B0446E26939}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation DE Language Pack-->MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: AntiVir Desktop
FW: COMODO Firewall
======System event log======
Computer Name: LAPTOP_SG
Event Code: 4201
Message: Netzwerkadapter "Dell...1397 WLAN Mini-Card - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 45087
Source Name: Tcpip
Time Written: 20100710002402.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet".
Record Number: 45086
Source Name: Service Control Manager
Time Written: 20100710002341.000000+120
Event Type: Informationen
User:
Record Number: 45085
Source Name: Service Control Manager
Time Written: 20100710002337.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45084
Source Name: Service Control Manager
Time Written: 20100710002041.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "FLEXnet Licensing Service" gesendet.
Record Number: 45083
Source Name: Service Control Manager
Time Written: 20100710002041.000000+120
Event Type: Informationen
User: LAPTOP_SG\Sascha
=====Application event log=====
Computer Name: LAPTOP_SG
Event Code: 17164
Message: Detected 2 CPUs. This is an informational message; no user action is required.
Record Number: 50183
Source Name: MSSQL$ACT7
Time Written: 20100709145049.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17162
Message: SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
Record Number: 50182
Source Name: MSSQL$ACT7
Time Written: 20100709145049.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17110
Message: Registry startup parameters:
Record Number: 50181
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17176
Message: This instance of SQL Server last reported using a process ID of 168 at 09.07.2010 14:49:19 (local) 09.07.2010 12:49:19 (UTC). This is an informational message only; no user action is required.
Record Number: 50180
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17111
Message: Logging SQL Server messages in file 'C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.
Record Number: 50179
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared;C:\Programme\Microsoft SQL Server\90\Tools\binn;C:\Programme\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
-------------------------------------------------------------------------- RSIT-Log: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Sascha at 2010-07-19 08:54:57 Microsoft Windows XP Professional Service Pack 3 System drive C: has 85 GB (55%) free of 153 GB Total RAM: 3067 MB (75% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:55:35, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r211990\stacsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\FRITZ!Fernzugang\certsrv.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\FRITZ!Fernzugang\nwtsrv.exe C:\WINDOWS\system32\DRIVERS\o2flash.exe c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe C:\Programme\Dell Support Center\bin\sprtsvc.exe C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Programme\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe C:\Programme\FreePDF_XP\fpassist.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\Programme\FRITZ!Fernzugang\avmike.exe C:\02 Privat\loadz\Viren\RSIT.exe C:\Programme\trend micro\Sascha.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftpuser@gerlach-iv.dyndns.org/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Programme\ACT\Act for Windows\ActSage.exe" -preload O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Webseite zu ACT! Kontakt hinzufügen - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Webseite zu ACT! Kontakt hinzufügen... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA5E288-A303-4E63-AFC1-272D6FE97CDD}: NameServer = 192.168.3.111 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Programme\ACT\Act for Windows\Act.Scheduler.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: AVM FRITZ!Fernzugang IKE Service (avmike) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\avmike.exe O23 - Service: AVM FRITZ!Fernzugang Cert Service (certsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\certsrv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdateInstaller - Sage Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: AVM FRITZ!Fernzugang Client (nwtsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe O23 - Service: Sage Registrierungsdienst (Registry) - Sage Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r211990\stacsv.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11682 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}] Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2009-02-23 483420] "AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-23 729088] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-22 13590528] "nwiz"=nwiz.exe /installquiet [] "NVHotkey"=nvHotkey.dll,Start [] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-12-12 2220032] "Act.Outlook.Service"=C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe [2008-08-14 20480] "Act! Preloader"=C:\Programme\ACT\Act for Windows\ActSage.exe [2008-06-25 393216] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2009-08-06 381440] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "ControlCenter3"=C:\Programme\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368] "PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-07-08 282792] "COMODO Internet Security"=C:\Programme\COMODO\COMODO Internet Security\cfp.exe [2010-07-14 1800464] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoRecentDocsNetHood"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Programme\ACT\Act for Windows\ActSage.exe"="C:\Programme\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-07-19 08:55:08 ----D---- C:\Programme\trend micro 2010-07-19 08:54:57 ----D---- C:\rsit 2010-07-19 08:54:43 ----A---- C:\WINDOWS\system32\drivers\tolmeqn.sys 2010-07-19 08:41:48 ----D---- C:\Programme\CCleaner 2010-07-16 13:02:24 ----SHD---- C:\Config.Msi 2010-07-16 10:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-16 10:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-07-16 10:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-16 10:25:34 ----A---- C:\WINDOWS\system32\MRT.INI 2010-07-16 10:21:24 ----D---- C:\WINDOWS\system32\MpEngineStore 2010-07-16 10:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-16 10:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-07-16 10:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-16 10:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-16 10:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$ 2010-07-15 22:05:22 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Help 2010-07-15 21:58:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-07-15 21:58:17 ----D---- C:\Programme\Security Task Manager 2010-07-14 13:56:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\guard32.dll 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\inspect.sys 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\cmdhlp.sys 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\cmdguard.sys 2010-07-14 11:29:49 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Malwarebytes 2010-07-14 11:29:39 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-14 11:29:37 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-14 11:29:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-14 11:29:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-14 10:48:40 ----ASH---- C:\hiberfil.sys 2010-07-14 10:44:36 ----SD---- C:\CoFi 2010-07-09 13:02:11 ----D---- C:\WINDOWS\temp 2010-07-09 12:19:47 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Google 2010-07-08 18:12:55 ----SHD---- C:\RECYCLER 2010-07-08 18:01:08 ----A---- C:\Boot.bak 2010-07-08 18:00:57 ----RASHD---- C:\cmdcons 2010-07-08 17:57:54 ----A---- C:\WINDOWS\MBR.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\zip.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWSC.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWREG.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\sed.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\PEV.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\NIRCMD.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\grep.exe 2010-07-08 17:57:44 ----D---- C:\WINDOWS\ERDNT 2010-07-08 17:56:21 ----D---- C:\Qoobox 2010-07-08 13:03:50 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Avira 2010-07-08 12:57:25 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-08 11:39:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software 2010-07-06 16:40:00 ----D---- C:\Programme\Google 2010-07-05 16:53:20 ----D---- C:\Programme\SotS Gold Demo 2010-06-28 13:57:14 ----D---- C:\Programme\Spybot - Search & Destroy 2010-06-28 13:57:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-06-28 13:42:13 ----A---- C:\WINDOWS\system32\drivers\cyitlzra.sys 2010-06-28 13:39:49 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys 2010-06-28 13:38:13 ----A---- C:\WINDOWS\system32\drivers\changer.sys ======List of files/folders modified in the last 1 months====== 2010-07-19 08:55:08 ----RD---- C:\Programme 2010-07-19 08:55:04 ----D---- C:\WINDOWS\Prefetch 2010-07-19 08:54:43 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 08:54:43 ----D---- C:\WINDOWS\Debug 2010-07-19 08:44:26 ----D---- C:\WINDOWS\Minidump 2010-07-19 08:44:26 ----AD---- C:\WINDOWS 2010-07-19 08:33:17 ----D---- C:\Programme\Mozilla Firefox 2010-07-19 07:32:16 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 07:31:36 ----D---- C:\WINDOWS\ime 2010-07-18 02:51:22 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-07-18 00:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-16 16:43:06 ----SHD---- C:\System Volume Information 2010-07-16 16:40:57 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-16 13:26:34 ----D---- C:\WINDOWS\Registration 2010-07-16 13:24:36 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-16 13:24:13 ----RSD---- C:\WINDOWS\assembly 2010-07-16 13:04:25 ----SHD---- C:\WINDOWS\Installer 2010-07-16 13:04:12 ----AD---- C:\WINDOWS\system32 2010-07-16 13:03:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-16 13:03:19 ----D---- C:\WINDOWS\WinSxS 2010-07-16 10:27:24 ----HD---- C:\WINDOWS\inf 2010-07-16 10:27:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-16 10:27:09 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-16 09:06:45 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\gtk-2.0 2010-07-16 07:21:01 ----A---- C:\WINDOWS\cfplogvw.INI 2010-07-14 13:56:10 ----D---- C:\Programme\COMODO 2010-07-14 13:44:22 ----RASH---- C:\boot.ini 2010-07-14 13:44:22 ----A---- C:\WINDOWS\win.ini 2010-07-14 13:44:22 ----A---- C:\WINDOWS\system.ini 2010-07-14 13:17:08 ----D---- C:\WINDOWS\addins 2010-07-14 11:09:08 ----A---- C:\WINDOWS\wininit.ini 2010-07-13 15:54:06 ----D---- C:\temp 2010-07-13 14:51:33 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\SolidWorks 2010-07-13 13:20:07 ----D---- C:\Programme\FreePDF_XP 2010-07-09 13:01:00 ----D---- C:\WINDOWS\AppPatch 2010-07-09 13:00:59 ----D---- C:\Programme\Gemeinsame Dateien 2010-07-08 18:07:14 ----D---- C:\WINDOWS\system32\drivers\etc 2010-07-08 13:57:33 ----D---- C:\WINDOWS\repair 2010-07-08 13:51:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-08 12:54:33 ----D---- C:\Programme\Panzerkrieg_&_Blitzkrieg_RT 2010-07-07 13:52:25 ----D---- C:\02 Privat 2010-07-06 16:40:04 ----SD---- C:\WINDOWS\Tasks 2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-01-19 328728] R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-07-14 87104] R0 ohci1394;OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656] R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-07-08 124784] R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-07-14 132808] R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-07-14 25160] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-23 112512] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-04-01 196144] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-12-12 1287552] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-22 6163552] R3 NWIM;AVM VPN Miniport; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [2008-10-02 337200] R3 O2MDGRDR;O2MDGRDR; C:\WINDOWS\system32\DRIVERS\o2mdg.sys [2009-01-21 51616] R3 O2SDGRDR;O2SDGRDR; C:\WINDOWS\system32\DRIVERS\o2sdg.sys [2009-01-21 41760] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-02-03 120064] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-02-23 1548339] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] S0 vixtfcml;vixtfcml; C:\WINDOWS\System32\drivers\tolmeqn.sys [2010-07-19 54016] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 catchme;catchme; \??\C:\DOKUME~1\Sascha\LOKALE~1\Temp\catchme.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [] S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [2010-07-08 337064] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-07-08 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-07-08 267432] R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-07-08 405672] R2 avmike;AVM FRITZ!Fernzugang IKE Service; C:\Programme\FRITZ!Fernzugang\avmike.exe [2008-10-02 267568] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 certsrv;AVM FRITZ!Fernzugang Cert Service; C:\Programme\FRITZ!Fernzugang\certsrv.exe [2008-10-02 132400] R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [2010-07-14 723632] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LiveUpdateInstaller;LiveUpdateInstaller; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [2006-04-19 659456] R2 MSSQL$ACT7;SQL Server (ACT7); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-22 168004] R2 nwtsrv;AVM FRITZ!Fernzugang Client; C:\Programme\FRITZ!Fernzugang\nwtsrv.exe [2008-10-02 161072] R2 O2FLASH;O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [2009-01-21 72224] R2 PSI_SVC_2;Protexis Licensing V2; c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe [2007-04-12 178752] R2 Registry;Sage Registrierungsdienst; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe [2007-04-16 94208] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Programme\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968] R2 SQLBrowser;SQL Server Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 STacSV;Audio Service; c:\drivers\audio\r211990\stacsv.exe [2009-02-23 249938] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-17 604416] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-12-12 24064] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800] S2 ACT! Scheduler;ACT! Scheduler; C:\Programme\ACT\Act for Windows\Act.Scheduler.exe [2008-06-25 65536] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-07-06 136176] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-18 867080] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-11-18 79360] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-17 360704] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
22.07.2010, 14:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
22.07.2010, 19:11
| #3 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne,
__________________vielen dank erstmal für deine Hilfe. Hier sind die Log-dateien, ich hoffe das ich alles richtig gemacht habe. Gruß, Sascha mbam-log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4338 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 22.07.2010 19:09:10 mbam-log-2010-07-22 (19-09-10).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 155155 Laufzeit: 10 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\cyitlzra.sys (Backdoor.IEbooot) -> No action taken. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2010 19:35:20 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\S****a\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,01 Gb Total Space | 82,14 Gb Free Space | 55,12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP_SG Current User Name: S****a Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Sascha\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) PRC - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) PRC - C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe (Sage Software) PRC - c:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService_2.exe (Protexis Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe (Sage Software) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\S****a\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SolidWorks Licensing Service) -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (CoordinatorServiceHost) -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (STacSV) -- c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (ACT! Scheduler) -- C:\Programme\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.) SRV - (Registry) -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe (Sage Software) SRV - (PSI_SVC_2) -- c:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService_2.exe (Protexis Inc.) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LiveUpdateInstaller) -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe (Sage Software) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (msvsmon80) -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (RSUSBSTOR) -- C:\WINDOWS\System32\Drivers\RTS5121.sys File not found DRV - (catchme) -- C:\DOKUME~1\S****a\LOKALE~1\Temp\catchme.sys File not found DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO) DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (O2SDGRDR) -- C:\WINDOWS\system32\drivers\o2sdg.sys (O2Micro ) DRV - (O2MDGRDR) -- C:\WINDOWS\system32\drivers\o2mdg.sys (O2Micro ) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (NWIM) -- C:\WINDOWS\system32\drivers\avmnwim.sys (AVM Berlin) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\brserif.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (PRODIGY) -- C:\WINDOWS\system32\drivers\prodigy.sys (B-phreaks) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\brscnusb.sys (Brother Industries Ltd.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.ecosia.org/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.07.17 10:56:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.18 08:50:18 | 000,000,000 | ---D | M] [2009.08.28 11:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Extensions [2010.07.07 13:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S***a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions [2010.04.29 00:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.18 02:39:24 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.07.07 13:04:58 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2009.08.28 17:42:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.18 02:39:51 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.07.07 13:05:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.14 18:21:24 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\Mozilla Firefox\plugins\npEModelPlugin.dll [2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.06.24 14:37:42 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.08 18:07:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Act! Preloader] C:\Programme\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.) O4 - HKLM..\Run: [Act.Outlook.Service] C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 17:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.22 19:17:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S****a\Desktop\OTL.exe [2010.07.21 14:29:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\S****a\Recent [2010.07.21 12:32:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo [2010.07.21 12:32:18 | 000,171,552 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010.07.21 12:32:18 | 000,132,808 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2010.07.21 12:32:18 | 000,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010.07.21 12:32:18 | 000,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010.07.21 08:49:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.07.21 08:49:05 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3 [2010.07.19 11:09:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo Downloader [2010.07.19 08:55:08 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.07.19 08:54:57 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.19 08:41:48 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.19 08:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Desktop\Kampf [2010.07.16 10:47:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.07.16 10:21:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2010.07.15 22:05:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\Help [2010.07.15 22:05:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Help [2010.07.15 21:58:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.07.15 21:58:17 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.07.14 11:29:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Malwarebytes [2010.07.14 11:29:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.14 11:29:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.14 11:29:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.14 11:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.14 10:44:36 | 000,000,000 | --SD | C] -- C:\CoFi [2010.07.13 15:10:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Avira [2010.07.09 13:02:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.07.09 12:19:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Google [2010.07.08 18:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.07.08 18:12:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.07.08 18:00:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.07.08 17:57:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.07.08 17:57:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.07.08 17:57:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.07.08 17:57:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.07.08 17:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.07.08 17:56:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.07.08 13:03:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Anwendungsdaten\Avira [2010.07.08 12:57:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.07.08 12:57:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.07.08 12:57:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.07.08 12:57:22 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.07.08 11:39:34 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010.07.08 11:39:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.07.07 07:29:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2010.07.06 16:40:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\Temp [2010.07.06 16:40:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2010.07.06 16:40:00 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.07.06 16:40:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S****a\Lokale Einstellungen\Anwendungsdaten\Google [2010.07.05 16:53:20 | 000,000,000 | ---D | C] -- C:\Programme\SotS Gold Demo [2010.06.28 13:57:14 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.06.28 13:57:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.28 13:39:49 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.06.28 13:39:49 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.06.28 13:38:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.06.28 13:38:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.22 19:36:56 | 000,772,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\cyitlzra.sys [2010.07.22 19:17:25 | 000,094,054 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010.07.22 19:15:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S****a\Desktop\OTL.exe [2010.07.22 19:12:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pknndmet.sys [2010.07.22 19:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.07.22 18:54:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.22 18:38:50 | 000,000,952 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.07.22 16:58:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.22 07:11:53 | 000,200,610 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.07.22 07:06:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.22 07:05:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.22 07:05:49 | 3215,863,808 | -HS- | M] () -- C:\hiberfil.sys [2010.07.21 14:29:35 | 010,485,760 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\NTUSER.DAT [2010.07.21 14:29:32 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\S****a\ntuser.ini [2010.07.21 14:29:08 | 000,000,824 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk [2010.07.21 12:33:16 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\COMODO Internet Security.lnk [2010.07.21 12:32:11 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010.07.21 12:32:11 | 000,132,808 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2010.07.21 12:32:11 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010.07.21 12:32:11 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010.07.19 08:41:54 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\CCleaner.lnk [2010.07.19 07:32:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.16 13:03:34 | 001,169,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.16 13:03:34 | 000,511,116 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.16 13:03:34 | 000,492,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.16 13:03:34 | 000,103,894 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.16 13:03:34 | 000,090,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.16 10:34:54 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.16 10:25:34 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010.07.16 09:43:47 | 000,107,132 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\diag [2010.07.16 09:06:45 | 000,003,457 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\.recently-used.xbel [2010.07.16 07:21:01 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI [2010.07.14 13:44:22 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.14 13:44:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.07.14 13:44:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.14 11:09:08 | 000,000,610 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.07.13 12:13:15 | 000,150,118 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\Drehmaschine.pdf [2010.07.12 11:33:12 | 000,284,610 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\gmer1.0.15.15279.zip [2010.07.09 11:47:23 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.07.08 18:07:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.07.08 16:19:17 | 003,728,433 | R--- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\CoFi.exe [2010.07.08 13:49:07 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.07.08 13:49:05 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.07.08 13:49:03 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.07.08 12:57:37 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.07.05 17:36:29 | 000,094,054 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.07.05 16:53:54 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.07.05 16:53:54 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.07.01 14:16:32 | 000,000,937 | ---- | M] () -- C:\Dokumente und Einstellungen\S****a\Desktop\Spybot - Search & Destroy.lnk [2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010.06.28 14:54:33 | 000,408,639 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100628-171448.backup [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.22 19:12:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pknndmet.sys [2010.07.21 12:33:16 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\COMODO Internet Security.lnk [2010.07.20 16:40:48 | 000,002,272 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.19 08:41:54 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\CCleaner.lnk [2010.07.16 10:25:34 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.07.16 09:43:46 | 000,107,132 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\diag [2010.07.16 09:06:45 | 000,003,457 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\.recently-used.xbel [2010.07.14 10:48:40 | 3215,863,808 | -HS- | C] () -- C:\hiberfil.sys [2010.07.13 12:13:15 | 000,150,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Desktop\Drehmaschine.pdf [2010.07.12 23:06:37 | 000,000,824 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk [2010.07.12 11:43:34 | 000,292,864 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\gmer.exe [2010.07.12 11:33:04 | 000,284,610 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\gmer1.0.15.15279.zip [2010.07.08 18:01:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.07.08 18:01:00 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.07.08 17:57:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.07.08 17:57:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.07.08 17:57:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.07.08 17:57:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.07.08 17:57:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.07.08 16:18:40 | 003,728,433 | R--- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\CoFi.exe [2010.07.08 12:57:37 | 000,001,673 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.07.06 16:40:04 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.06 16:40:03 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.06.28 13:57:28 | 000,000,937 | ---- | C] () -- C:\Dokumente und Einstellungen\S****a\Desktop\Spybot - Search & Destroy.lnk [2010.06.28 13:42:13 | 000,772,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cyitlzra.sys [2010.06.28 13:36:52 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\qcopjv.dat [2010.04.13 18:12:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2010.04.13 18:12:04 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2010.04.13 18:11:44 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.04.13 18:11:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.04.13 18:06:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010.04.13 18:06:41 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2010.04.13 17:59:32 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2010.03.24 13:17:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KHKSManC.INI [2010.02.01 16:12:43 | 000,000,801 | ---- | C] () -- C:\WINDOWS\solvermfc.INI [2009.11.25 15:20:49 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009.11.18 08:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2009.10.19 14:28:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.08.28 11:20:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.07.17 12:07:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.07.09 18:13:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.07.09 18:13:04 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.07.09 18:13:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.07.09 18:13:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.07.09 18:10:04 | 000,001,501 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009.07.09 15:36:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.09 15:28:20 | 000,000,610 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.07.09 15:26:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2009.07.09 15:26:30 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008.04.25 16:57:02 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007.08.21 21:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2001.08.29 19:16:58 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\hidcrtp.dll [1998.07.20 11:41:02 | 000,226,816 | ---- | C] () -- C:\WINDOWS\System32\VCFI5DE.dll < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.07.2010 19:35:20 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Sascha\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,01 Gb Total Space | 82,14 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP_SG
Current User Name: Sascha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gibbs\GibbsCAM\8.7.16_NLO(w)\Virtual.exe" = C:\Programme\Gibbs\GibbsCAM\8.7.16_NLO(w)\Virtual.exe:*:Disabled:GibbsCAM 2007 v8.7.16_NLO(w) -- (Gibbs and Associates)
"C:\Programme\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe" = C:\Programme\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe:*:Disabled:SolidWorks eDrawings 2010 -- (Dassault Systèmes SolidWorks Corp.)
"C:\Programme\ACT\Act for Windows\ActSage.exe" = C:\Programme\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0580A7ED-75C0-44EA-B90F-2C566C79B8E4}" = ACT! by Sage Premium 2008 (10.0)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23637147-34AA-4C9C-A1D1-58B6419A3767}" = Sage Office Line
"{24D18C8F-7C7C-4620-9A8E-71145762A2A0}" = Decker Maschinenelemente
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2AEBE10C-D819-4EBF-BC60-03BF2327D340}" = Microsoft XML Parser and SDK
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}" = AVM FRITZ!Fernzugang
"{380E8FE7-D202-47FE-904E-908F55B48B84}" = GibbsCAM 2007, v8.7.16
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2816b)
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}" = FTP-Watchdog
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{741D603B-85BB-4077-A779-4FCBAAF3AA3E}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842EFEDE-6700-4CC8-802A-444C7F927021}" = Dell Sicherungs- und Wiederherstellungs-Manager
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7908330-93A8-4DB1-B6EE-6B0446E26939}" = Voice Tracer
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"ActLook" = ActLook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Baphomets Fluch - Der schlafende Drache" = Baphomets Fluch - Der schlafende Drache
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CCleaner" = CCleaner
"COMODO Internet Security" = COMODO Internet Security
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download 2.4
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HPP-21" = HPP-21
"InstallShield_{0580A7ED-75C0-44EA-B90F-2C566C79B8E4}" = ACT! by Sage Premium 2008 (10.0)
"InstallShield_{380E8FE7-D202-47FE-904E-908F55B48B84}" = GibbsCAM 2007, v8.7.16_NLO(w)
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"IsoBuster_is1" = IsoBuster 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"PrintKey2000" = PrintKey2000
"PRJPRO" = Microsoft Office Project Professional 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rigs of Rods" = Rigs of Rods 0.36.2
"Security Task Manager" = Security Task Manager 1.7h
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2010 10:51:12 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:51:12 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:51:12 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:53:26 | Computer Name = LAPTOP_SG | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "MoveFilesInDirectory" ist mit Status "0x80070005" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 22.07.2010 10:55:01 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:55:01 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:55:01 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:55:01 | Computer Name = LAPTOP_SG | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 28000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft SQL Native Client Error message: Login failed for user 'NT-AUTORITÄT\SYSTEM'.
DBPROP_INIT_DATASOURCE:
LAPTOP_SG\ACT7 DBPROP_INIT_CATALOG: master DBPROP_AUTH_INTEGRATED: SSPI
Error - 22.07.2010 10:57:02 | Computer Name = LAPTOP_SG | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "MoveFilesInDirectory" ist mit Status "0x80070005" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 22.07.2010 11:06:21 | Computer Name = LAPTOP_SG | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "MoveFilesInDirectory" ist mit Status "0x80070005" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ OSession Events ]
Error - 22.04.2010 01:39:40 | Computer Name = LAPTOP_SG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3610
seconds with 300 seconds of active time. This session ended with a crash.
Error - 24.04.2010 20:43:20 | Computer Name = LAPTOP_SG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 179
seconds with 120 seconds of active time. This session ended with a crash.
Error - 14.05.2010 19:46:30 | Computer Name = LAPTOP_SG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4561
seconds with 540 seconds of active time. This session ended with a crash.
Error - 14.05.2010 19:55:25 | Computer Name = LAPTOP_SG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 277
seconds with 180 seconds of active time. This session ended with a crash.
Error - 15.05.2010 09:52:19 | Computer Name = LAPTOP_SG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.07.2010 06:12:30 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 19.07.2010 09:35:02 | Computer Name = LAPTOP_SG | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht
innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware
oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere
Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene
Transaktion durchzuführen.
Error - 19.07.2010 09:35:53 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Inspect
Error - 19.07.2010 09:37:38 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 19.07.2010 09:37:38 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 20.07.2010 07:25:30 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (ACT7)" wurde mit folgendem dienstspezifischem
Fehler beendet: 1814 (0x716).
Error - 20.07.2010 07:25:35 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Inspect
Error - 20.07.2010 07:40:40 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir MailGuard" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 20.07.2010 11:20:32 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Inspect
Error - 21.07.2010 01:58:54 | Computer Name = LAPTOP_SG | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Inspect
[ TuneUp Events ]
Error - 14.07.2010 05:31:17 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 11:31:17', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3668',0)
Error - 14.07.2010 07:18:04 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-14 13:18:04', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','2616',0)
Error - 17.07.2010 18:28:22 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-18 00:28:22', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','2456',0)
Error - 17.07.2010 20:42:32 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-18 02:42:32', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','1960',0)
Error - 19.07.2010 01:34:17 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-19 07:34:16', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3192',0)
Error - 19.07.2010 02:29:02 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-19 08:29:02', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','4028',0)
Error - 19.07.2010 02:31:47 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-19 08:31:47', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3424',0)
Error - 19.07.2010 02:45:20 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-19 08:45:20', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3124',0)
Error - 19.07.2010 05:19:31 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-19 11:19:30', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3004',0)
Error - 20.07.2010 17:57:07 | Computer Name = LAPTOP_SG | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-20 23:57:07', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','2040',0)
< End of report >
|
|
22.07.2010, 19:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
[2010.07.22 19:36:56 | 000,772,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\cyitlzra.sys
[2010.07.22 19:17:25 | 000,094,054 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.07.22 19:12:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pknndmet.sys
[2010.06.28 13:36:52 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\qcopjv.dat
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.07.2010, 13:54
| #5 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, der Virenscaner jammert immer noch  Hier der Logfile: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. File move failed. C:\WINDOWS\system32\drivers\cyitlzra.sys scheduled to be moved on reboot. C:\WINDOWS\system32\nvModes.001 moved successfully. File C:\WINDOWS\System32\drivers\pknndmet.sys not found. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\qcopjv.dat moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: CURRENT_USER User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Sascha ->Temp folder emptied: 110145220 bytes ->Temporary Internet Files folder emptied: 3815837 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 110654290 bytes ->Flash cache emptied: 2717 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3950983 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 735625 bytes RecycleBin emptied: 47846953 bytes Total Files Cleaned = 264,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07232010_140155 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\cyitlzra.sys scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
23.07.2010, 17:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen |
|
24.07.2010, 00:46
| #7 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, hier ist der Logfile vom CoFi. Gruß, Sascha Combofix Logfile: Code:
ATTFilter ComboFix 10-07-23.01 - Sascha 24.07.2010 1:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3067.2470 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sascha\Desktop\CoFi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-23 bis 2010-07-23 ))))))))))))))))))))))))))))))
.
2010-07-23 12:01 . 2010-07-23 12:01 -------- d-----w- C:\_OTL
2010-07-21 10:32 . 2010-07-22 05:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo
2010-07-21 10:32 . 2010-07-21 10:32 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-07-21 10:32 . 2010-07-21 10:32 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-07-21 10:32 . 2010-07-21 10:32 171552 ----a-w- c:\windows\system32\guard32.dll
2010-07-21 10:32 . 2010-07-21 10:32 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-07-21 06:49 . 2010-07-21 06:49 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2010-07-21 06:49 . 2010-07-21 07:10 -------- d-----w- c:\programme\softonic-de3
2010-07-20 14:40 . 2010-07-20 14:40 2272 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-07-19 09:09 . 2010-07-21 08:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader
2010-07-19 06:55 . 2010-07-19 06:55 -------- d-----w- c:\programme\trend micro
2010-07-19 06:54 . 2010-07-19 06:55 -------- d-----w- C:\rsit
2010-07-19 06:41 . 2010-07-19 06:41 -------- d-----w- c:\programme\CCleaner
2010-07-16 08:47 . 2010-07-16 08:47 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-07-16 08:21 . 2010-07-16 08:25 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-15 20:05 . 2010-07-15 20:05 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Help
2010-07-15 19:59 . 2009-02-09 10:51 678400 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\_entreelist.dll
2010-07-15 19:59 . 2009-02-09 10:51 740352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\_enviewlist.dll
2010-07-15 19:59 . 2010-07-15 19:59 232 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_D2C91C733BB90BC48AC36212C3370CDB.dll
2010-07-15 19:59 . 2010-07-15 19:59 121 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_C01EBEA2918DFBE4CB0630FB32723D04.dll
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Malwarebytes
2010-07-14 09:29 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-14 09:29 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 13:10 . 2010-07-13 13:10 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Avira
2010-07-08 16:14 . 2010-07-08 16:14 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2010-07-08 11:03 . 2010-07-08 11:03 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Avira
2010-07-08 10:57 . 2010-07-08 11:49 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-08 10:57 . 2010-07-08 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-08 10:57 . 2010-07-08 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-08 09:39 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 09:39 . 2010-07-08 09:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-07-07 05:29 . 2010-07-07 05:29 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:49 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Temp
2010-07-06 14:40 . 2010-07-06 14:40 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:45 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:43 -------- d-----w- c:\programme\Google
2010-07-05 14:53 . 2010-07-14 09:23 -------- d-----w- c:\programme\SotS Gold Demo
2010-06-28 11:57 . 2010-07-23 23:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-06-28 11:57 . 2010-06-28 12:27 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-06-28 11:42 . 2010-07-23 23:31 772096 ----a-w- c:\windows\system32\drivers\cyitlzra.sys
2010-06-28 11:39 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-28 11:39 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-28 11:38 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-06-28 11:38 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 23:06 . 2009-07-17 11:07 952 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-07-23 23:06 . 2009-07-17 11:07 952 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-07-23 12:20 . 2010-07-15 19:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-07-20 11:57 . 2009-11-18 06:30 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\SolidWorks
2010-07-19 09:32 . 2009-11-25 11:40 -------- d-----w- c:\programme\COMODO
2010-07-16 11:03 . 2008-04-25 09:46 511116 ----a-w- c:\windows\system32\perfh007.dat
2010-07-16 11:03 . 2008-04-25 09:46 103894 ----a-w- c:\windows\system32\perfc007.dat
2010-07-16 07:06 . 2010-05-08 22:12 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\gtk-2.0
2010-07-15 20:05 . 2010-07-15 19:58 -------- d-----w- c:\programme\Security Task Manager
2010-07-15 19:59 . 2010-07-15 19:58 336 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_A1872CB26F7FE25459BE10A825F2B1C2.dll
2010-07-13 11:20 . 2009-08-28 09:20 -------- d-----w- c:\programme\FreePDF_XP
2010-07-08 11:51 . 2009-09-01 15:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-07-08 10:54 . 2009-12-14 13:10 -------- d-----w- c:\programme\Panzerkrieg_&_Blitzkrieg_RT
2010-07-05 15:36 . 2009-07-09 13:20 94054 ----a-w- c:\windows\system32\nvModes.dat
2010-06-14 14:31 . 2008-04-25 14:58 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 12:08 . 2010-06-01 12:08 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\EDrawings
2010-05-22 15:45 . 2010-05-22 15:45 530 ----a-w- c:\windows\eReg.dat
2010-05-02 08:00 . 2008-04-25 09:46 1860480 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 21:14 . 2010-04-28 21:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-28 21:10 . 2010-04-28 21:10 114688 ----a-w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll
2010-04-28 21:10 . 2010-04-18 00:39 52224 ----a-w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2009-10-26 07:22 . 2009-10-26 07:19 24437624 ----a-w- c:\programme\NokiaSoftwareUpdaterSetup_de.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24 2736736 ----a-w- c:\programme\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-02-22 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-22 13590528]
"nwiz"="nwiz.exe" [2009-01-22 1630208]
"NVHotkey"="nvHotkey.dll" [2009-01-22 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"Act.Outlook.Service"="c:\programme\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-08-14 20480]
"Act! Preloader"="c:\programme\ACT\Act for Windows\ActSage.exe" [2008-06-25 393216]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-08-06 381440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvMediaCenter"="NvMCTray.dll" [2009-01-22 86016]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-07-08 282792]
"COMODO Internet Security"="c:\programme\COMODO\COMODO Internet Security\cfp.exe" [2010-07-21 1800464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-12-11 813584]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"d:\angebote.ftpwd"=d:\angebote.ftpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DellSupportCenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"dscactivate"="c:\programme\Dell Support Center\gs_agent\custom\dsca.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"BrMfcWnd"=c:\programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Gibbs\\GibbsCAM\\8.7.16_NLO(w)\\Virtual.exe"=
"c:\\Programme\\SolidWorks Corp\\SolidWorks eDrawings\\EModelViewer.exe"=
"c:\\Programme\\ACT\\Act for Windows\\ActSage.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.07.2010 12:32 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21.07.2010 12:32 25160]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [08.07.2010 13:51 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.07.2010 12:57 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [08.07.2010 13:51 405672]
R2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\programme\FRITZ!Fernzugang\avmike.exe [02.10.2008 20:42 267568]
R2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\programme\FRITZ!Fernzugang\certsrv.exe [02.10.2008 20:43 132400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11.12.2009 08:15 10384]
R2 LiveUpdateInstaller;LiveUpdateInstaller;c:\programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [19.04.2006 12:47 659456]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\programme\FRITZ!Fernzugang\nwtsrv.exe [02.10.2008 20:43 161072]
R2 Registry;Sage Registrierungsdienst;c:\programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe [16.04.2007 15:27 94208]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [09.07.2009 18:13 112512]
R3 NWIM;AVM VPN Miniport;c:\windows\system32\drivers\avmnwim.sys [02.10.2008 19:42 337200]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [09.07.2009 18:13 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [09.07.2009 18:13 41760]
S2 ACT! Scheduler;ACT! Scheduler;c:\programme\ACT\Act for Windows\Act.Scheduler.exe [28.08.2009 11:03 65536]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.07.2010 16:40 136176]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [15.10.2009 07:51 87336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.03.2010 12:13 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.03.2010 12:13 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [13.01.2010 11:11 32377]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.09.2005 08:01 2799808]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - cyitlzra
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-07-23 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 13:17]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-06 14:39]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-06 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Connection Wizard,ShellNext = ftp://ftpuser@gerlach-iv.dyndns.org/
IE: Free YouTube Download - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: {DBA5E288-A303-4E63-AFC1-272D6FE97CDD} = 192.168.3.111
FF - ProfilePath - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - hxxp://www.ecosia.org/index.php
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-24 01:31
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyitlzra]
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1204)
c:\programme\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2508)
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
.
Zeit der Fertigstellung: 2010-07-24 01:33:49
ComboFix-quarantined-files.txt 2010-07-23 23:33
Vor Suchlauf: 20 Verzeichnis(se), 88.290.852.864 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 88.261.222.400 Bytes frei
- - End Of File - - EA3C8F6EB0D5762159274728FE04D1CB
|
|
24.07.2010, 00:54
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernenZitat:
Immer noch diese hier? => C:\WINDOWS\system32\drivers\cyitlzra.sys Edit: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
cyitlzra
File::
c:\windows\system32\drivers\cyitlzra.sys
Rootkit::
c:\windows\system32\drivers\cyitlzra.sys
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyitlzra]
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2010, 20:50
| #9 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, das Ding (cyitlzra.sys) treibt mich noch zum Wahnsinn  Hier die neue Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-23.01 - Sascha 24.07.2010 21:18:30.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3067.2449 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sascha\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Sascha\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FILE ::
"c:\windows\system32\drivers\cyitlzra.sys"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CYITLZRA
-------\Service_cyitlzra
((((((((((((((((((((((( Dateien erstellt von 2010-06-24 bis 2010-07-24 ))))))))))))))))))))))))))))))
.
2010-07-24 18:46 . 2010-07-24 18:46 -------- d-----r- c:\dokumente und einstellungen\LocalService\Eigene Dateien
2010-07-23 23:19 . 2010-07-23 23:33 -------- d-----w- C:\CoFi
2010-07-23 12:01 . 2010-07-23 12:01 -------- d-----w- C:\_OTL
2010-07-21 10:32 . 2010-07-22 05:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo
2010-07-21 10:32 . 2010-07-21 10:32 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-07-21 10:32 . 2010-07-21 10:32 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-07-21 10:32 . 2010-07-21 10:32 171552 ----a-w- c:\windows\system32\guard32.dll
2010-07-21 10:32 . 2010-07-21 10:32 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-07-21 06:49 . 2010-07-21 06:49 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2010-07-21 06:49 . 2010-07-21 07:10 -------- d-----w- c:\programme\softonic-de3
2010-07-20 14:40 . 2010-07-20 14:40 2272 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-07-19 09:09 . 2010-07-21 08:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader
2010-07-19 06:55 . 2010-07-19 06:55 -------- d-----w- c:\programme\trend micro
2010-07-19 06:54 . 2010-07-19 06:55 -------- d-----w- C:\rsit
2010-07-19 06:41 . 2010-07-19 06:41 -------- d-----w- c:\programme\CCleaner
2010-07-16 08:47 . 2010-07-16 08:47 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-07-16 08:21 . 2010-07-16 08:25 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-15 20:05 . 2010-07-15 20:05 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Help
2010-07-15 19:59 . 2009-02-09 10:51 678400 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\_entreelist.dll
2010-07-15 19:59 . 2009-02-09 10:51 740352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\_enviewlist.dll
2010-07-15 19:59 . 2010-07-15 19:59 232 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_D2C91C733BB90BC48AC36212C3370CDB.dll
2010-07-15 19:59 . 2010-07-15 19:59 121 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_C01EBEA2918DFBE4CB0630FB32723D04.dll
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Malwarebytes
2010-07-14 09:29 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-07-14 09:29 . 2010-07-14 09:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-14 09:29 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 13:10 . 2010-07-13 13:10 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Avira
2010-07-08 16:14 . 2010-07-08 16:14 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2010-07-08 11:03 . 2010-07-08 11:03 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Avira
2010-07-08 10:57 . 2010-07-08 11:49 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-08 10:57 . 2010-07-08 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-08 10:57 . 2010-07-08 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-08 09:39 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 09:39 . 2010-07-08 09:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-07-07 05:29 . 2010-07-07 05:29 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:49 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Temp
2010-07-06 14:40 . 2010-07-06 14:40 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:45 -------- d-----w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Google
2010-07-06 14:40 . 2010-07-06 14:43 -------- d-----w- c:\programme\Google
2010-07-05 14:53 . 2010-07-14 09:23 -------- d-----w- c:\programme\SotS Gold Demo
2010-06-28 11:57 . 2010-07-24 11:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-06-28 11:57 . 2010-06-28 12:27 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-06-28 11:39 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-28 11:39 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-28 11:38 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-06-28 11:38 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 19:32 . 2009-07-17 11:07 952 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-07-24 19:32 . 2009-07-17 11:07 952 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2010-07-24 11:27 . 2009-07-09 13:33 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-07-23 23:36 . 2009-08-28 06:38 73248 ----a-w- c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-07-23 12:20 . 2010-07-15 19:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-07-20 11:57 . 2009-11-18 06:30 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\SolidWorks
2010-07-19 09:32 . 2009-11-25 11:40 -------- d-----w- c:\programme\COMODO
2010-07-16 11:03 . 2008-04-25 09:46 511116 ----a-w- c:\windows\system32\perfh007.dat
2010-07-16 11:03 . 2008-04-25 09:46 103894 ----a-w- c:\windows\system32\perfc007.dat
2010-07-16 07:06 . 2010-05-08 22:12 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\gtk-2.0
2010-07-15 20:05 . 2010-07-15 19:58 -------- d-----w- c:\programme\Security Task Manager
2010-07-15 19:59 . 2010-07-15 19:58 336 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_A1872CB26F7FE25459BE10A825F2B1C2.dll
2010-07-13 11:20 . 2009-08-28 09:20 -------- d-----w- c:\programme\FreePDF_XP
2010-07-08 11:51 . 2009-09-01 15:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-07-08 10:54 . 2009-12-14 13:10 -------- d-----w- c:\programme\Panzerkrieg_&_Blitzkrieg_RT
2010-07-05 15:36 . 2009-07-09 13:20 94054 ----a-w- c:\windows\system32\nvModes.dat
2010-06-14 14:31 . 2008-04-25 14:58 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 12:08 . 2010-06-01 12:08 -------- d-----w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\EDrawings
2010-05-22 15:45 . 2010-05-22 15:45 530 ----a-w- c:\windows\eReg.dat
2010-05-02 08:00 . 2008-04-25 09:46 1860480 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 21:14 . 2010-04-28 21:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-28 21:10 . 2010-04-28 21:10 114688 ----a-w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll
2010-04-28 21:10 . 2010-04-18 00:39 52224 ----a-w- c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2009-10-26 07:22 . 2009-10-26 07:19 24437624 ----a-w- c:\programme\NokiaSoftwareUpdaterSetup_de.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-07-23_23.31.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 11:15 . 2010-07-24 11:15 16384 c:\windows\temp\Perflib_Perfdata_780.dat
+ 2010-07-24 11:15 . 2010-07-24 11:15 16384 c:\windows\temp\Perflib_Perfdata_61c.dat
+ 2010-07-24 19:27 . 2010-07-24 19:27 16384 c:\windows\temp\Perflib_Perfdata_354.dat
+ 2010-07-24 19:27 . 2010-07-24 19:27 16384 c:\windows\temp\Perflib_Perfdata_2dc.dat
+ 2008-04-25 01:51 . 2010-07-24 11:15 281336 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24 2736736 ----a-w- c:\programme\softonic-de3\tbsoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-02-22 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-22 13590528]
"nwiz"="nwiz.exe" [2009-01-22 1630208]
"NVHotkey"="nvHotkey.dll" [2009-01-22 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"Act.Outlook.Service"="c:\programme\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-08-14 20480]
"Act! Preloader"="c:\programme\ACT\Act for Windows\ActSage.exe" [2008-06-25 393216]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-08-06 381440]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvMediaCenter"="NvMCTray.dll" [2009-01-22 86016]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-07-08 282792]
"COMODO Internet Security"="c:\programme\COMODO\COMODO Internet Security\cfp.exe" [2010-07-21 1800464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"d:\angebote.ftpwd"=d:\angebote.ftpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DellSupportCenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"dscactivate"="c:\programme\Dell Support Center\gs_agent\custom\dsca.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"BrMfcWnd"=c:\programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Gibbs\\GibbsCAM\\8.7.16_NLO(w)\\Virtual.exe"=
"c:\\Programme\\SolidWorks Corp\\SolidWorks eDrawings\\EModelViewer.exe"=
"c:\\Programme\\ACT\\Act for Windows\\ActSage.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.07.2010 12:32 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21.07.2010 12:32 25160]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [08.07.2010 13:51 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.07.2010 12:57 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [08.07.2010 13:51 405672]
R2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\programme\FRITZ!Fernzugang\certsrv.exe [02.10.2008 20:43 132400]
R2 LiveUpdateInstaller;LiveUpdateInstaller;c:\programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [19.04.2006 12:47 659456]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\programme\FRITZ!Fernzugang\nwtsrv.exe [02.10.2008 20:43 161072]
R2 Registry;Sage Registrierungsdienst;c:\programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe [16.04.2007 15:27 94208]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [09.07.2009 18:13 112512]
R3 NWIM;AVM VPN Miniport;c:\windows\system32\drivers\avmnwim.sys [02.10.2008 19:42 337200]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [09.07.2009 18:13 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [09.07.2009 18:13 41760]
S2 ACT! Scheduler;ACT! Scheduler;c:\programme\ACT\Act for Windows\Act.Scheduler.exe [28.08.2009 11:03 65536]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\programme\FRITZ!Fernzugang\avmike.exe [02.10.2008 20:42 267568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.07.2010 16:40 136176]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [15.10.2009 07:51 87336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.03.2010 12:13 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.03.2010 12:13 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [13.01.2010 11:11 32377]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.09.2005 08:01 2799808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-07-24 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-03-20 13:17]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-06 14:39]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-07-06 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Connection Wizard,ShellNext = ftp://ftpuser@gerlach-iv.dyndns.org/
IE: Free YouTube Download - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: {DBA5E288-A303-4E63-AFC1-272D6FE97CDD} = 192.168.3.111
FF - ProfilePath - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - hxxp://www.ecosia.org/index.php
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Mozilla\Firefox\Profiles\nzw0vcfi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-24 21:35
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1136)
c:\programme\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\drivers\audio\r211990\stacsv.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-24 21:39:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-24 19:38
ComboFix2.txt 2010-07-23 23:33
Vor Suchlauf: 24 Verzeichnis(se), 88.268.681.216 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 88.103.960.576 Bytes frei
- - End Of File - - 1724EDA003659085C73A4B0FF0B02673
|
|
25.07.2010, 00:09
| #10 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, Weltklasse Du bist der GRÖSSTE. Danke  Das Ding ist weg, soweit ich das bis jetzt sehen kann. Wenn ich Dir mal einen Gefallen tun kann lass es mich wissen. Gruß, Sascha |
|
26.07.2010, 15:16
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2010, 11:31
| #12 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, also GMER läuft nicht. Hier ist der logfile: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:09:25 on 29.07.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2009\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL "cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM VPN Miniport" (NWIM) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmnwim.sys "catchme" (catchme) - ? - C:\CoFi11228C\catchme.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys "Logitech SetPoint KMDF USB Filter" (LUsbFilt) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LUsbFilt.Sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PRODIGY" (PRODIGY) - "B-phreaks" - C:\WINDOWS\System32\Drivers\PRODIGY.SYS "Realtek IR Driver" (Rts516xIR) - ? - C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys (File not found) "RTS5121.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\WINDOWS\System32\Drivers\RTS5121.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\aatp.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {21D928D4-4850-45E3-9982-AD57051ECD42} "EdrawingThumbNailProvider Class" - "Dassault Systèmes SolidWorks Corp." - C:\Programme\SolidWorks Corp\SolidWorks eDrawings\edrwthumbnailprovider.dll {E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\NAMEEXT.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internetverknüpfung" - ? - C:\WINDOWS\system32\ieframe.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Mobilen Favoriten erstellen" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} "Webseite zu ACT! Kontakt hinzufügen" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {D5233FCD-D258-4903-89B8-FB1568E7413D} "Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Status Monitor.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk (Shortcut exists | File not found) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Act! Preloader" - "Sage Software, Inc." - "C:\Programme\ACT\Act for Windows\ActSage.exe" -preload "Act.Outlook.Service" - "Sage Software, Inc." - "C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe "ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ACT! Scheduler" (ACT! Scheduler) - "Sage Software, Inc." - C:\Programme\ACT\Act for Windows\Act.Scheduler.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "AVM FRITZ!Fernzugang Cert Service" (certsrv) - "AVM Berlin" - C:\Programme\FRITZ!Fernzugang\certsrv.exe "AVM FRITZ!Fernzugang Client" (nwtsrv) - "AVM Berlin" - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe "AVM FRITZ!Fernzugang IKE Service" (avmike) - "AVM Berlin" - C:\Programme\FRITZ!Fernzugang\avmike.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveUpdateInstaller" (LiveUpdateInstaller) - "Sage Software" - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe "Sage Registrierungsdienst" (Registry) - "Sage Software" - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe "SQL Server (ACT7)" (MSSQL$ACT7) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "SW Distributed TS Coordinator Service" (CoordinatorServiceHost) - "Dassault Systèmes SolidWorks Corp." - C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe "TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und da ich ja völlig Blind bin komme ich mit dem REMOVER nicht weiter  Da kannst Du mir aber sicher auch weiter helfen. Das kommt halt wenn man nur vor der Kiste sitzt, in den Programmen rumm spielt und sich nicht weiter kümmert  Hier aber mal ein Bild  Gruß, Sascha |
|
29.07.2010, 14:48
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2010, 15:40
| #14 |
| | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hi Arne, hab alles ausgeführt. Also die REMOVER exe ins system kopiert und gestartet, hat aber wiedre nicht funktioniert Dann hab ich die Datei hochgeladen. Gruß, Sascha |
|
29.07.2010, 15:47
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Was meinst Du mit es hat nicht funktioniert? Wenn die mbr.dat erstellt wurde hat es funktioniert!! Bitte jetzt diesen Text aus dem folgenden Codefeld eintippen und mit Enter/Return wieder in der Konsole cmd.exe ausführen: Code:
ATTFilter remover.exe fix \\.\PhysicalDrive0
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen |
| .com, antivir, antivir guard, avgntflt.sys, bho, booten, desktop, diagnostics, drvstore, entfernen, excel, firefox, flash player, fontcache, gupdate, hijack, hijackthis, hkus\s-1-5-18, hotfix.exe, iastor.sys, installation, logfile, msiexec.exe, mssql, problem, realtek, registry, rundll, security update, server, software, starten, studio, system, tracker, updates, viren, visual studio, windows xp |
Linear-Darstellung
