Merkwürdiges Verhalten des Rechners durch MSN Trojaner (?) |
||
---|---|---|
#0
| ||
08.07.2008, 15:19
...neu hier
Beiträge: 10 |
||
|
||
08.07.2008, 16:23
Passwort: gast
Beiträge: 0 |
#2
Du solltest so langsam mal hingehen und dein MSN Passwort wechseln, wenn das ueberhaupt noch geht. Bete das es funktioniert, sonst kannst du dein derzeitiges MSN Konto abschreiben! Auf dem Rechner dürfte sich keine Malware befinden! Wie kann man nur seine persönlichen Daten und Passworte(!!) freiwillig auf irgendwelche Seiten eingeben.......
|
|
|
||
08.07.2008, 17:34
...neu hier
Themenstarter Beiträge: 10 |
#3
Ich weiß selber dass es Mist war, das Passwort ist gewechselt doch leider hatte ich gerade vor 5 Minuten wieder dieses Mauszeigerproblem.
|
|
|
||
08.07.2008, 18:18
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo, nitro77
wende mal den blacklight an + poste nach dem 1.Suchdurchgang das log, was auf dem Desktop erscheint (abkopieren) http://virus-protect.org/artikel/tools/blacklight.html --------------------------------------------------------------------- mal sehen, ob combofix auf deinem System funktioniert, versuche es mal + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 18:41
...neu hier
Themenstarter Beiträge: 10 |
#5
Erstmal danke dir, das log sieht so aus ...
07/08/08 18:34:27 [Info]: BlackLight Engine 1.0.70 initialized 07/08/08 18:34:27 [Info]: OS: 6.0 build 6001 (Service Pack 1) 07/08/08 18:34:27 [Note]: 7019 4 07/08/08 18:34:27 [Note]: 7005 0 07/08/08 18:35:11 [Note]: 7006 0 07/08/08 18:35:11 [Note]: 7027 0 07/08/08 18:35:11 [Note]: 7035 0 07/08/08 18:35:11 [Note]: 7026 0 07/08/08 18:35:11 [Note]: 7026 0 07/08/08 18:35:13 [Note]: FSRAW library version 1.7.1024 07/08/08 18:35:25 [Note]: 4015 2073 07/08/08 18:35:25 [Note]: 4027 2073 65536 07/08/08 18:35:25 [Note]: 4020 722 65536 07/08/08 18:35:25 [Note]: 4018 722 65536 07/08/08 18:35:26 [Note]: 4015 2154 07/08/08 18:35:26 [Note]: 4027 2154 65536 07/08/08 18:35:26 [Note]: 4020 2073 65536 07/08/08 18:35:26 [Note]: 4018 2073 65536 07/08/08 18:35:34 [Note]: 4015 3047 07/08/08 18:35:34 [Note]: 4027 3047 65536 07/08/08 18:35:34 [Note]: 4020 722 65536 07/08/08 18:35:34 [Note]: 4018 722 65536 07/08/08 18:35:38 [Note]: 4015 3285 07/08/08 18:35:38 [Note]: 4027 3285 65536 07/08/08 18:35:38 [Note]: 4020 3047 65536 07/08/08 18:35:38 [Note]: 4018 3047 65536 07/08/08 18:35:51 [Note]: 4015 6323 07/08/08 18:35:51 [Note]: 4027 6323 196608 07/08/08 18:35:51 [Note]: 4020 40 327680 07/08/08 18:35:51 [Note]: 4018 40 327680 07/08/08 18:35:51 [Note]: 4015 5127 07/08/08 18:35:51 [Note]: 4027 5127 196608 07/08/08 18:35:51 [Note]: 4020 40 327680 07/08/08 18:35:51 [Note]: 4018 40 327680 Combofix funktioniert leider nicht |
|
|
||
08.07.2008, 19:22
Ehrenmitglied
Beiträge: 29434 |
#6
wende avz an + poste den report
http://virus-protect.org/artikel/tools/avz.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 19:38
...neu hier
Themenstarter Beiträge: 10 |
#7
Danke, habs gemacht und das Log sieht so aus ...
AVZ Antiviral Toolkit log; AVZ version is 4.30 Scanning started at 08.07.2008 19:29:28 Database loaded: signatures - 175269, NN profile(s) - 2, microprograms of healing - 56, signature database released 07.07.2008 22:56 Heuristic microprograms loaded: 370 SPV microprograms loaded: 9 Digital signatures of system files loaded: 71502 Heuristic analyzer mode: Medium heuristics level Healing mode: enabled Windows version: 6.0.6001, Service Pack 1 ; AVZ is launched with administrator rights System Restore: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Function user32.dllefDlgProcA (143) intercepted, method ProcAddressHijack.GetProcAddress ->75E974E8->77593DB0 Function user32.dllefDlgProcW (144) intercepted, method ProcAddressHijack.GetProcAddress ->75E97503->77593DBB Function user32.dllefWindowProcA (150) intercepted, method ProcAddressHijack.GetProcAddress ->75E9751E->77593D42 Function user32.dllefWindowProcW (151) intercepted, method ProcAddressHijack.GetProcAddress ->75E97539->77593D4D Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Error - file not found (C:\SystemRoot\system32\ntoskrnl.exe) 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Error loading driver - checking interrupted [C0000061] 2. Scanning memory Number of processes found: 9 Number of modules loaded: 219 Scanning memory - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun are allowed >> Autorun from network drives are allowed >> Removable media autorun are allowed Checking - complete Files scanned: 58683, extracted from archives: 40544, malicious software found 0, suspicions - 0 Scanning finished at 08.07.2008 19:34:44 Time of scanning: 00:05:16 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Ich weiiß nicht, langsam hab ich das Gefühl gehackt worden zu sein. |
|
|
||
08.07.2008, 19:42
Ehrenmitglied
Beiträge: 29434 |
#8
ja, das kann man sehen...
wende sdfix an http://virus-protect.org/artikel/tools/sdfix.html unter C:\ findet man nun den SDFix-Ordner boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet) gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 20:12
...neu hier
Themenstarter Beiträge: 10 |
#9
Wenn ich im abgesicherten Modus auf die RunThis.bat klicke, öffnet sich zwar kurz das Fenster aber es geht auch gleich wieder zu. Aber Danke dir trotzdem ganz doll für deine Ratschläge.
Edit: Wenn ich es im normalen Modus starten will sagt mir dass es mit Visa x64 nicht kompatipel. Ich hasse Vista echt. Ich würde ja auch die Platte platt machen, nur weiß ich nicht ob es was bringt, beim letzten mal hats auch nicht geklappt. Dieser Beitrag wurde am 08.07.2008 um 20:24 Uhr von nitro77 editiert.
|
|
|
||
08.07.2008, 20:53
Ehrenmitglied
Beiträge: 29434 |
#10
««
lade gmer.zip http://virus-protect.org/artikel/tools/gmer.html lasse alles scannen + poste den report « lade TCPView for Windows - poste den report http://virus-protect.org/artikel/tools/tcpview.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.07.2008, 21:13
...neu hier
Themenstarter Beiträge: 10 |
#11
gmer: GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-08 21:04:08 Windows 6.0.6001 Service Pack 1 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet003\Control@WaitToKillServiceTimeout 20000 Reg HKLM\SYSTEM\ControlSet003\Control@CurrentUser USERNAME Reg HKLM\SYSTEM\ControlSet003\Control@PreshutdownOrder wuauserv?gpsvc?trustedinstaller? Reg HKLM\SYSTEM\ControlSet003\Control@SystemStartOptions /NOEXECUTE=OPTIN Reg HKLM\SYSTEM\ControlSet003\Control@SystemBootDevice multi(0)disk(0)rdisk(0)partition(1) Reg HKLM\SYSTEM\ControlSet003\Control@FirmwareBootDevice multi(0)disk(0)rdisk(0)partition(1) ---- EOF - GMER 1.0.14 ---- TCPView: [System Process]:0 TCP markus-pc:4662 90.53.77.228:1237 TIME_WAIT [System Process]:0 TCP markus-pc:49996 193.138.220.147:http TIME_WAIT [System Process]:0 TCP markus-pc:49999 dnl-eu3.kaspersky-labs.com:http TIME_WAIT [System Process]:0 TCP markus-pc:49993 pd9e64416.dip.t-dialin.net:21287 TIME_WAIT [System Process]:0 TCP markus-pc:49998 78.52.163.181:29983 TIME_WAIT [System Process]:0 TCP markus-pc:50000 p5488c174.dip.t-dialin.net:28901 TIME_WAIT [System Process]:0 TCP markus-pc:49995 hnvr-4d07834d.pool.mediaways.net:4662 TIME_WAIT [System Process]:0 TCP markus-pc:50005 19-147.79-83.cust.bluewin.ch:4662 TIME_WAIT [System Process]:0 TCP markus-pc:50006 e176074063.adsl.alicedsl.de:12651 TIME_WAIT [System Process]:0 TCP markus-pc:50007 p54a5fa86.dip.t-dialin.net:41713 TIME_WAIT avp.exe:2632 TCP Markus-PC:nfsd-status Markus-PC:0 LISTENING avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49928 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49940 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49943 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49949 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49955 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49982 FIN_WAIT2 avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49956 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49967 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49952 ESTABLISHED avp.exe:2632 TCP Markus-PC:nfsd-status localhost:49944 ESTABLISHED avp.exe:2632 TCP Markus-PC:19780 Markus-PC:0 LISTENING avp.exe:2632 TCP markus-pc:49930 194.97.131.196:http ESTABLISHED avp.exe:2632 TCP markus-pc:49942 65.55.11.240:http ESTABLISHED avp.exe:2632 TCP markus-pc:49947 62.41.3.123:http ESTABLISHED avp.exe:2632 TCP markus-pc:49948 62.41.3.123:http ESTABLISHED avp.exe:2632 TCP markus-pc:49951 62.41.3.130:http ESTABLISHED avp.exe:2632 TCP markus-pc:49954 65.55.11.240:http ESTABLISHED avp.exe:2632 TCP markus-pc:49959 62.41.3.123:http ESTABLISHED avp.exe:2632 TCP markus-pc:49960 62.41.3.123:http ESTABLISHED avp.exe:2632 TCP markus-pc:49975 wwwtk2test2.microsoft.com:http ESTABLISHED emule.exe:1384 TCP Markus-PC:4662 Markus-PC:0 LISTENING emule.exe:1384 TCP markus-pc:4662 i53875e72.versanet.de:1328 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 arouen-252-1-48-131.w90-23.abo.wanadoo.fr:2709 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 dslb-088-068-100-185.pools.arcor-ip.net:13823 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 p5b17eb69.dip.t-dialin.net:33518 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 e178126247.adsl.alicedsl.de:34333 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 d86-32-78-120.cust.tele2.at:49641 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 92.117.159.233:52819 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 cpe-121-222-8-88.qld.bigpond.net.au:60966 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 qdc52.q.pppool.de:62166 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 p4fc17041.dip.t-dialin.net:2524 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED emule.exe:1384 TCP markus-pc:49224 193.42.213.30:9510 ESTABLISHED emule.exe:1384 TCP markus-pc:49274 i577b4a68.versanet.de:13220 ESTABLISHED emule.exe:1384 TCP markus-pc:49275 e182024196.adsl.alicedsl.de:33477 ESTABLISHED emule.exe:1384 TCP markus-pc:49297 baf1d4d.baf.pppool.de:18386 ESTABLISHED emule.exe:1384 TCP markus-pc:49518 g228003198.adsl.alicedsl.de:19201 ESTABLISHED emule.exe:1384 TCP markus-pc:49658 p54bec171.dip.t-dialin.net:60483 ESTABLISHED emule.exe:1384 TCP markus-pc:49696 pd95eddbb.dip.t-dialin.net:13662 ESTABLISHED emule.exe:1384 TCP markus-pc:49712 80-121-99-67.adsl.highway.telekom.at:36011 ESTABLISHED emule.exe:1384 TCP markus-pc:49723 p4fd32c72.dip0.t-ipconnect.de:4662 ESTABLISHED emule.exe:1384 UDP Markus-PC:4672 *:* emule.exe:1384 UDP Markus-PC:55735 *:* emule.exe:1384 TCP markus-pc:4662 qdc52.q.pppool.de:62166 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 p5b171152.dip0.t-ipconnect.de:63306 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 i577a4290.versanet.de:62686 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 79-114-82-13.rdsnet.ro:3006 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:50009 218-168-162-58.dynamic.hinet.net:34923 SYN_SENT emule.exe:1384 TCP markus-pc:50010 lns-bzn-37-82-253-0-230.adsl.proxad.net:54543 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 80.66.47.102:63593 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 92.117.159.233:52819 ESTABLISHED emule.exe:1384 TCP markus-pc:4662 arouen-252-1-48-131.w90-23.abo.wanadoo.fr:2709 ESTABLISHED ICQ.exe:2264 UDP Markus-PC:56131 *:* iexplore.exe:224 UDP Markus-PC:50095 *:* iexplore.exe:3288 TCP Markus-PC:49928 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49940 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49943 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49944 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49949 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49952 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49955 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49956 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49967 localhost:nfsd-status ESTABLISHED iexplore.exe:3288 TCP Markus-PC:49982 localhost:nfsd-status CLOSE_WAIT iexplore.exe:3288 UDP Markus-PC:56432 *:* lsass.exe:640 TCP Markus-PC:49155 Markus-PC:0 LISTENING msnmsgr.exe:2352 TCP markus-pc:49159 by1msg2093119.gateway.edge.messenger.live.com:msnp ESTABLISHED msnmsgr.exe:2352 UDP markus-pc:discard *:* msnmsgr.exe:2352 UDP Markus-PC:50093 *:* msnmsgr.exe:2352 UDP Markus-PC:65379 *:* msnmsgr.exe:2352 UDP Markus-PC:65449 *:* services.exe:628 TCP Markus-PC:49171 Markus-PC:0 LISTENING svchost.exe:1004 TCP Markus-PC:49153 Markus-PC:0 LISTENING svchost.exe:1004 UDP Markus-PC:bootpc *:* svchost.exe:1080 UDP Markus-PC:ntp *:* svchost.exe:1080 UDP Markus-PC:ssdp *:* svchost.exe:1080 UDP markus-pc:ssdp *:* svchost.exe:1080 UDP Markus-PC:3702 *:* svchost.exe:1080 UDP Markus-PC:3702 *:* svchost.exe:1080 UDP Markus-PC:49152 *:* svchost.exe:1080 UDP markus-pc:57647 *:* svchost.exe:1080 UDP Markus-PC:57648 *:* svchost.exe:1080 UDPV6 markus-pc:123 *:* svchost.exe:1080 UDPV6 [0:0:0:0:0:0:0:1]:1900 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:0:100:7f:fffe]:1900 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:d5aa:2754:bca8:957c]:1900 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:d865:86e0:a499:96f3]:1900 *:* svchost.exe:1080 UDPV6 markus-pc:3702 *:* svchost.exe:1080 UDPV6 markus-pc:3702 *:* svchost.exe:1080 UDPV6 markus-pc:49153 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:d865:86e0:a499:96f3]:57643 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:d5aa:2754:bca8:957c]:57644 *:* svchost.exe:1080 UDPV6 [0:0:0:0:0:0:0:1]:57645 *:* svchost.exe:1080 UDPV6 [fe80:0:0:0:0:100:7f:fffe]:57646 *:* svchost.exe:2756 TCP Markus-PC:49156 Markus-PC:0 LISTENING svchost.exe:296 TCP Markus-PC:49154 Markus-PC:0 LISTENING svchost.exe:296 UDP Markus-PC:isakmp *:* svchost.exe:296 UDP Markus-PC:ipsec-msft *:* svchost.exe:296 UDPV6 markus-pc:500 *:* svchost.exe:912 TCP Markus-PC:epmap Markus-PC:0 LISTENING System:4 TCP markus-pc:netbios-ssn Markus-PC:0 LISTENING System:4 TCP Markus-PC:microsoft-ds Markus-PC:0 LISTENING System:4 TCP Markus-PC:5357 Markus-PC:0 LISTENING System:4 UDP markus-pc:netbios-ns *:* System:4 UDP markus-pc:netbios-dgm *:* wininit.exe:572 TCP Markus-PC:49152 Markus-PC:0 LISTENING |
|
|
||
08.07.2008, 21:34
Moderator
Beiträge: 7805 |
||
|
||
09.07.2008, 11:02
Ehrenmitglied
Beiträge: 29434 |
#13
1.
ändere noch mal dein Passwort vom messi 2. kannst du auf dem System comboscan anwenden ? falls es klappt, poste die 2 Logs, die erstellt werden http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.07.2008, 11:39
...neu hier
Themenstarter Beiträge: 10 |
#14
1.
Done Hab das PW gestern geändert aber kurz danach kam dieses Mauszeigerproblem wieder aber seitdem ist Ruhe. Nur die Frage wie lange? 2. Die Logfiles, hui das is ne Menge was da drin steht ... Deckard's System Scanner v20071014.68 Run by Markus on 2008-07-09 11:29:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 15: 2008-07-09 01:00:13 UTC - RP109 - Windows Update 14: 2008-07-07 22:30:02 UTC - RP108 - Installed Windows Live 13: 2008-07-07 22:29:49 UTC - RP107 - Windows Live installer wird installiert 12: 2008-07-07 22:26:21 UTC - RP106 - Windows Live Messenger wird installiert 11: 2008-07-07 21:14:09 UTC - RP105 - Microsoft Office Word Viewer 2003 wird entfernt -- First Restore Point -- 1: 2008-07-06 21:03:20 UTC - RP95 - Installierte(s) Kaspersky Internet Security 2009. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Markus.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:30:42, on 09.07.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: D:\Programme\ICQ\ICQ6\ICQ.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\Kaspersky Internet Security 2009\avp.exe C:\Windows\SysWOW64\CTHELPER.EXE C:\Windows\SysWOW64\CTXFIHLP.EXE C:\Windows\SysWOW64\CTXFISPI.EXE D:\Programme\eMule\emule.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Markus\Desktop\dss.exe C:\Windows\SysWOW64\conime.exe D:\PROGRA~1\HIJACK~1\Markus.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programme\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programme\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7127 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ACPI (Microsoft ACPI-Treiber) - c:\windows\system32\drivers\acpi.sys (file missing) R0 atapi (IDE-Kanal) - c:\windows\system32\drivers\atapi.sys (file missing) R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing) R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing) R0 disk (Laufwerktreiber) - c:\windows\system32\drivers\disk.sys (file missing) R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing) R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing) R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing) R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing) R0 KLBG (Kaspersky Lab Boot Guard Driver) - c:\windows\system32\drivers\klbg.sys (file missing) R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing) R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing) R0 msahci - c:\windows\system32\drivers\msahci.sys (file missing) R0 msisadrv (ISA/EISA-Klassentreiber) - c:\windows\system32\drivers\msisadrv.sys (file missing) R0 Mup - c:\windows\system32\drivers\mup.sys (file missing) R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing) R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing) R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing) R0 pci (PCI-Bus-Treiber) - c:\windows\system32\drivers\pci.sys (file missing) R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing) R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing) R0 Tcpip (TCP/IP-Protokolltreiber) - c:\windows\system32\drivers\tcpip.sys (file missing) R0 volmgr (Treiber für Volume-Manager) - c:\windows\system32\drivers\volmgr.sys (file missing) R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing) R0 volsnap (Speichervolumes) - c:\windows\system32\drivers\volsnap.sys (file missing) R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing) R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing) R1 cdrom (CD-ROM-Laufwerktreiber) - c:\windows\system32\drivers\cdrom.sys (file missing) R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing) R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing) R1 kbdclass (Tastaturklassentreiber) - c:\windows\system32\drivers\kbdclass.sys (file missing) R1 kbdhid (Tastatur-HID-Treiber) - c:\windows\system32\drivers\kbdhid.sys (file missing) R1 kl1 - c:\windows\system32\drivers\kl1.sys (file missing) R1 KLIF (Kaspersky Lab Driver) - c:\windows\system32\drivers\klif.sys (file missing) R1 KLIM6 (Kaspersky Anti-Virus NDIS 6 Filter) - c:\windows\system32\drivers\klim6.sys (file missing) R1 mouclass (Mausklassentreiber) - c:\windows\system32\drivers\mouclass.sys (file missing) R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing) R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing) R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing) R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing) R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing) R1 Null - c:\windows\system32\drivers\null.sys (file missing) R1 PSched (QoS-Paketplaner) - c:\windows\system32\drivers\pacer.sys (file missing) R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing) R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing) R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing) R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing) R1 Smb (Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung)) - c:\windows\system32\drivers\smb.sys (file missing) R1 tdx (NetIO-Legacy-TDI-Supporttreiber) - c:\windows\system32\drivers\tdx.sys (file missing) R1 TermDD (Terminal-Gerätetreiber) - c:\windows\system32\drivers\termdd.sys (file missing) R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing) R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing) R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing) R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing) R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing) R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing) R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing) R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing) R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing) R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing) R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing) R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing) R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing) R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing) R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing) R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing) R3 fdc (Diskettencontrollertreiber) - c:\windows\system32\drivers\fdc.sys (file missing) R3 flpydisk (Diskettenlaufwerktreiber) - c:\windows\system32\drivers\flpydisk.sys (file missing) R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing) R3 HidUsb (Microsoft HID Class-Treiber) - c:\windows\system32\drivers\hidusb.sys (file missing) R3 HTTP - c:\windows\system32\drivers\http.sys (file missing) R3 intelppm (Intel-Prozessortreiber) - c:\windows\system32\drivers\intelppm.sys (file missing) R3 iScsiPrt (iScsiPort-Treiber) - c:\windows\system32\drivers\msiscsi.sys (file missing) R3 KLFLTDEV (Kaspersky Lab KLFltDev) - c:\windows\system32\drivers\klfltdev.sys (file missing) R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing) R3 monitor (Microsoft Monitor-Klassenfunktionstreiber-Dienst) - c:\windows\system32\drivers\monitor.sys (file missing) R3 mouhid (Maus-HID-Treiber) - c:\windows\system32\drivers\mouhid.sys (file missing) R3 mpsdrv (Windows-Firewallautorisierungstreiber) - c:\windows\system32\drivers\mpsdrv.sys (file missing) R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing) R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing) R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing) R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing) R3 mssmbios (Microsoft-Systemverwaltungs-BIOS-Treiber) - c:\windows\system32\drivers\mssmbios.sys (file missing) R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing) R3 NdisTapi (RAS-NDIS-TAPI-Treiber) - c:\windows\system32\drivers\ndistapi.sys (file missing) R3 NdisWan (RAS-NDIS-WAN-Treiber) - c:\windows\system32\drivers\ndiswan.sys (file missing) R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing) R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing) R3 NVENETFD (NVIDIA nForce-Netzwerkcontrollertreiber) - c:\windows\system32\drivers\nvm60x64.sys (file missing) R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing) R3 ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - c:\windows\system32\drivers\ohci1394.sys (file missing) R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing) R3 Parport (Treiber für parallelen Anschluss) - c:\windows\system32\drivers\parport.sys (file missing) R3 PptpMiniport (WAN-Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing) R3 Rasl2tp (WAN-Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing) R3 RasPppoe (Remotezugriff-PPPOE-Treiber) - c:\windows\system32\drivers\raspppoe.sys (file missing) R3 RasSstp (WAN-Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing) R3 rdpdr (Treiber für Terminalserver-Geräteumleitung) - c:\windows\system32\drivers\rdpdr.sys (file missing) R3 Serenum (Serenum-Filtertreiber) - c:\windows\system32\drivers\serenum.sys (file missing) R3 Serial (Treiber für seriellen Anschluss) - c:\windows\system32\drivers\serial.sys (file missing) R3 srv - c:\windows\system32\drivers\srv.sys (file missing) R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing) R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing) R3 swenum (Software-Bus-Treiber) - c:\windows\system32\drivers\swenum.sys (file missing) R3 tunmp (Microsoft Tun-Miniportadaptertreiber) - c:\windows\system32\drivers\tunmp.sys (file missing) R3 tunnel (Microsoft-IPv6-Tunnelminiport-Adaptertreiber) - c:\windows\system32\drivers\tunnel.sys (file missing) R3 umbus (UMBus-Enumerator-Treiber) - c:\windows\system32\drivers\umbus.sys (file missing) R3 usbccgp (Microsoft Standard-USB-Haupttreiber) - c:\windows\system32\drivers\usbccgp.sys (file missing) R3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - c:\windows\system32\drivers\usbehci.sys (file missing) R3 usbhub (USB2-aktivierter Hub) - c:\windows\system32\drivers\usbhub.sys (file missing) R3 usbohci (Miniporttreiber für Microsoft USB Open Host-Controller) - c:\windows\system32\drivers\usbohci.sys (file missing) R3 USBSTOR (USB-Massenspeichertreiber) - c:\windows\system32\drivers\usbstor.sys (file missing) R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing) R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing) S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing) S3 AsyncMac (Asynchroner RAS -Medientreiber) - c:\windows\system32\drivers\asyncmac.sys (file missing) S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing) S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing) S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing) S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing) S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing) S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing) S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing) S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing) S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing) S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing) S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing) S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing) S3 drmkaud (Microsoft Kernel-DRM-Audioentschlüsselung) - c:\windows\system32\drivers\drmkaud.sys (file missing) S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing) S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing) S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing) S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing) S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing) S3 IpFilterDriver (Filtertreiber für IP-Datenverkehr) - c:\windows\system32\drivers\ipfltdrv.sys (file missing) S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing) S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing) S3 Modem - c:\windows\system32\drivers\modem.sys (file missing) S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing) S3 MSPCLOCK (Microsoft Proxy für Streaming Clock) - c:\windows\system32\drivers\mspclock.sys (file missing) S3 MSPQM (Microsoft Proxy für Streaming Quality Manager) - c:\windows\system32\drivers\mspqm.sys (file missing) S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing) S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - c:\windows\system32\drivers\mstee.sys (file missing) S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing) S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing) S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing) S3 QWAVEdrv (QWAVE-Treiber) - c:\windows\system32\drivers\qwavedrv.sys (file missing) S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing) S3 s116bus (Sony Ericsson Device 116 driver (WDM)) - c:\windows\system32\drivers\s116bus.sys (file missing) S3 s116mdfl (Sony Ericsson Device 116 USB WMC Modem Filter) - c:\windows\system32\drivers\s116mdfl.sys (file missing) S3 s116mdm (Sony Ericsson Device 116 USB WMC Modem Driver) - c:\windows\system32\drivers\s116mdm.sys (file missing) S3 s116mgmt (Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\s116mgmt.sys (file missing) S3 s116nd5 (Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)) - c:\windows\system32\drivers\s116nd5.sys (file missing) S3 s116obex (Sony Ericsson Device 116 USB WMC OBEX Interface) - c:\windows\system32\drivers\s116obex.sys (file missing) S3 s116unic (Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)) - c:\windows\system32\drivers\s116unic.sys (file missing) S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing) S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing) S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing) S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing) S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing) S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing) S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing) S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing) S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing) S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing) S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing) S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing) S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing) S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing) S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing) S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing) S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing) S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing) S4 arc - c:\windows\system32\drivers\arc.sys (file missing) S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing) S4 blbdrive - c:\windows\system32\drivers\blbdrive.sys (file missing) S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing) S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing) S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing) S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing) S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing) S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing) S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing) S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing) S4 ErrDev (Microsoft Hardware Error Device Driver) - c:\windows\system32\drivers\errdev.sys (file missing) S4 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing) S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing) S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing) S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing) S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing) S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing) S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing) S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing) S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing) S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing) S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing) S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing) S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing) S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing) S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing) S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing) S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing) S4 MegaSR - c:\windows\system32\drivers\megasr.sys (file missing) S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing) S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing) S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing) S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing) S4 nvraid (NVIDIA nForce RAID Driver ) - c:\windows\system32\drivers\nvraid.sys (file missing) S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing) S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing) S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing) S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing) S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing) S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing) S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing) S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing) S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing) S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing) S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing) S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing) S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing) S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing) S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing) S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing) S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing) S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing) S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing) S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing) S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing) S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing) S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing) S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing) S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing) S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe R2 nvsvc (NVIDIA Display Driver Service) - c:\windows\system32\nvvsvc.exe (file missing) R2 SamSs (Sicherheitskonto-Manager) - c:\windows\system32\lsass.exe (file missing) R2 slsvc (Softwarelizenzierung) - c:\windows\system32\slsvc.exe (file missing) R2 Spooler (Druckwarteschlange) - c:\windows\system32\spoolsv.exe (file missing) R3 VSS (Volumeschattenkopie) - c:\windows\system32\vssvc.exe (file missing) S3 ALG (Gatewaydienst auf Anwendungsebene) - c:\windows\system32\alg.exe (file missing) S3 DFSR (DFS-Replikation) - c:\windows\system32\dfsr.exe (file missing) S3 Fax - c:\windows\system32\fxssvc.exe (file missing) S3 KeyIso (CNG-Schlüsselisolation) - c:\windows\system32\lsass.exe (file missing) S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing) S3 Netlogon (Anmeldedienst) - c:\windows\system32\lsass.exe (file missing) S3 ProtectedStorage (Geschützter Speicher) - c:\windows\system32\lsass.exe (file missing) S3 RpcLocator (RPC-Locator) - c:\windows\system32\locator.exe (file missing) S3 SNMPTRAP (SNMP-Trap) - c:\windows\system32\snmptrap.exe (file missing) S3 TuneUp.Defrag (TuneUp Drive Defrag-Dienst) - c:\windows\system32\tuneupdefragservice.exe (file missing) S3 UI0Detect (Erkennung interaktiver Dienste) - c:\windows\system32\ui0detect.exe (file missing) S3 vds (Virtueller Datenträger) - c:\windows\system32\vds.exe (file missing) S3 wbengine (Blockebenen-Sicherungsmodul) - "c:\windows\system32\wbengine.exe" (file missing) S3 wmiApSrv (WMI-Leistungsadapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-09 11:00:00 494 --a------ C:\Windows\Tasks\1-Klick-Wartung.job 2008-07-08 22:36:28 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E793172E-F428-4E5A-BAE2-4845232BAD45}.job -- Files created between 2008-06-09 and 2008-07-09 ----------------------------- 2008-07-08 21:24:12 0 d-------- C:\Program Files (x86)\ImgBurn 2008-07-08 21:20:06 0 d-------- C:\Program Files (x86)\NCH Swift Sound 2008-07-08 19:58:40 0 d-------- C:\Windows\pss 2008-07-08 18:40:05 0 d-------- C:\327882R2FWJFW 2008-07-08 00:26:34 0 d-------- C:\Program Files (x86)\Windows Live 2008-07-07 19:16:22 0 d-------- C:\Program Files (x86)\ICQToolbar 2008-07-06 23:29:21 0 d-------- C:\Program Files (x86)\MSECache 2008-07-06 18:38:45 0 d-------- C:\Windows\PCHEALTH 2008-07-06 18:37:11 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller 2008-07-06 16:46:21 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2008-07-06 13:10:39 0 d--hs---- C:\Windows\Installer 2008-07-06 11:17:02 0 d-------- C:\Windows\Panther 2008-07-06 11:16:48 0 d--hs---- C:\Boot 2008-07-06 11:01:53 0 d-------- C:\Program Files (x86)\Avanquest update 2008-07-06 10:46:16 0 d-------- C:\Windows\system32\Macromed 2008-07-06 10:40:41 0 d-------- C:\Program Files (x86)\Common Files\Creative 2008-07-06 10:40:40 0 d--h----- C:\Program Files (x86)\Creative Installation Information 2008-07-06 10:39:38 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-07-06 10:39:38 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2008-07-06 10:39:38 0 d-------- C:\Program Files (x86)\OpenAL 2008-07-06 10:38:32 0 d-------- C:\Windows\system32\Data 2008-07-06 10:38:32 3072 --a------ C:\Windows\system32\CTXFIGER.DLL <Not Verified; ; CTxfiRes Dynamic Link Library> 2008-07-06 10:38:31 69120 --a------ C:\Windows\system32\CmdRtr.DLL 2008-07-06 10:38:31 108544 --a------ C:\Windows\system32\APOMngr.DLL 2008-07-06 10:38:29 0 d-------- C:\Program Files (x86)\Creative 2008-07-06 10:38:25 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2008-07-06 10:33:29 0 d-------- C:\Program Files (x86)\Common Files\InstallShield 2008-07-06 10:33:26 0 d-------- C:\NVIDIA 2008-07-06 10:26:49 171136 -rahs---- C:\grldr 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Vorlagen 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Startmenü 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Netzwerkumgebung 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Lokale Einstellungen 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Eigene Dateien 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Druckumgebung 2008-07-06 10:24:42 0 d--hs---- C:\Users\Default\Anwendungsdaten 2008-07-06 10:24:42 0 d--hs---- C:\Programme 2008-07-06 10:24:42 0 d--hs---- C:\Dokumente und Einstellungen 2008-07-06 10:24:20 0 d-------- C:\Windows\Debug 2008-07-06 10:21:02 0 d-------- C:\Windows\SoftwareDistribution 2008-07-06 10:19:20 0 d-------- C:\Windows\CSC 2008-07-06 10:17:57 0 d--hs---- C:\System Volume Information -- Find3M Report --------------------------------------------------------------- 2008-07-09 03:06:19 0 d-------- C:\Program Files (x86)\Windows Mail 2008-07-08 21:29:02 0 d-------- C:\Users\Markus\AppData\Roaming\ImgBurn 2008-07-07 21:19:22 0 d-------- C:\Users\Markus\AppData\Roaming\MyPhoneExplorer 2008-07-07 20:32:45 0 d-------- C:\Users\Markus\AppData\Roaming\ICQ Toolbar 2008-07-07 19:21:29 0 d-------- C:\Users\Markus\AppData\Roaming\ICQ 2008-07-07 19:16:22 0 d-------- C:\Users\Markus\AppData\Roaming\Mozilla 2008-07-06 18:37:11 0 d-------- C:\Program Files (x86)\Common Files 2008-07-06 16:47:13 0 d-------- C:\Users\Markus\AppData\Roaming\TuneUp Software 2008-07-06 13:10:23 0 d-------- C:\Users\Markus\AppData\Roaming\WinRAR 2008-07-06 10:47:24 0 d-------- C:\Users\Markus\AppData\Roaming\InstallShield 2008-07-06 10:46:16 0 d-------- C:\Users\Markus\AppData\Roaming\Macromedia 2008-07-06 10:46:16 0 d-------- C:\Users\Markus\AppData\Roaming\Adobe 2008-07-06 10:27:07 0 d-------- C:\Users\Markus\AppData\Roaming\Identities -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2008-07-09 11:31:06 ------------ Und die extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0 Architecture: X64; Language: German CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage of Memory in Use: 51% Physical Memory (total/avail): 2045.76 MiB / 992.49 MiB Pagefile Memory (total/avail): 4330.82 MiB / 2825.98 MiB Virtual Memory (total/avail): 4095.88 MiB / 3956.39 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 48.83 GiB total, 24.93 GiB free. D: is Fixed (NTFS) - 416.93 GiB total, 412.89 GiB free. E: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) \\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ SCSI Disk Device - 465.76 GiB - 2 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 48.83 GiB - C: \PARTITION1 - Installierbares Dateisystem - 416.93 GiB - D: \\.\PHYSICALDRIVE1 - Generic 2.0 Reader-CF USB Device \\.\PHYSICALDRIVE2 - Generic 2.0 Reader-Multi USB Device -- Security Center ------------------------------------------------------------- Windows Internal Firewall is disabled. FW: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) AV: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) AS: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Markus\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MARKUS-PC ComSpec=C:\Windows\system32\cmd.exe DFSTRACINGON=FALSE FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Markus LOCALAPPDATA=C:\Users\Markus\AppData\Local LOGONSERVER=\\MARKUS-PC NUMBER_OF_PROCESSORS=4 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_ARCHITEW6432=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files (x86) ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Markus\AppData\Local\Temp TMP=C:\Users\Markus\AppData\Local\Temp TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat USERDOMAIN=Markus-PC USERNAME=Markus USERPROFILE=C:\Users\Markus windir=C:\Windows -- User Profiles --------------------------------------------------------------- Markus -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0007 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove Adobe Flash Player ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Avanquest update --> C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0007 -removeonly CleanUp! --> C:\Program Files (x86)\CleanUp!\uninstall.exe Creative-Audiokonsole --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove eMule --> "D:\Programme\eMule\Uninstall.exe" EVEREST Ultimate Edition v4.20 --> "D:\Programme\EVEREST Ultimate Edition\unins000.exe" Express Burn --> C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe HijackThis 2.0.2 --> "D:\Programme\HijackThis\HijackThis.exe" /uninstall ICQ6 --> "C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly ImgBurn --> "C:\Program Files (x86)\ImgBurn\uninstall.exe" Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} MyPhoneExplorer --> D:\Programme\MyPhoneExplorer\uninstall.exe O&O DiskRecovery --> MsiExec.exe /X{53480880-18E0-4097-A460-F22DD3AC6D70} OpenAL --> "C:\Program Files (x86)\OpenAL\OALInst.exe" /U Paragon Drive Backup 8.51 Professional Trial --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D155D300-C235-44FC-981C-F7B34683439C}\Setup.exe" -l0x7 Paragon Partition Manager 9.0 Professional --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x7 PC Inspector File Recovery --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7 Sony Ericsson PC Suite 3.209.00 --> C:\Program Files (x86)\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly Spybot - Search & Destroy --> "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe" TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} WinRAR --> D:\Programme\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type1178 / Warning Event Submitted/Written: 07/09/2008 09:06:06 AM Event ID/Source: 4356 / EventSystem Event Description: 8000401a{28778B62-8481-400D-8E8A-A4C81ED3F65C}StandardCreateInstance Event Record #/Type1175 / Warning Event Submitted/Written: 07/09/2008 08:05:45 AM Event ID/Source: 4356 / EventSystem Event Description: 8000401a{28778B62-8481-400D-8E8A-A4C81ED3F65C}StandardCreateInstance Event Record #/Type1162 / Error Event Submitted/Written: 07/09/2008 03:09:17 AM Event ID/Source: 10 / WinMgmt Event Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Event Record #/Type1157 / Success Event Submitted/Written: 07/09/2008 03:08:46 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1156 / Error Event Submitted/Written: 07/09/2008 03:08:29 AM Event ID/Source: 3003 / WinDefendRtp Event Description: %%8271.1.1600.010x80070005Zugriff verweigert Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000 -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4719 / Warning Event Submitted/Written: 07/09/2008 11:30:55 AM Event ID/Source: 3004 / WinDefend Event Description: %%8271.1.1600.0{5DEAA4A8-ABE7-49B5-BC85-8929AAD45500}Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000Unknown%%832service:xpdt0%%807 Event Record #/Type4718 / Warning Event Submitted/Written: 07/09/2008 11:30:55 AM Event ID/Source: 3004 / WinDefend Event Description: %%8271.1.1600.0{C88062B4-34AB-4A82-B54D-DB9043511F19}Markus-PCMarkusS-1-5-21-4008867448-252535074-618003566-1000Unknown%%832driver:xpdt0%%807 Event Record #/Type4704 / Warning Event Submitted/Written: 07/09/2008 09:06:04 AM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001D60871282 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Event Record #/Type4691 / Warning Event Submitted/Written: 07/09/2008 08:05:43 AM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001D60871282 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Event Record #/Type4685 / Error Event Submitted/Written: 07/09/2008 06:57:41 AM Event ID/Source: 8003 / bowser Event Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRANK-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{FA15546F-5816-4A5D-9A6F-4B6E6CE417DD}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. -- End of Deckard's System Scanner: finished at 2008-07-09 11:31:06 ------------ |
|
|
||
09.07.2008, 12:23
Ehrenmitglied
Beiträge: 29434 |
#15
mal sehen, was raman dazu meint, aber ich finde das Log sehr eigenartig, ein Wunder, dass der Rechner überhaupt funktioniert, wenn man sieht, wie viele Treiber und Windowsssytemdateien fehlen.
Von verseuchung keine Spur, jedoch fehlende Treiber ohne Ende.... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Eines Tages bekam ich eine MSN Nachricht von einer Freundin aus meiner Liste, mit einen Link, der ungefähr so aussah h*tp://xxx.imagepixer.info
Anstatt des xxx stand da ihre MSN Domain. Ich Idiot, ja beschimpft mich ruhig als solchen denn ich habs nicht anders verdient, geh darauf und seh eine Seite wo man seine MSN Daten eingeben soll, ich hab mir nichts böses bei gedacht und hab es getan. So, nun hab ich die ******* am Hals und werd die Probleme nicht wieder los. Zu diesem Zeitpunkt hatte ich McAfee als AV-Programm doch das meckerte auch nicht und naja, plötzlich bekamen meine Kontakte aus meiner Liste von mir irgendwelche Nachrichten die ich nie gesendet hab mit ähnlichen Links. Zudem meldete sich mein MSN oft ab und es stand aufeinmal da "Sie haben sich auf einen anderen Computer angemeldet" Das hatte ich sehr oft. Einmal sagte mir ein Kumpel dass ein User mit dem Namen "Hallo Ich" unter meiner Addy bei MSN angemeldet hat. Ich hab Panik bekommen.
So ich dachte mir, gut, gehst mal formatieren, gesagt getan, Festplatten alle(!) formatiert und neu partioniert und Vista installiert (Hatte vorher XP Home SP III) Es gab keine Probleme, hab als erstes Kaspersky installiert, man überläßt ja nix mehr dem Zufall. Irgendwann Windows Live drauf und die ******* ging wieder los. Kaum war ich mit dem frischen neuen Vista im MSN und die ersten Nachrichten die ich bekam waren von Leuten, die mir gesagt haben dass die Links nicht funktionieren die ich geschickt hab und ich meinte nur welche Links? Dann wurde mir alles klar, das ganze formatieren war umsonst, Kaspersky durchlaufen lassen, nix gefunden. Heute hat mich der Schlag aber komplett getroffen als meine Maus aufeinmal ein Eigenleben entwickelt hat, es war als wäre mein Rechner fremdgesteuert.
Ich hatte Panik und keiner wollte mir glauben. Dann ging auch der Internet Explorer nicht mehr und Ich hab dann Windows Live runtergehauen und da war Ruhe ...
Soweit erstmal, könnt ihr mir helfen wie ich das Ding, was auch es immer sein mag, wieder los werde? Also mein Logfile sieht so aus (siehe unten)
Folgende Anmerkungen (Fragen) noch ...
1.) Beim booten habe ich seit neulich ein Bildschirm welches ich vorher nie gesehen hab, leider kann ich nicht sagen was dort steht da zu schnell weg, aber es kommt mir spanisch vor. Kann ich den Bildschirm irgendwie anhalten, sodass ich den Mist lesen kann?
2.) Als ich mein Logfile untersuchen hab lassen, stand bei avp.exe (siehe unten) folgendes. Unbekanntes Programm und tatsächlich hab ich im Taskmanager dieses avp.exe gleich 2 mal. Einmal ca. 5 mb speicher und einmal mca. 30 mb speicher oder mehr, und die kann ich auch nicht beenden. Siehe hier: http://www.bilder-hochladen.net/files/7c6f-2.jpg
3.) Manchmal meldet Windows Sicherheitscenter, dass Kaspersky ausgeschaltet ist obwohls eingeschaltet ist, das ist auch nicht normal. Siehe hier: http://www.bilder-hochladen.net/files/big/7c6f-1.jpg
Das Logfile:
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\Programme\eMule\emule.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Programme\Kaspersky Internet Security 2009\avp.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe
D:\Programme\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programme\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programme\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~2\mzvkbd.dll,D:\PROGRA~1\KASPER~2\adialhk.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6264 bytes