Trojaner eingefangen! Google weiterleitung auf unseriöse Seiten

#0
19.12.2009, 17:19
...neu hier

Beiträge: 4
#1 Hallo Leute,

ich habe vorgestern das erstmal festgestellt das meine Google suchen zwar alle richtig gefunden werden aber dann beim anklicken der Links ich auf irgendwelche unseriösen Movie, Kauf oder sowas was seiten meist aus dem Ausland umgleitet werde, beim betreten dieser Seiten werde ich dann immer angeriffen was mein Noton AntiVirus bisher gott sei dank abwehren konnte.

ich habe aber schon ein bischen hier gelesen aber bisher kein Lösung für mein Problem gefunden, folgendes:

Malwarebytes scan mit neustem Update von heute gemacht, bei 3 scans wurde immer wieder was gefunden, insgesamt ca. 7 trojaner /würmer diverser art + 5 schädliche Reg Einträge. Alle konnten nachhaltig gelöscht werden nur 2 bleiben bzw werden gelöscht und nach dem Reboot sobald ich den Inet Explorer öffne sind sie wieder da (sonst nicht!)

1. Flags.ini (lässt sich manuell nicht löschen)
2. Uses32.dat (lässt sich manuell löschen kommt aber nach IE8 Benutzung wieder)

Die Neusten Windows updates sind drauf (stand heute) habe XP Prof
Norton Antivirus findet garnichts.

habe mal eine HijackThis file erstellen lassen. mehr fällt mir auch nicht mehr ein, kann jemand helfen diese lästigen Umleitungen weg zu bekommen? Kenne mich leider nicht gensu aus.

Gruß
sascha

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:34, on 19.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\nHancer\nHancer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [nHancer] "C:\Programme\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261161411468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261161404937
O16 - DPF: {792E349D-4844-4F53-A660-3F1E00234138} (CVXChatControl Object) - http://visit-x.de/downloads/applet/90/9,0,0,5/cP-Client-90.cab
O16 - DPF: {853B7AC5-1DC9-484C-972B-479E790D4A4D} (CVxChatControl Object) - http://www.visit-x.de/downloads/applet/853B7AC5-1DC9-484c-972B-479E790D4A4D/8,0,0,14/cP-Client-80-light.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.151.42.188:443/activex/AMC.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Steuerung des DownloadManager ) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11256 bytes
Seitenanfang Seitenende
19.12.2009, 17:28
Member

Beiträge: 3716
#2 hallo, poste die malwarebytes funde, zu finden unter berichte, wenn du malwarebytes öffnest, poste auch das gmer log,
http://board.protecus.de/t23187.htm
Seitenanfang Seitenende
20.12.2009, 15:30
...neu hier

Themenstarter

Beiträge: 4
#3 Hallo,

Ok waren so viele in verchiedenen Reports muss ich mal sehen ob ich die noch alle zusammen bekomme.

Neuster Stand: ich habe mit Spybot gesannt, 15 schädlinge und Einträge gelöscht worden, dann mit malwarebytes, 0 Infekte.

dann nach neustem Update von heute auf einmal wieder 47 infekte bis jetzt, scan läuft noch.

verstehe das nicht wo die auf einmal her kommen, habe nicht mehr gesurft seit dem.

mache gleich den gmer report wnen der scan durch ist.
Seitenanfang Seitenende
20.12.2009, 15:48
Member

Beiträge: 3716
#4 bitte mache keine eigenmächtigen scans, sondern arbeite nur nach anweisung. du musst einfach nur malwarebytes öffnen, auf berichte gehen und diese posten.
Seitenanfang Seitenende
20.12.2009, 17:22
...neu hier

Themenstarter

Beiträge: 4
#5 Hallo,

so habe hier die berichte und den letzten Hijeckthis scan nachdem malwarebyte wohl alles gefunden und löschen konnte:

gmer muss ich gleich nochmal versuchen. dabei hat sich nach ca. 15 min scan mein rechner plötzlich aufgehangen:

Zur info, die Google Umleitung ist jetzt WEG nachdem die ganzen unten stehenden schädliche gelöscht wurden, allerdings glaube ich das sich noch mehr auf den PC verstecken könnte: Von den Spybot program ,der 13-15 andere gefunden hatte gibts wohl leider keine Berichte!



Malwarebytes: (in der Reihenfolge wie bei verschiedenen Scans mit verschiedenen Datenbank Versionen seit dem 17.12. aufgetaucht)
Immer wieder waren die files flags.ini und uses32.dat dabei, ALLE anderen Schädlinge konnten immer laut dem Programm entfernt werden.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Quarantined and deleted successfully.


Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.



Infizierte Dateien:
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000015.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000021.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000024.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000048.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000018.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.


Infizierte Dateien:
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.


Infizierte Dateien:
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\wincert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000014.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000016.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000019.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000020.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000022.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000023.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000025.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000047.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000098.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000099.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000100.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000101.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000102.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000103.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000104.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000017.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000126.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP1\A0000127.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000196.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000197.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000198.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000199.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000200.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000201.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000211.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000212.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000213.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000214.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000215.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000216.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000217.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000218.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000219.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000220.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000221.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000222.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000230.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP2\A0000231.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001267.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001268.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001269.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001270.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001271.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001272.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP3\A0001273.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP4\A0001417.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D75F7CA2-6D3A-4983-BB31-D27A1112AD14}\RP4\A0001418.dll (Spyware.Passwords) -> Quarantined and deleted successfully.


HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:04, on 20.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\nHancer\nHancer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [nHancer] "C:\Programme\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261161411468
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261161404937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.151.42.188:443/activex/AMC.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Steuerung des DownloadManager ) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\curslib.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Seitenanfang Seitenende
20.12.2009, 17:49
Member

Beiträge: 3716
#6 versuch erst mal gmer. danach:
1. mache eine sicherung all deiner wichtigen daten.
falls dies auf externen datenträgern geschied, lies folgendes und beachte es.
http://www.wintotal.de/Tipps/?id=548
2. downloade KittyFix.exe ehemals combofix.
benenne die exe vor dem speichern in 123.exe um, damit malware sich nicht vor ihr verstecken kann, danach folge den anweisungen, instaliere die rettungskonsole,
zuvor natürlich alle laufenden programme beenden. KittyFix.exe wird deine internetverbindung trennen, lasse das programm arbeiten, mache nichts am pc.
poste das log.

http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe
Seitenanfang Seitenende
20.12.2009, 18:18
...neu hier

Themenstarter

Beiträge: 4
#7 Hallo,

kannst du damit was anfangen? konnte es nicht ganz bis zum ende druchlaufen lassen, irgendwie mag mein PC das gmer nicht, der hängt sich nach einer zeit immer auf, vorher laufen alle Lüfter aus Hoichturen udn die Temp steigt gewaltig.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-20 18:00:15
Windows 5.1.2600 Service Pack 2
Running: h2my5m0j.exe; Driver: C:\DOKUME~1\User1\LOKALE~1\Temp\kwdiafod.sys


---- System - GMER 1.0.15 ----

SSDT 89A7FA68 ZwAlertResumeThread
SSDT 89BA1820 ZwAlertThread
SSDT 8A49F540 ZwAllocateVirtualMemory
SSDT 8A3EE5F8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB7100020]
SSDT 8A366BE8 ZwCreateMutant
SSDT 8A4D6BA0 ZwCreateThread
SSDT 8A5CA180 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB71002A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB7100800]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT 8A4F15F8 ZwFreeVirtualMemory
SSDT 8A3C3338 ZwImpersonateAnonymousToken
SSDT 89D25820 ZwImpersonateThread
SSDT 8A46C8C8 ZwMapViewOfSection
SSDT 8A39CBF8 ZwOpenEvent
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT 8A3FA498 ZwOpenProcessToken
SSDT 8A360B30 ZwOpenSection
SSDT 8A4CE198 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT 8A375248 ZwResumeThread
SSDT 8A3A4DA8 ZwSetContextThread
SSDT 8A4F0EB8 ZwSetInformationProcess
SSDT 8A5A9BC0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB7100A50]
SSDT 8A3BE520 ZwSuspendProcess
SSDT 8A3ADB10 ZwSuspendThread
SSDT 8A3FA460 ZwTerminateProcess
SSDT 8A379748 ZwTerminateThread
SSDT 8A3526D8 ZwUnmapViewOfSection
SSDT 8A430E58 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BE0 805037E0 4 Bytes CALL 02DA6E50
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB974C360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload B972D62C 5 Bytes JMP 8A408770
? System32\Drivers\ala5gy9n.SYS Das System kann den angegebenen Pfad nicht finden. !
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB691C000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB695E000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB6979000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 4126D6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 4119541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 4136441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 41364351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 413643BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 41364222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 41364284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 41364482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[1788] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 413642E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] ntdll.dll!RtlValidateUnicodeString + 554 7C925CCE 10 Bytes JMP 04B3003A
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 411D4602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!CallNextHookEx 7E36F85B 5 Bytes JMP 4125CEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 4126D6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 4119541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 41269865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 4136441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 41364351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 413643BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 41364222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 41364284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 41364482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 413642E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] ole32.dll!OleInitialize + 38C 774CFA66 7 Bytes JMP 04B300F3
.text C:\Programme\Internet Explorer\iexplore.exe[2640] ole32.dll!CoCreateInstance 774CFAC3 5 Bytes JMP 4126D748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2640] ole32.dll!CoGetCallContext + 7C 774E5DAD 7 Bytes JMP 04B301A9
.text C:\Programme\Internet Explorer\iexplore.exe[2640] ole32.dll!OleLoadFromStream 774FA257 5 Bytes JMP 413647A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Internet Explorer\iexplore.exe[2640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6CA1E8
Device \FileSystem\Fastfat \FatCdrom 882851E8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A40C1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6CC1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6CC1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6CC1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6CC1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A40C1E8
Device \Driver\usbehci \Device\USBPDO-2 8A40D1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A40C1E8
Device \Driver\usbuhci \Device\USBPDO-4 8A40C1E8
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8A40C1E8
Device \Driver\usbehci \Device\USBPDO-6 8A40D1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\NetBT \Device\NetBT_Tcpip_{62515670-3044-460A-BC20-5F48354EC457} 89A7F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8A4261E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom1 8A4261E8
Device \Driver\atapi \Device\Ide\IdePort0 8A65B1E8
Device \Driver\atapi \Device\Ide\IdePort1 8A65B1E8
Device \Driver\atapi \Device\Ide\IdePort2 8A65B1E8
Device \Driver\atapi \Device\Ide\IdePort3 8A65B1E8
Device 8A65B1E8
Device \Driver\atapi \Device\Ide\IdePort4 8A65B1E8
Device \Driver\atapi \Device\Ide\IdePort5 8A65B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom2 8A4261E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume6 8A65C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\NetBT \Device\NetBt_Wins_Export 89A7F1E8
Device \Driver\NetBT \Device\NetbiosSmb 89A7F1E8
Device \Driver\PCI_NTPNP6666 \Device\0000005c sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A40C1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A40C1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A991E8
Device \Driver\usbehci \Device\USBFDO-2 8A40D1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A991E8
Device \Driver\usbuhci \Device\USBFDO-3 8A40C1E8
Device \Driver\usbuhci \Device\USBFDO-4 8A40C1E8
Device \Driver\Ftdisk \Device\FtControl 8A65C1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A40C1E8
Device \Driver\usbehci \Device\USBFDO-6 8A40D1E8
Device \Driver\ala5gy9n \Device\Scsi\ala5gy9n1Port6Path0Target0Lun0 8A3F3790
Device \Driver\ala5gy9n \Device\Scsi\ala5gy9n1 8A3F3790
Device \FileSystem\Fastfat \Fat 882851E8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 88EC3790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa39b90
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 244014962
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1273067759
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x23 0xE3 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0xA2 0x7B 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x75 0x84 0xFA 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3aa39b90 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x23 0xE3 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0xA2 0x7B 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x75 0x84 0xFA 0x1D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B2ACC3E-AD2F-5295-969C-D85F97E2380F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B2ACC3E-AD2F-5295-969C-D85F97E2380F}@gcigkidcncgnliddkggjcanbnomddbhfggccopfgclnhmddlodaoieaempmeckcmdaidjeoafebloa 0x65 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A9ABC7D-7FD3-897B-FA45-5DCD7535E413}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A9ABC7D-7FD3-897B-FA45-5DCD7535E413}@gcdfgaopfjhdpbcmlinbjijgaabnmeggnmakngidokaompmjmkmppfkgchpekgcoigklmmimapdeek 0x65 0x61 0x64 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7E1939C-BCDD-033B-4C53-91AB5187E82D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7E1939C-BCDD-033B-4C53-91AB5187E82D}@gcjnfdpfomkkchmeljaeakifmdhmkdcgmohhedipidkpjfpmohcjapomgbghakagmkajncichaelkn 0x65 0x61 0x6A 0x63 ...
Seitenanfang Seitenende
20.12.2009, 18:30
Member

Beiträge: 3716
#8 ok, weiter mit KittyFix
Seitenanfang Seitenende