Antivir und DW20.exe |
||
|---|---|---|
| #0
| ||
|
17.02.2010, 20:16
...neu hier
Beiträge: 10 |
||
 
|
|
|
|
17.02.2010, 20:18
Member
Beiträge: 3716 |
#2
abarbeiten, logs posten.
|
|
|
|
|
|
|
17.02.2010, 20:24
...neu hier
Themenstarter Beiträge: 10 |
#3
Abarbeiten ist ein bisschen schwierig, weil sich die immer neu öffnen und ich so kein Programm starten kannn.
|
|
|
|
|
|
|
17.02.2010, 21:22
Member
Beiträge: 3716 |
#4
starte mal im abgesicherten modus.
dort combofix ausführen, dann wieder in den normalen modus starten, log posten. http://board.protecus.de/t23188.htm |
|
|
|
|
|
|
21.02.2010, 19:47
...neu hier
Themenstarter Beiträge: 10 |
#5
soo hat n bisschen gedauert aber jetzt hab ich das log
ComboFix 10-02-20.04 - Hans Toschmaster 21.02.2010 19:35:04.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2047.1662 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Hans Toschmaster\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Im Speicher befindliches AV aktiv. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokume~1\HANSTO~1\LOKALE~1\Temp\svchost.exe c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\logs.dat c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\SQLite3.dll c:\windows\system32\Explorer . ((((((((((((((((((((((( Dateien erstellt von 2010-01-21 bis 2010-02-21 )))))))))))))))))))))))))))))) . 2010-02-20 13:48 . 2010-02-20 13:48 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\ESET 2010-02-20 13:47 . 2010-02-20 13:47 -------- d-----w- c:\programme\ESET 2010-02-20 13:47 . 2010-02-20 13:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ESET 2010-02-18 16:21 . 2010-02-18 16:21 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien 2010-02-18 16:19 . 2010-02-18 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla 2010-02-01 22:32 . 2010-02-01 22:32 -------- d-----w- c:\programme\DIFX 2010-02-01 22:32 . 2010-02-01 22:32 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP 2010-02-01 22:24 . 2010-02-01 22:32 -------- d-----w- C:\BDS 2010-01-31 11:27 . 2010-01-31 11:27 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\FUEL 2010-01-24 18:52 . 2010-01-24 18:52 -------- d-----w- c:\programme\AGEIA Technologies 2010-01-24 18:52 . 2010-01-24 18:52 -------- d-----w- c:\windows\system32\AGEIA . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-13 12:30 . 2009-04-01 20:49 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Winamp 2010-02-01 22:32 . 2009-04-06 13:18 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2010-02-01 22:25 . 2009-04-01 19:00 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-01-27 14:51 . 2006-02-28 12:00 81118 ----a-w- c:\windows\system32\perfc007.dat 2010-01-27 14:51 . 2006-02-28 12:00 452310 ----a-w- c:\windows\system32\perfh007.dat 2010-01-25 19:40 . 2010-01-11 09:49 -------- d-----w- c:\programme\ATI 2010-01-24 18:40 . 2009-06-14 20:53 -------- d-----w- c:\programme\Microsoft Games for Windows - LIVE 2010-01-11 09:53 . 2010-01-11 09:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI 2010-01-11 09:49 . 2010-01-11 09:49 10134 ----a-r- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe 2010-01-11 09:49 . 2010-01-08 18:01 -------- d-----w- c:\programme\ATI Technologies 2010-01-11 09:44 . 2010-01-08 18:02 -------- d-----w- c:\programme\Gemeinsame Dateien\ATI Technologies 2010-01-09 13:38 . 2010-01-09 13:38 -------- d-----w- c:\programme\Lavalys 2010-01-09 11:45 . 2009-04-03 19:23 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\nView_Wallpaper 2010-01-08 18:08 . 2010-01-08 18:08 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\ATI 2010-01-08 18:07 . 2010-01-08 18:07 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-31 16:14 . 2006-02-28 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 16:01 . 2009-12-30 16:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation 2009-12-30 15:51 . 2009-12-30 15:51 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Microsoft Games 2009-12-29 00:55 . 2009-04-26 13:45 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\dvdcss 2009-12-24 14:32 . 2009-12-24 14:32 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\TrueCrypt 2009-12-22 05:39 . 2006-02-28 12:00 667648 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:39 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-17 07:57 . 2009-04-01 18:29 346624 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 13:42 . 2009-12-16 13:42 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2009-12-14 07:35 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:23 . 2006-02-28 12:00 2138624 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:23 . 2004-08-04 00:50 2018304 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 19:37 . 2009-04-01 19:10 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-04 14:41 . 2006-02-28 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:33 . 2006-02-28 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:33 . 2004-08-04 00:57 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:37 . 2006-02-28 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:37 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:37 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:37 . 2004-08-04 00:57 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:37 . 2001-08-18 04:54 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-25 03:50 . 2009-07-02 11:49 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-11-25 03:27 . 2010-01-11 09:50 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-11-25 03:26 . 2009-07-02 11:24 300032 ----a-w- c:\windows\system32\ati2dvag.dll 2009-11-25 03:11 . 2009-07-02 11:06 208896 ----a-w- c:\windows\system32\atipdlxx.dll 2009-11-25 03:11 . 2009-07-02 11:05 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2009-11-25 03:10 . 2009-07-02 11:05 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-11-25 03:10 . 2009-07-02 11:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-11-25 03:10 . 2009-07-02 11:05 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2009-11-25 03:09 . 2009-07-02 11:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-11-25 03:07 . 2009-07-02 11:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2009-11-25 02:59 . 2010-01-11 09:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2009-11-25 02:59 . 2009-07-02 10:56 3538496 ----a-w- c:\windows\system32\ati3duag.dll 2009-11-25 02:44 . 2009-07-02 10:54 13533184 ----a-w- c:\windows\system32\atioglxx.dll 2009-11-25 02:43 . 2009-07-02 10:44 2142848 ----a-w- c:\windows\system32\ativvaxx.dll 2009-11-25 02:42 . 2010-01-11 09:50 887724 ----a-w- c:\windows\system32\ativva6x.dat 2009-11-25 02:42 . 2010-01-11 09:50 3 ----a-w- c:\windows\system32\ativva5x.dat 2009-11-25 02:26 . 2009-07-02 10:31 65024 ----a-w- c:\windows\system32\atimpc32.dll 2009-11-25 02:26 . 2009-07-02 10:31 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2009-11-25 02:21 . 2009-07-02 10:28 565248 ----a-w- c:\windows\system32\atikvmag.dll 2009-11-25 02:20 . 2009-07-02 10:27 45056 ----a-w- c:\windows\system32\aticalrt.dll 2009-11-25 02:20 . 2009-07-02 10:26 45056 ----a-w- c:\windows\system32\aticalcl.dll 2009-11-25 02:19 . 2009-07-02 10:26 176128 ----a-w- c:\windows\system32\atiadlxx.dll 2009-11-25 02:18 . 2009-07-02 10:26 17408 ----a-w- c:\windows\system32\atitvo32.dll 2009-11-25 02:18 . 2009-07-02 10:25 3612672 ----a-w- c:\windows\system32\aticaldd.dll 2009-11-25 02:18 . 2009-07-02 10:25 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-11-25 02:17 . 2009-07-02 10:24 397312 ----a-w- c:\windows\system32\atiok3x2.dll 2009-11-25 02:12 . 2009-07-02 10:20 638976 ----a-w- c:\windows\system32\ati2cqag.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-02-25 37888] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304] "egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\dokumente und einstellungen\Hans Toschmaster\Startmen\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\ICQ6.5\\ICQ.exe"= "d:\\Games\\cs 1.6\\hl.exe"= "d:\\Games\\Warcraft III 1.17\\War3.exe"= "d:\\Games\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\Games\\Demigod\\bin\\Demigod.exe"= "d:\\Games\\Rune\\Rune\\System\\Rune.exe"= "d:\\Games\\CoD 4\\iw3mp.exe"= "d:\\Games\\Prototype\\prototypef.exe"= "d:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\Games\\Steam\\steamapps\\wartoschi\\team fortress 2\\hl2.exe"= "d:\\Games\\hl\\hl.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Programme\\Java\\jre1.6.0_07\\bin\\java.exe"= "d:\\Games\\Halo\\halo.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "f:\\Dragon Age\\bin_ship\\daorigins.exe"= "f:\\Dragon Age\\DAOriginsLauncher.exe"= "f:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "f:\\Mirrors Edge\\Binaries\\MirrorsEdge.exe"= "f:\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "f:\\Section 8\\Binaries\\S8Game-F.exe"= "f:\\Fuel\\FUEL.exe"= "f:\\Borderlands\\Binaries\\Borderlands.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 09:03 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 09:06 96408] R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 09:04 735960] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [01.04.2009 21:09 38656] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.04.2009 17:10 722416] S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;f:\dragon age\bin_ship\daupdatersvc.service.exe [19.11.2009 22:57 25832] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{VV66C018-67SD-0687-0TU3-X8QD4254FQ0U}] 2005-07-04 22:37 667829 --sha-r- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe . Inhalt des "geplante Tasks" Ordners . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.yodl.de/?&affid=1&uid=725CA8E3-17C5-4C0D-8138-BDE56D559E9F IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\uejgt1ky.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: keyword.URL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 19:37 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1645522239-1637723038-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:cf,96,96,7f,85,66,81,c3,d3,63,c3,5e,4f,5f,72,a7,49,72,bd,32,ae, 9d,00,77,11,df,e9,e6,07,b7,d0,d2,e5,39,96,b6,dc,d4,0b,8b,a0,95,15,fe,ee,40,\ "rkeysecu"=hex:52,85,16,d9,5e,d2,1a,47,e0,26,cf,55,6e,8f,9a,24 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2010-02-21 19:38:49 ComboFix-quarantined-files.txt 2010-02-21 18:38 Vor Suchlauf: 3.009.208.320 Bytes frei Nach Suchlauf: 3.522.330.624 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=H1JY2D /Kernel=TUKernel.exe /usepmtimer multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=H1JY2D-BAK /usepmtimer - - End Of File - - 704EC89889C7A28B1BBAF4116CB1667B |
|
|
|
|
|
|
21.02.2010, 20:47
Member
Beiträge: 3716 |
#6
versuch mal jetzt bitte mit malwarebytes weiter zu machen.
|
|
|
|
|
|
|
21.02.2010, 22:24
...neu hier
Themenstarter Beiträge: 10 |
#7
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3772 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 21.02.2010 22:09:19 mbam-log-2010-02-21 (22-09-19).txt Scan-Methode: Vollständiger Scan (C:\|D:\|F:\|) Durchsuchte Objekte: 370851 Laufzeit: 52 minute(s), 9 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vv66c018-67sd-0687-0tu3-x8qd4254fq0u} (Generic.Bot.H) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\temp\XxX.xXx (Malware.Trace) -> Delete on reboot. ist trotzdem noch nicht weg |
|
|
|
|
|
|
23.02.2010, 18:18
...neu hier
Themenstarter Beiträge: 10 |
#8
soo jetzt hab ich auch die gmer und hjt logs
HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:51, on 23.02.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe C:\Programme\Opera\opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yodl.de/?&affid=1&uid=725CA8E3-17C5-4C0D-8138-BDE56D559E9F R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [UMBENANNT] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe O4 - HKLM\..\Run: [HKLM] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [HKCU] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - F:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7365 bytes GMER: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-23 17:12:35 Windows 5.1.2600 Service Pack 2 Running: do6rwy59.exe; Driver: C:\DOKUME~1\HANSTO~1\LOKALE~1\Temp\fxtdipog.sys ---- System - GMER 1.0.15 ---- SSDT 89AE0A70 ZwAssignProcessToJobObject SSDT spcr.sys ZwCreateKey [0xF74D60E0] SSDT 89AE15F0 ZwDebugActiveProcess SSDT 89AE1020 ZwDuplicateObject SSDT spcr.sys ZwEnumerateKey [0xF74F4DA4] SSDT spcr.sys ZwEnumerateValueKey [0xF74F5132] SSDT spcr.sys ZwOpenKey [0xF74D60C0] SSDT 89AE01B0 ZwOpenProcess SSDT 89AE04B0 ZwOpenThread SSDT 89AE0EB0 ZwProtectVirtualMemory SSDT spcr.sys ZwQueryKey [0xF74F520A] SSDT spcr.sys ZwQueryValueKey [0xF74F508A] SSDT 89AE0D50 ZwSetContextThread SSDT 89AE0BD0 ZwSetInformationThread SSDT 89ADDA90 ZwSetSecurityObject SSDT spcr.sys ZwSetValueKey [0xF74F529C] SSDT 89AE0910 ZwSuspendProcess SSDT 89AE07B0 ZwSuspendThread SSDT 89AE0340 ZwTerminateProcess SSDT 89AE0640 ZwTerminateThread SSDT 89AE1440 ZwWriteVirtualMemory INT 0x63 ? 8A5D1BF8 INT 0x63 ? 8A5D1BF8 INT 0x63 ? 8A5D1BF8 INT 0x63 ? 8A5D1BF8 INT 0x63 ? 8A5D1BF8 INT 0x83 ? 8A5D1BF8 INT 0x83 ? 8A5D1BF8 INT 0x83 ? 8A228F00 INT 0x83 ? 8A5D1BF8 INT 0x84 ? 8A228F00 INT 0x94 ? 8A228F00 INT 0xA4 ? 8A228F00 INT 0xA4 ? 8A228F00 INT 0xA4 ? 8A228F00 INT 0xA4 ? 8A228F00 INT 0xB1 ? 8A5D3BF8 INT 0xB1 ? 8A5D3BF8 INT 0xB4 ? 8A228F00 ---- Kernel code sections - GMER 1.0.15 ---- ? spcr.sys Das System kann die angegebene Datei nicht finden. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7445000, 0x2191E7, 0xE8000020] .text USBPORT.SYS!DllUnload B740062C 5 Bytes JMP 8A2284E0 .text aho3wmgq.SYS B72AE384 1 Byte [20] .text aho3wmgq.SYS B72AE384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text aho3wmgq.SYS B72AE3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text aho3wmgq.SYS B72AE3C4 3 Bytes [00, 00, 00] .text aho3wmgq.SYS B72AE3C9 1 Byte [00] .text ... .text aasnvxq8.SYS B7249384 1 Byte [20] .text aasnvxq8.SYS B7249384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text aasnvxq8.SYS B72493AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text aasnvxq8.SYS B72493C4 3 Bytes [00, 00, 00] .text aasnvxq8.SYS B72493C9 1 Byte [00] .text ... .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA79CF300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAAAE3300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spcr.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spcr.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spcr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spcr.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spcr.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spcr.sys IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KfAcquireSpinLock] 6C000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!READ_PORT_UCHAR] 56000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KeGetCurrentIrql] F4000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KfRaiseIrql] EA000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KfLowerIrql] 65000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!HalGetInterruptVector] 7A000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!HalTranslateBusAddress] AE000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KeStallExecutionProcessor] 08000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!KfReleaseSpinLock] BA000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!READ_PORT_USHORT] 25000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[WMILIB.SYS!WmiSystemControl] B4000000 IAT \SystemRoot\System32\Drivers\aho3wmgq.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KfRaiseIrql] 1879CE14 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KfLowerIrql] 3248ED2B IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!HalGetInterruptVector] 3C43E022 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!READ_PORT_USHORT] F017AD88 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081 IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC IAT \SystemRoot\System32\Drivers\aasnvxq8.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5D01F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \FileSystem\Fastfat \FatCdrom 8A25A500 Device \FileSystem\Udfs \UdfsCdRom 8A268500 Device \FileSystem\Udfs \UdfsDisk 8A268500 Device \Driver\NetBT \Device\NetBT_Tcpip_{CAC07288-33DD-40AA-B39C-B5BFA2040FA1} 8A261500 Device \Driver\PCI_PNP2972 \Device\00000040 spcr.sys Device \Driver\PCI_PNP2972 \Device\00000040 spcr.sys Device \Driver\sptd \Device\755456722 spcr.sys Device \Driver\usbuhci \Device\USBPDO-0 8A216500 Device \Driver\usbuhci \Device\USBPDO-1 8A216500 Device \Driver\usbuhci \Device\USBPDO-2 8A216500 Device \Driver\usbehci \Device\USBPDO-3 8A23A500 Device \Driver\sptd \Device\755612972 spcr.sys Device \Driver\usbuhci \Device\USBPDO-4 8A216500 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\usbuhci \Device\USBPDO-5 8A216500 Device \Driver\usbuhci \Device\USBPDO-6 8A216500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5631F8 Device \Driver\usbehci \Device\USBPDO-7 8A23A500 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5631F8 Device \Driver\Cdrom \Device\CdRom0 8A1FE500 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5631F8 Device \Driver\Cdrom \Device\CdRom1 8A1FE500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort0 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort1 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort2 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort3 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort4 8A5D11F8 Device \Driver\atapi \Device\Ide\IdePort5 8A5D11F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 8A5D11F8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-1d 8A5D11F8 Device \Driver\Cdrom \Device\CdRom2 8A1FE500 Device \Driver\Cdrom \Device\CdRom3 8A1FE500 Device \Driver\Cdrom \Device\CdRom4 8A1FE500 Device \Driver\Cdrom \Device\CdRom5 8A1FE500 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A261500 Device \Driver\PCI_PNP2972 \Device\0000003f spcr.sys Device \Driver\PCI_PNP2972 \Device\0000003f spcr.sys Device \Driver\NetBT \Device\NetbiosSmb 8A261500 Device \Driver\usbuhci \Device\USBFDO-0 8A216500 Device \Driver\usbuhci \Device\USBFDO-1 8A216500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A25D500 Device \Driver\usbuhci \Device\USBFDO-2 8A216500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A25D500 Device \Driver\usbehci \Device\USBFDO-3 8A23A500 Device \Driver\usbuhci \Device\USBFDO-4 8A216500 Device \Driver\Ftdisk \Device\FtControl 8A5631F8 Device \Driver\usbuhci \Device\USBFDO-5 8A216500 Device \Driver\usbuhci \Device\USBFDO-6 8A216500 Device \Driver\usbehci \Device\USBFDO-7 8A23A500 Device \Driver\aho3wmgq \Device\Scsi\aho3wmgq1 8A273500 Device \Driver\aasnvxq8 \Device\Scsi\aasnvxq81 8A2BA500 Device \Driver\aasnvxq8 \Device\Scsi\aasnvxq81Port6Path0Target2Lun0 8A2BA500 Device \Driver\aasnvxq8 \Device\Scsi\aasnvxq81Port6Path0Target1Lun0 8A2BA500 Device \Driver\aho3wmgq \Device\Scsi\aho3wmgq1Port7Path0Target0Lun0 8A273500 Device \Driver\aasnvxq8 \Device\Scsi\aasnvxq81Port6Path0Target3Lun0 8A2BA500 Device \Driver\aasnvxq8 \Device\Scsi\aasnvxq81Port6Path0Target0Lun0 8A2BA500 Device \FileSystem\Fastfat \Fat 8A25A500 AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device \FileSystem\Cdfs \Cdfs 8923A1F8 Device \FileSystem\Cdfs \Cdfs A6485BCE ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xA4 0x6B 0xC4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x87 0xBD 0x9F 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x78 0x54 0xCA 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x76 0x8B 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x80 0x2F 0x27 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0xE6 0x82 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0xD7 0xDD 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0xD8 0xEA 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xAF 0xA6 0x7B 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF1 0x67 0xED 0x01 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xA4 0x6B 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x87 0xBD 0x9F 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x78 0x54 0xCA 0x84 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x76 0x8B 0x32 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x80 0x2F 0x27 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0xE6 0x82 0x98 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0xD7 0xDD 0xAF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0xD8 0xEA 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xAF 0xA6 0x7B 0x2C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF1 0x67 0xED 0x01 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
|
|
23.02.2010, 18:35
Member
Beiträge: 3716 |
#9
download:
http://oldtimer.geekstogo.com/OTL.exe Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output Unter Extra Registry, wähle bitte Use SafeList Klicke nun auf Run Scan links oben Wenn der Scan beendet wurde werden 2 Logfiles erstellt poste die logs |
|
|
|
|
|
|
23.02.2010, 20:32
...neu hier
Themenstarter Beiträge: 10 |
#10
OTL:
OTL logfile created on: 23.02.2010 20:23:32 - Run 1 OTL by OldTimer - Version 3.1.30.1 Folder = C:\Dokumente und Einstellungen\Hans Toschmaster\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 3,29 Gb Free Space | 16,84% Space Free | Partition Type: NTFS Drive D: | 213,34 Gb Total Space | 20,09 Gb Free Space | 9,41% Space Free | Partition Type: NTFS Drive E: | 702,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 186,31 Gb Total Space | 46,16 Gb Free Space | 24,78% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSCHI Current User Name: Hans Toschmaster Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Dokumente und Einstellungen\Hans Toschmaster\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\WINDOWS\system32\PnkBstrA.exe () PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\WINDOWS\vsnpstd3.exe () PRC - C:\WINDOWS\tsnpstd3.exe () PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Dokumente und Einstellungen\Hans Toschmaster\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) SRV - (EhttpSrv) -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (DAUpdaterSvc) -- F:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe () SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe () SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys () DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yodl.de/?&affid=1&uid=725CA8E3-17C5-4C0D-8138-BDE56D559E9F IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaulturl: "http://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.startup.homepage: "http://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47 FF - prefs.js..keyword.URL: "http://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.01 12:00:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.16 14:44:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.20 14:47:53 | 000,000,000 | ---D | M] [2009.04.01 21:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Extensions [2010.02.16 22:28:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\uejgt1ky.default\extensions [2010.01.08 13:52:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\uejgt1ky.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.30 14:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\uejgt1ky.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.02.16 22:28:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 14:44:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.08 22:53:06 | 000,001,779 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml [2009.11.08 22:53:06 | 000,001,013 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml [2009.11.08 22:53:06 | 000,002,487 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml [2010.01.16 14:44:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 14:44:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.11.08 22:53:06 | 000,001,047 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml [2009.11.08 22:53:06 | 000,002,120 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml [2009.11.08 22:53:06 | 000,002,023 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml [2009.11.08 22:53:06 | 000,000,758 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml [2009.11.08 22:53:06 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml [2010.01.16 14:44:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 14:44:07 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.11.08 22:53:06 | 000,005,375 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yodl.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HKLM] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [UMBENANNT] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Dokumente und Einstellungen\Hans Toschmaster\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper2.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper2.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.01 19:32:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.02.23 17:12:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Eigene Dateien\Logs [2010.02.23 17:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.02.23 15:10:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.02.23 15:09:06 | 000,000,000 | --SD | C] -- C:\ComboFix [2010.02.23 14:54:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\explorer [2010.02.23 14:54:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.02.21 21:09:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\Malwarebytes [2010.02.21 21:09:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.02.21 21:09:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.02.21 21:09:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.02.21 21:09:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.02.21 19:33:54 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.02.21 19:32:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.02.21 19:32:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.02.21 19:32:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.02.21 19:32:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.02.21 19:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.02.21 19:27:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.02.20 14:48:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\ESET [2010.02.20 14:47:52 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.02.20 14:47:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2010.02.01 23:32:23 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.02.01 23:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP [2010.02.01 23:24:47 | 000,000,000 | ---D | C] -- C:\BDS [2010.01.31 12:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\FUEL [2009.12.28 18:55:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.04.06 18:54:56 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2009.04.06 18:54:56 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2009.04.06 18:54:56 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2009.04.06 18:54:56 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll [2009.04.02 13:26:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2009.04.01 19:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2009.04.01 19:32:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2009.04.01 19:32:21 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.02.23 20:19:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.02.23 20:19:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.02.23 18:22:16 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\NTUSER.DAT [2010.02.23 18:22:16 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\ntuser.ini [2010.02.23 17:10:31 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Desktop\HijackThis.lnk [2010.02.23 15:54:59 | 000,000,415 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\SQLite3.dll [2010.02.23 15:25:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.02.23 14:53:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.02.21 21:09:06 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.21 19:33:58 | 000,000,484 | RHS- | M] () -- C:\boot.ini [2010.02.21 19:12:27 | 003,866,973 | R--- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Desktop\ComboFix.exe [2010.02.18 17:01:15 | 003,217,442 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.02.17 15:37:41 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.10 19:41:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.02.01 23:32:20 | 000,000,413 | ---- | M] () -- C:\Boot.bak [2010.01.27 15:51:21 | 001,043,984 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.01.27 15:51:21 | 000,452,310 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.01.27 15:51:21 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.01.27 15:51:21 | 000,081,118 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.01.27 15:51:21 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.02.23 17:10:31 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Desktop\HijackThis.lnk [2010.02.23 15:54:59 | 000,000,415 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\SQLite3.dll [2010.02.21 21:09:06 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.21 19:33:58 | 000,000,413 | ---- | C] () -- C:\Boot.bak [2010.02.21 19:33:56 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.02.21 19:32:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.02.21 19:32:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.02.21 19:32:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.02.21 19:32:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.02.21 19:32:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.02.21 19:26:25 | 003,866,973 | R--- | C] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Desktop\ComboFix.exe [2009.10.09 12:37:39 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.10.09 12:37:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.08.17 00:19:29 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.07.19 21:44:16 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.07.01 12:47:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.07.01 12:47:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.07.01 12:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.07.01 12:47:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.07.01 12:47:46 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.07.01 12:47:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.05.30 12:35:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI [2009.05.11 18:11:35 | 000,000,349 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2009.04.19 17:10:48 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.04.06 18:54:58 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2009.04.05 20:41:28 | 000,193,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.01 21:04:03 | 000,014,935 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2009.04.01 20:00:42 | 000,014,629 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.04.01 20:00:42 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009.04.01 20:00:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.02.28 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2005.04.08 03:16:43 | 000,002,330 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\logs.dat < End of report > Extras: OTL Extras logfile created on: 23.02.2010 20:23:32 - Run 1 OTL by OldTimer - Version 3.1.30.1 Folder = C:\Dokumente und Einstellungen\Hans Toschmaster\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 19,53 Gb Total Space | 3,29 Gb Free Space | 16,84% Space Free | Partition Type: NTFS Drive D: | 213,34 Gb Total Space | 20,09 Gb Free Space | 9,41% Space Free | Partition Type: NTFS Drive E: | 702,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 186,31 Gb Total Space | 46,16 Gb Free Space | 24,78% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSCHI Current User Name: Hans Toschmaster Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet  isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "D:\Games\cs 1.6\hl.exe" = D:\Games\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "D:\Games\Warcraft III 1.17\War3.exe" = D:\Games\Warcraft III 1.17\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "D:\Games\Far Cry 2\bin\FarCry2.exe" = D:\Games\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment) "D:\Games\Far Cry 2\bin\FC2Launcher.exe" = D:\Games\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft) "D:\Games\Far Cry 2\bin\FC2Editor.exe" = D:\Games\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment) "C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "D:\Games\Demigod\bin\Demigod.exe" = D:\Games\Demigod\bin\Demigod.exe:*:Enabled emigod Application -- (Gas Powered Games)"D:\Games\Rune\Rune\System\Rune.exe" = D:\Games\Rune\Rune\System\Rune.exe:*:Enabled:Rune -- () "D:\Games\CoD 4\iw3mp.exe" = D:\Games\CoD 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "D:\Games\Prototype\prototypef.exe" = D:\Games\Prototype\prototypef.exe:*:Enabled  rototype(TM) -- (Activision)"D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe" = D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- () "D:\Games\Steam\steamapps\wartoschi\team fortress 2\hl2.exe" = D:\Games\Steam\steamapps\wartoschi\team fortress 2\hl2.exe:*:Enabled:hl2 -- () "D:\Games\hl\hl.exe" = D:\Games\hl\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation) "C:\Programme\Java\jre1.6.0_07\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre1.6.0_07\bin\java.exe" = C:\Programme\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "D:\Games\Halo\halo.exe" = D:\Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "F:\Dragon Age\bin_ship\daorigins.exe" = F:\Dragon Age\bin_ship\daorigins.exe:*:Enabled ragon Age Origins -Spiel -- (BioWare)"F:\Dragon Age\DAOriginsLauncher.exe" = F:\Dragon Age\DAOriginsLauncher.exe:*:Enabled ragon Age Origins -Launcher -- (BioWare)"F:\Dragon Age\bin_ship\daupdatersvc.service.exe" = F:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled ragon Age Origins -Inhaltsupdater -- (BioWare)"F:\Mirrors Edge\Binaries\MirrorsEdge.exe" = F:\Mirrors Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB) "F:\Gears of War\Binaries\WarGame-G4WLive.exe" = F:\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.) "F:\Section 8\Binaries\S8Game-F.exe" = F:\Section 8\Binaries\S8Game-F.exe:*:Enabled:Section 8 -- (TimeGate Studios, Inc.) "F:\Fuel\FUEL.exe" = F:\Fuel\FUEL.exe:*:Enabled:FUEL -- (Codemasters) "F:\Borderlands\Binaries\Borderlands.exe" = F:\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation "{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0C0AE701-05A6-4CFD-971D-CF5EF446108B}" = ESET NOD32 Antivirus "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility "{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00 "{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light "{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static "{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}" = DVD-Cover Printmaster 1.4 "{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility "{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & Officejet 5.3.B Corporate Edition "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing "{7876AE8D-08D8-3A1C-A1F4-E7F255DDBBEA}" = ccc-utility "{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall "{A778A787-08A4-4089-CB68-02A9737DE532}" = Catalyst Control Center InstallProxy "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™ "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = DieSims™3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C549017A-FFAB-4679-9112-26E83DD82DB5}" = Enterprise "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = EASYLINE WEBCAM EL-350 "{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F51FF206-2273-4B3E-A90A-4752AE288C12}" = FUEL "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9 "{FD3D9B16-44E4-4231-E1E2-85C40A115F87}" = ATI Catalyst Install Manager "{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AtcL1" = Attansic L1 Gigabit Ethernet Driver "ATI Display Driver" = ATI Display Driver "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McLoad Preinstaller" = McLoad Preinstaller "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "NVIDIA Drivers" = NVIDIA Drivers "Section 8_is1" = Section 8 "TrueCrypt" = TrueCrypt "Uninstall_is1" = Uninstall 1.0.0.0 "VLC media player" = VLC media player 0.9.8a "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X3TerranConflict_is1" = X3 Terran Conflict v2.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 23.02.2010 15:20:46 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24017bde. Error - 23.02.2010 15:20:47 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24077bde. Error - 23.02.2010 15:21:19 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24077bde. Error - 23.02.2010 15:21:21 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24077bde. Error - 23.02.2010 15:21:23 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24017bde. Error - 23.02.2010 15:21:27 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24017bde. Error - 23.02.2010 15:21:33 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24017bde. Error - 23.02.2010 15:21:37 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24017bde. Error - 23.02.2010 15:21:37 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24077bde. Error - 23.02.2010 15:21:42 | Computer Name = TOSCHI | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application explorer.exe, version 9.9.3.1, stamp 4b6ecdc6, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x24077bde. [ System Events ] Error - 23.02.2010 10:03:17 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 23.02.2010 10:03:35 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 23.02.2010 10:03:56 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 23.02.2010 10:04:07 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 23.02.2010 10:04:07 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 23.02.2010 10:06:29 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 23.02.2010 10:08:19 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 23.02.2010 10:08:30 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 23.02.2010 10:09:10 | Computer Name = TOSCHI | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 23.02.2010 12:13:08 | Computer Name = TOSCHI | Source = DCOM | ID = 10010 Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
|
|
|
|
|
|
23.02.2010, 21:01
Member
Beiträge: 3716 |
#11
start programme zubehör editor:
kopiere ein: Killall:: folder:: C:\Dokumente und Einstellungen\Hans Toschmaster\Anwendungsdaten\explorer C:\WINDOWS\System32\explorer datei speichern unter, typ alle name cfscript.txt ort, da wo combofix ist, die txt auf das combofix symbol ziehen, log posten. |
|
|
|
|
|
|
23.02.2010, 21:32
...neu hier
Themenstarter Beiträge: 10 |
#12
ComboFix 10-02-20.04 - Hans Toschmaster 23.02.2010 21:21:21.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2047.1662 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Hans Toschmaster\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Hans Toschmaster\Desktop\cfscript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Im Speicher befindliches AV aktiv. . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\explorer c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\logs.dat c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\SQLite3.dll c:\windows\System32\explorer . ((((((((((((((((((((((( Dateien erstellt von 2010-01-23 bis 2010-02-23 )))))))))))))))))))))))))))))) . 2010-02-23 16:10 . 2010-02-23 16:10 -------- d-----w- c:\programme\Trend Micro 2010-02-22 19:56 . 2010-02-22 19:56 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Malwarebytes 2010-02-21 20:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-21 20:09 . 2010-02-21 21:09 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-02-21 20:09 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-20 13:48 . 2010-02-20 13:48 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Lokale Einstellungen\Anwendungsdaten\ESET 2010-02-20 13:47 . 2010-02-20 13:47 -------- d-----w- c:\programme\ESET 2010-02-20 13:47 . 2010-02-20 13:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ESET 2010-02-18 16:21 . 2010-02-18 16:21 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien 2010-02-18 16:19 . 2010-02-18 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla 2010-02-01 22:32 . 2010-02-01 22:32 -------- d-----w- c:\programme\DIFX 2010-02-01 22:32 . 2010-02-01 22:32 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP 2010-02-01 22:24 . 2010-02-01 22:32 -------- d-----w- C:\BDS 2010-01-31 11:27 . 2010-01-31 11:27 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\FUEL . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-13 12:30 . 2009-04-01 20:49 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Winamp 2010-02-01 22:32 . 2009-04-06 13:18 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2010-02-01 22:25 . 2009-04-01 19:00 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-01-27 14:51 . 2006-02-28 12:00 81118 ----a-w- c:\windows\system32\perfc007.dat 2010-01-27 14:51 . 2006-02-28 12:00 452310 ----a-w- c:\windows\system32\perfh007.dat 2010-01-25 19:40 . 2010-01-11 09:49 -------- d-----w- c:\programme\ATI 2010-01-24 18:52 . 2010-01-24 18:52 -------- d-----w- c:\programme\AGEIA Technologies 2010-01-24 18:40 . 2009-06-14 20:53 -------- d-----w- c:\programme\Microsoft Games for Windows - LIVE 2010-01-11 09:53 . 2010-01-11 09:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI 2010-01-11 09:49 . 2010-01-11 09:49 10134 ----a-r- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe 2010-01-11 09:49 . 2010-01-08 18:01 -------- d-----w- c:\programme\ATI Technologies 2010-01-11 09:44 . 2010-01-08 18:02 -------- d-----w- c:\programme\Gemeinsame Dateien\ATI Technologies 2010-01-09 13:38 . 2010-01-09 13:38 -------- d-----w- c:\programme\Lavalys 2010-01-09 11:45 . 2009-04-03 19:23 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\nView_Wallpaper 2010-01-08 18:08 . 2010-01-08 18:08 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\ATI 2010-01-08 18:07 . 2010-01-08 18:07 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-31 16:14 . 2006-02-28 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 16:01 . 2009-12-30 16:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation 2009-12-30 15:51 . 2009-12-30 15:51 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Microsoft Games 2009-12-29 00:55 . 2009-04-26 13:45 -------- d-----w- c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\dvdcss 2009-12-22 05:39 . 2006-02-28 12:00 667648 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:39 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-17 07:57 . 2009-04-01 18:29 346624 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 13:42 . 2009-12-16 13:42 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2009-12-14 07:35 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:23 . 2006-02-28 12:00 2138624 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:23 . 2004-08-04 00:50 2018304 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-07 19:37 . 2009-04-01 19:10 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-04 14:41 . 2006-02-28 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:33 . 2006-02-28 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:33 . 2004-08-04 00:57 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:37 . 2006-02-28 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:37 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:37 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:37 . 2004-08-04 00:57 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:37 . 2001-08-18 04:54 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-02-25 37888] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304] "egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\dokumente und einstellungen\Hans Toschmaster\Startmen\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\ICQ6.5\\ICQ.exe"= "d:\\Games\\cs 1.6\\hl.exe"= "d:\\Games\\Warcraft III 1.17\\War3.exe"= "d:\\Games\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\Games\\Demigod\\bin\\Demigod.exe"= "d:\\Games\\Rune\\Rune\\System\\Rune.exe"= "d:\\Games\\CoD 4\\iw3mp.exe"= "d:\\Games\\Prototype\\prototypef.exe"= "d:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "d:\\Games\\Steam\\steamapps\\wartoschi\\team fortress 2\\hl2.exe"= "d:\\Games\\hl\\hl.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Programme\\Java\\jre1.6.0_07\\bin\\java.exe"= "d:\\Games\\Halo\\halo.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "f:\\Dragon Age\\bin_ship\\daorigins.exe"= "f:\\Dragon Age\\DAOriginsLauncher.exe"= "f:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "f:\\Mirrors Edge\\Binaries\\MirrorsEdge.exe"= "f:\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "f:\\Section 8\\Binaries\\S8Game-F.exe"= "f:\\Fuel\\FUEL.exe"= "f:\\Borderlands\\Binaries\\Borderlands.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.04.2009 17:10 722416] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 09:03 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 09:06 96408] R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 09:04 735960] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [01.04.2009 21:09 38656] S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;f:\dragon age\bin_ship\daupdatersvc.service.exe [19.11.2009 22:57 25832] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.yodl.de/?&affid=1&uid=725CA8E3-17C5-4C0D-8138-BDE56D559E9F IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\Mozilla\Firefox\Profiles\uejgt1ky.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: keyword.URL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-UMBENANNT - c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe ActiveSetup-{VV66C018-67SD-0687-0TU3-X8QD4254FQ0U} - c:\dokumente und einstellungen\Hans Toschmaster\Anwendungsdaten\explorer\explorer.exe AddRemove-HijackThis - c:\programme\Trend Micro\HijackThis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-23 21:25 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5D11F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3 \Driver\ACPI -> ACPI.sys @ 0xf7494cb8 \Driver\atapi -> 0x8a5d11f8 IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x8059e1a2 ParseProcedure -> TUKERNEL.EXE @ 0x8057c745 \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x8059e1a2 ParseProcedure -> TUKERNEL.EXE @ 0x8057c745 NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7a24ba0 PacketIndicateHandler -> NDIS.sys @ 0xf7a31b21 SendHandler -> NDIS.sys @ 0xf7a0f87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1645522239-1637723038-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:cf,96,96,7f,85,66,81,c3,d3,63,c3,5e,4f,5f,72,a7,49,72,bd,32,ae, 9d,00,77,11,df,e9,e6,07,b7,d0,d2,e5,39,96,b6,dc,d4,0b,8b,a0,95,15,fe,ee,40,\ "rkeysecu"=hex:52,85,16,d9,5e,d2,1a,47,e0,26,cf,55,6e,8f,9a,24 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(748) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2172) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\RTHDCPL.EXE c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-02-23 21:28:27 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-02-23 20:28 ComboFix2.txt 2010-02-23 13:54 ComboFix3.txt 2010-02-21 18:38 Vor Suchlauf: 3.505.598.464 Bytes frei Nach Suchlauf: 3.488.567.296 Bytes frei - - End Of File - - C71CDADDE7CEF0188CAAA556D47AC553 und die fenster öffnen sich jetzt nichtmehr... sieht soweit schonmal ganz gut aus danke  hast du nochn tipp für mich wie ich sicher gehn kann dass der keine backdoor hinterlassen hat? |
|
|
|
|
|
|
23.02.2010, 21:40
Member
Beiträge: 3716 |
#13
poste dieses logfile.
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html berichte wie der pc läuft. |
|
|
|
|
|
|
23.02.2010, 21:55
...neu hier
Themenstarter Beiträge: 10 |
#14
hab ihn aufm desktop gespeichert und wenn ich ihn starte bekomm ich im feld "scan results" die meldung
Unable to load nsak.sys.Error (0x00000002) |
|
|
|
|
|
|
23.02.2010, 22:05
...neu hier
Themenstarter Beiträge: 10 |
#15
aber malewarebytes findet schonmal nichts mehr
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich bin neu hier und komm am besten gleich zur Sache.
Sobald ich meinen Pc hochfahre kommen, direkt nach dem Anmeldebildschirm, 2 Meldungen, dass Avira Anti Virus 9.1 Premium Edition (welches ich NICHT Installiert habe) nicht gestartet werden kann. Einmal die Meldung, dass der Prozess nicht gesatet werden kann und zum anderen die DW20 Meldung, die gerne einen Fehlerbericht am Microsoft schicken würde.
Bei beiden Meldungen gehe ich davon aus, dass sie nicht von Windows selbst stammen, da die Symbole nicht windowstypisch sind.
Diese Meldungen öffnen sich mehrfach (waren schonmal fast 200) in kurzen Abständen, sodass ich mit dem Pc nicht arbeiten kann, weshalb ich auch keine Logs oder sonstiges hochladen kann.
Wäre schön wenn ihr eine Lösung für mein Problem hättet, bei dem ich ums Formatieren hreum komme.
Danke schonmal im vorraus.