Home » Spyware & Browser Hijacker Support Forum » Windows Update nicht möglich / Google Suche leitet auf Werbung um » Themenansicht

Windows Update nicht möglich / Google Suche leitet auf Werbung um
#0
17.05.2011, 15:12
stereoart
...neu hier

Beiträge: 5
#1 Habe Windows gestern neu installiert, aber ich habe nach wie vor die gleichen Probleme.

Nutze Windows Vista (32 bit)

Habe jetzt eure anleitung gelesen und werde die logfiles posten. ich hoffe ihr könnt mir helfen.
Dieser Beitrag wurde am 17.05.2011 um 15:55 Uhr von stereoart editiert.
Seitenanfang Seitenende
17.05.2011, 17:44
stereoart
...neu hier

Themenstarter

Beiträge: 5
#2 Komischerweise lässt mich mein Computer die log files nicht posten, und verweigert mir auf diesen Post zu antworten. Obwohl ich mit dem Internet verbunden bin, kommt dann, diese seite kann nicht angezeigt werden....

Jemand ne Idee, an was das liegen kann?

Vielen Dank!
Seitenanfang Seitenende
18.05.2011, 01:47
Swisstreasure
Moderator

Beiträge: 5694
#3 Woher schreibst Du denn die Beiträge? Also Du hast ganz frisch aufgesetzt?
Seitenanfang Seitenende
18.05.2011, 11:14
stereoart
...neu hier

Themenstarter

Beiträge: 5
#4 Ich habe meine C Partition neu aufgesetzt.

Ein Windows Update geht nicht, auch auf die Seite update.windows.com kann ich nicht.

Google leitet bei der Suche auf Werbe-Seiten um, sobald man einen Treffer anklicken möchte.

Häufig erscheint die Meldung:; "Hostprozess für Windows Dienste funktioniert nicht mehr."

Nutze Windows Vista (32 bit)

Ich probiere die logfiles jetzt mal über den anhang.

Zitat

OTL logfile created on: 17.05.2011 14:57:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\michael\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 128,71 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
Drive D: | 72,02 Gb Total Space | 12,68 Gb Free Space | 17,60% Space Free | Partition Type: NTFS
Drive E: | 72,13 Gb Total Space | 58,09 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive F: | 93,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\michael\Desktop\HijackThis.exe (Trend Micro Inc.)
PRC - E:\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
PRC - E:\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
PRC - E:\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - E:\Unlocker\UnlockerAssistant.exe ()
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - c:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - E:\MsOffice\Office10\WINWORD.EXE (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\michael\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Bonjour Service) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Windows7FirewallService) -- E:\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SBSDWSCService) -- E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NETwNv32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNv32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\mozilla firefox\components [2011.05.16 18:05:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\mozilla firefox\plugins

[2011.05.16 18:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michael\AppData\Roaming\mozilla\Extensions
File not found (No name found) --

O1 HOSTS File: ([2011.05.17 12:08:36 | 000,434,037 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14940 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [UnlockerAssistant] E:\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows7FirewallControl] E:\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\MsOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: msn.com ([de] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 (• in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.27 14:29:14 | 000,000,106 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{28186b22-7fd1-11e0-ace2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28186b22-7fd1-11e0-ace2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\fsetup.exe -- [2008.04.03 12:39:44 | 000,562,480 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.05.17 14:55:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\michael\Desktop\OTL.exe
[2011.05.17 14:49:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\michael\Desktop\HijackThis.exe
[2011.05.17 14:47:20 | 016,070,032 | ---- | C] (Microsoft Corporation) -- C:\Users\michael\Desktop\mpas-fe.exe
[2011.05.17 14:38:39 | 000,000,000 | ---D | C] -- C:\Users\michael\Desktop\confirm.aspx-Dateien
[2011.05.17 13:46:25 | 013,248,968 | ---- | C] (Microsoft Corporation) -- C:\Users\michael\Desktop\windows-kb890830-v3.19.exe
[2011.05.17 12:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011.05.17 12:39:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Control Panels
[2011.05.17 12:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011.05.17 12:38:04 | 000,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\NPSWF32_FlashUtil.exe
[2011.05.17 12:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3
[2011.05.17 12:32:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2011.05.17 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011.05.17 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\michael\Application Data
[2011.05.17 12:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2011.05.17 12:17:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Designer
[2011.05.17 12:13:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.17 12:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.17 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.17 03:27:27 | 004,427,264 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdva.dll
[2011.05.17 03:27:27 | 003,691,008 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2011.05.17 03:27:27 | 000,331,776 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2011.05.17 03:27:26 | 009,306,112 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll
[2011.05.17 03:27:26 | 003,848,192 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2011.05.17 03:27:26 | 001,626,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2011.05.17 03:27:26 | 000,421,888 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2011.05.17 03:27:26 | 000,270,336 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2011.05.17 03:27:26 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2011.05.17 03:27:26 | 000,050,688 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2011.05.17 03:27:26 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2011.05.17 03:27:26 | 000,042,496 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2011.05.17 03:27:19 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2011.05.17 03:27:18 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2011.05.16 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Avira
[2011.05.16 18:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.16 18:33:17 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.16 18:33:17 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.16 18:33:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.16 18:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.16 18:31:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 18:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl
[2011.05.16 18:05:04 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Mozilla
[2011.05.16 18:05:04 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Mozilla
[2011.05.16 17:58:37 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Adobe
[2011.05.16 17:54:56 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Macromedia
[2011.05.16 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Adobe
[2011.05.16 17:54:29 | 000,016,384 | R--- | C] (AVM Berlin GmbH) -- C:\Windows\System32\avmprmon.dll
[2011.05.16 17:54:28 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\System32\avmadd32.dll
[2011.05.16 17:54:28 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!BoxPrint
[2011.05.16 17:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.05.16 17:54:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2011.05.16 17:54:17 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!Box
[2011.05.16 17:42:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\Videos
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\Searches
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\Pictures
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\Music
[2011.05.16 17:42:43 | 000,000,000 | R--D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.05.16 17:42:31 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Identities
[2011.05.16 17:42:26 | 000,000,000 | R--D | C] -- C:\Users\michael\Contacts
[2011.05.16 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\VirtualStore
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Vorlagen
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\AppData\Local\Verlauf
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\AppData\Local\Temporary Internet Files
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Startmenü
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\SendTo
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Recent
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Netzwerkumgebung
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Lokale Einstellungen
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Eigene Dateien
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Druckumgebung
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Cookies
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\AppData\Local\Anwendungsdaten
[2011.05.16 17:39:58 | 000,000,000 | -HSD | C] -- C:\Users\michael\Anwendungsdaten
[2011.05.16 17:39:57 | 000,000,000 | --SD | C] -- C:\Users\michael\AppData\Roaming\Microsoft
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Saved Games
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Links
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Favorites
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Downloads
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Documents
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\Desktop
[2011.05.16 17:39:57 | 000,000,000 | R--D | C] -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.05.16 17:39:57 | 000,000,000 | -H-D | C] -- C:\Users\michael\AppData
[2011.05.16 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Temp
[2011.05.16 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Local\Microsoft
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.05.16 17:36:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.05.16 17:31:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.05.17 14:56:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Desktop\OTL.exe
[2011.05.17 14:49:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\michael\Desktop\HijackThis.exe
[2011.05.17 14:47:42 | 016,070,032 | ---- | M] (Microsoft Corporation) -- C:\Users\michael\Desktop\mpas-fe.exe
[2011.05.17 14:47:18 | 000,675,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.17 14:47:18 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.17 14:47:18 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.17 14:47:18 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.17 14:38:40 | 000,034,873 | ---- | M] () -- C:\Users\michael\Desktop\confirm.aspx.htm
[2011.05.17 14:13:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 14:13:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 13:47:00 | 013,248,968 | ---- | M] (Microsoft Corporation) -- C:\Users\michael\Desktop\windows-kb890830-v3.19.exe
[2011.05.17 13:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.17 13:00:34 | 3215,822,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.17 12:59:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.17 12:49:50 | 001,710,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.17 12:18:13 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2011.05.17 12:17:21 | 000,001,543 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011.05.17 12:08:36 | 000,434,037 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.16 18:33:24 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.16 18:31:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 18:05:02 | 000,000,535 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.16 17:57:01 | 000,004,608 | ---- | M] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.16 17:35:47 | 000,049,360 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.05.16 17:33:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.05.17 14:38:38 | 000,034,873 | ---- | C] () -- C:\Users\michael\Desktop\confirm.aspx.htm
[2011.05.17 12:38:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.05.17 12:18:13 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.17 12:17:21 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2011.05.17 12:17:21 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011.05.17 12:17:21 | 000,002,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2011.05.17 12:17:21 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011.05.17 03:27:34 | 000,006,849 | ---- | C] () -- C:\Patch.rev
[2011.05.17 03:27:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.05.17 03:27:27 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2011.05.17 03:27:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.05.17 03:27:27 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2011.05.17 03:27:27 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2011.05.17 03:27:27 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2011.05.17 03:27:27 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2011.05.17 03:27:27 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2011.05.17 03:27:26 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.05.17 03:27:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2011.05.17 03:27:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011.05.17 03:27:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011.05.17 03:27:26 | 000,013,052 | ---- | C] () -- C:\Windows\atiogl.xml
[2011.05.17 03:27:19 | 000,000,274 | ---- | C] () -- C:\Windows\LAUNAPP.REG
[2011.05.17 03:27:19 | 000,000,169 | ---- | C] () -- C:\Windows\USER.XML
[2011.05.16 18:33:24 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.16 18:05:02 | 000,000,535 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.16 18:05:02 | 000,000,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.16 17:57:01 | 000,004,608 | ---- | C] () -- C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.16 17:49:57 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.16 17:42:45 | 000,000,953 | ---- | C] () -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.16 17:42:42 | 000,000,948 | ---- | C] () -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.05.16 17:42:25 | 000,000,919 | ---- | C] () -- C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.05.16 17:34:42 | 3215,822,848 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.16 17:33:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.21 10:41:09 | 000,675,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.21 10:41:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.21 10:41:09 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.21 10:41:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.21 01:20:43 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.21 01:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.21 01:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.13 08:32:45 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.13 08:32:45 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.13 08:32:44 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.01.21 04:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008.01.21 04:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 001,710,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011.05.17 14:42:35 | 000,009,802 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Anhang: OTL.Txt
Seitenanfang Seitenende
18.05.2011, 11:16
stereoart
...neu hier

Themenstarter

Beiträge: 5
#5 OTL EXTRAS



OTL Extras logfile created on: 17.05.2011 14:57:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\michael\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 128,71 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
Drive D: | 72,02 Gb Total Space | 12,68 Gb Free Space | 17,60% Space Free | Partition Type: NTFS
Drive E: | 72,13 Gb Total Space | 58,09 Gb Free Space | 80,54% Space Free | Partition Type: NTFS
Drive F: | 93,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\mozilla firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\MsOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\MsOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F5865F8-D3BD-4EAF-84BA-B1052E3F4F12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{203CE903-C4D0-4357-96B4-80FAF221538E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{20923879-D8EF-400A-91E7-839589ED5584}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8C1D3BA8-4A55-44BE-8D2F-5773D5E6899A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B68C547F-31B7-4B9F-BF08-13B03DF3B825}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FF489EB1-B5D1-4EB4-BFD8-DBC5147961B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Unlocker" = Unlocker 1.9.1
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.1.14.73

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 17.05.2011 06:16:40 | Computer Name = michael-PC | Source = System Restore | ID = 8193
Description =

Error - 17.05.2011 06:38:01 | Computer Name = michael-PC | Source = MsiInstaller | ID = 11904
Description =

Error - 17.05.2011 06:50:10 | Computer Name = michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.05.2011 06:57:04 | Computer Name = michael-PC | Source = EventSystem | ID = 4621
Description =

Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.05.2011 08:20:54 | Computer Name = michael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x470, Anwendungsstartzeit
01cc1481ade8ce16.

Error - 17.05.2011 08:21:57 | Computer Name = michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.05.2011 08:42:31 | Computer Name = michael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x458, Anwendungsstartzeit
01cc148cf5a862c9.

Error - 17.05.2011 08:42:58 | Computer Name = michael-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.05.2011 07:00:53 | Computer Name = michael-PC | Source = HTTP | ID = 15016
Description =

Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.05.2011 08:22:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 17.05.2011 08:23:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 17.05.2011 08:23:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 17.05.2011 08:44:35 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >

GMER

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-17 15:06:13
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: 2o0ip8b5.exe; Driver: C:\Users\michael\AppData\Local\Temp\kxliifow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#5&2a11bc5c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
18.05.2011, 22:32
Swisstreasure
Moderator

Beiträge: 5694
#6 Du hast ein Rootkit im MBR.
Setze doch das ganze System einmal komplett neu auf wie hier beschrieben:
http://board.protecus.de/t13020.htm


Dann sollte der MBR neu geschrieben sein und ALLES Neu sein.

Nutzt Du eine legale Version?
Seitenanfang Seitenende
19.05.2011, 14:20
stereoart
...neu hier

Themenstarter

Beiträge: 5
#7 Ja, mein Windows ist legal.

Ich habe einen Acer, vor ein paar Tagen habe ich Windows bereits neu installiert, dabei wurde das C-Laufwerk gelöscht (ich habe drei Partitionen).

Muss ich alle Partitionen löschen? Oder reicht es, wenn die C Partition drauf geht?

Was macht der Rootkit im MBR denn?

danke
Seitenanfang Seitenende
19.05.2011, 22:58
Swisstreasure
Moderator

Beiträge: 5694
#8 Am besten setzt Du die Kiste komplett neu auf. Das heisst ALLES wie beschrieben machen.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1